Configure wsDualHttpBinding with https

Question

I am trying to configure my wcf service to use a wsDualHttpBinding over https. My current config looks like this:

Service

<service behaviorConfiguration="SecureBackendWebServiceBehavior"
      name="WebService.InternalService.BackendWebService">
      <endpoint address="" 
        binding="wsDualHttpBinding" 
        bindingConfiguration="SecureBackendWebServiceWsDualHttpBinding"
        name="BackendWebServiceEndpoint" 
        contract="WebService.InternalService.IBackendWebService"/>
</service>

Binding

<binding name="SecureBackendWebServiceWsDualHttpBinding" 
  receiveTimeout="00:05:00"
  bypassProxyOnLocal="false" 
  transactionFlow="true" 
  maxBufferPoolSize="2147483647"
  maxReceivedMessageSize="2147483647" 
  messageEncoding="Mtom">
        <readerQuotas maxDepth="2147483647" 
           maxStringContentLength="2147483647"
           maxArrayLength="2147483647" 
           maxBytesPerRead="2147483647" 
           maxNameTableCharCount="2147483647" />
      <security mode="Message">
        <message clientCredentialType="Certificate" />
      </security>
</binding>

Behavior

<behavior name="SecureBackendWebServiceBehavior">
      <serviceMetadata httpsGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="true" />
</behavior>

When i call the service in my browser it says: No baseaddress for schema "http" found with the the endpoint binding WSDualHttpBinding. Registered baseaddressschema is [https].

By googeling the problem I only end up with samples for normal wsHttpBindings but nothing for the dual binding. I already enterd a HttpsGetUrl but ended up with the same error. Have I overseen some value, or why is he trying to get the information over http?

Btw. changing the binding to NetTcp is not an option!

Hope any of you can help me here. thx

Answer 1

Found a solution on my own. I used the patterns & practices Improving Web Services Security: Scenarios and Implementation Guidance for WCF to get a better understanding of security in WCF. This book also includes HowTos for certain scenarios. Only thing I had to do additional.

Because my Web Service is separated in three smaller services, one of them is using the WsDualHttpBinding I needed to tell iis that this one doesn't requires the ssl certificate for transport.

For now on my service talks, but I need to check if it really uses the security I want to have.

UPDATE: Found this article that also contains a step by step tutorial.

Answer 2

wsDualHttpBinding doesn't support transport security.

MSDN:

The WSDualHttpBinding provides the same support for Web Service protocols as the WSHttpBinding, but for use with duplex contracts. WSDualHttpBinding only supports SOAP security and requires reliable messaging.

So you can rely on message security here only.