What WCF Binding is required for HTTPS in SharePoint

Question

I currently have the following WCF Binding. The web service is being called from a SharePoint Application Page using AJAX.Net. Anonymous Access is turned off from within Central Administration.

  <configuration>
  <system.serviceModel>
    <bindings>
      <webHttpBinding>
        <binding
        name="webHttpBinding_BdcHelper"
        maxBufferSize="5242880"
        maxReceivedMessageSize="5242880" >
          <security mode="TransportCredentialOnly">
            <transport clientCredentialType="Ntlm" />
          </security>
        </binding>
      </webHttpBinding>
    </bindings>

It works fine for HTTP but it is failing with HTTPS. The issue I have is a 401 Unauthorized exception. I have tried other configurations such as the one suggested here - WCF Bindings Needed For HTTPS but no luck.

What do I need to do to the config to get this to work? Thanks

Answer 1

Phil,

TransportCredentialOnly is not using SSL - this is really a way to tell WCF that the security is in the message credentials - and as we know Windows credentials are not really secure so if used you might want to use IPSec.

If you are looking for SSL security with Windows Authentication you need to ensure you endpoints are configured for SSL and use

<Security mode="Transport">
   <transport clientCredentialType="Windows" />
</Security>

Note: Windows will try Kerberos and then drop to NTLM if needed.

Good post on this on MSDN that explains the settings, also look at the P&P stuff on codeplex where you can download a complete guide.