Setting Transport level security on webHttp WCF service

StackOverflow https://stackoverflow.com/questions/1190251

  •  19-09-2019
  •  | 
  •  

Question

I am trying to set transport level security on a webHttp binding WCF service my current config looks like this

 <system.serviceModel>
<client>
  <endpoint binding="webHttpBinding" bindingConfiguration="webHttp"
    contract="PrimeStreamInfoServices.IService1" name="Client" />
</client>
<bindings>
<webHttpBinding>
  <binding name="webHttp" maxBufferPoolSize="1500000"  maxReceivedMessageSize="1500000"  maxBufferSize="1500000">
  <security mode="Transport">
      <transport clientCredentialType="None"

            proxyCredentialType="None"
            realm="string" />
  </security>
  </binding>

</webHttpBinding>
</bindings>
<services>

  <service name="PrimeStreamInfoServices.Service1" behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior">
    <!-- Service Endpoints -->
    <endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttp" contract="PrimeStreamInfoServices.IService1">
      <!-- 
          Upon deployment, the following identity element should be removed or replaced to reflect the 
          identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity 
          automatically.
      -->
    </endpoint>
    <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="PrimeStreamInfoServices.Service1Behavior">

      <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpGetEnabled="true"/>
      <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<diagnostics>

  <messageLogging logMalformedMessages="true"  logMessagesAtServiceLevel="true"
    logMessagesAtTransportLevel="true" />

</diagnostics>

however when i run my service i get an exception: Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http].

I know im missing something, and I have been trying various things I cant figure it out, anyone got some input on what i have to do?

Was it helpful?

Solution

Yes - switch to HTTPS, with a suitable certificate. Transport security, in the case of HTTP is provided by an SSL channel. You can't have WS* transport security over plain HTTPS

OTHER TIPS

Ignore my previous answer, I was thinking wsHttpBinding not webHttpBinding.

It is the address that you use to call the service that must start with https.

https://machineName/ServiceName

Can you try to add a base address (inside the <host> element of your service config) which is https ? Are you adding a (or multiple) base address(es) in code? 

<service name="PrimeStreamInfoServices.Service1" 
         behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior">
   <host>
      <baseAddresses>
         <add baseAddress="https://localhost:8080/YourService.svc" />
      </baseAddresses>
   </host>
   <!-- Service Endpoints -->
   <endpoint ......
</service>

Not 100% sure if that works with the webHttpBinding, but give it a try!

Marc

Remember that besides the right WCF config, you also need to configure IIS property to enable SSL on it (including setting the right X.509 certificate for SSL). The docs have some decent information on how to do it.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top