This article will give a very brief introduction of transport level security in WCF
- When we say security at the transport layer, then the main concern is with the integrity, privacy and to certain extent authentication of the message as it travels along the wire.
- In WCF, the secure transports available for use are HTTP, TCP, IP and MSMQ.
- For a transport to be secured all the communication that takes place across the channel must be encrypt
<system.serviceModel> <services> <service behaviorConfiguration="returnFaults" name="TestService.Service"> <endpoint binding="wsHttpBinding" bindingConfiguration= "TransportSecurity" contract="TestService.IService"/> <endpoint address="mex" binding="mexHttpsBinding" name="MetadataBinding" contract="IMetadataExchange"/> </service> </services> <behaviors> <serviceBehaviors> <behavior name="returnFaults"> <serviceDebug includeExceptionDetailInFaults="true"/> <serviceMetadata httpsGetEnabled="true"/> <serviceTimeouts/> </behavior> </serviceBehaviors> </behaviors> <bindings> <wsHttpBinding> <binding name="TransportSecurity"> <security mode="Transport"> <transport clientCredentialType="None"/> </security> </binding> </wsHttpBinding> </bindings> <diagnostics> <messageLogging logEntireMessage="true" maxMessagesToLog="300" logMessagesAtServiceLevel="true" logMalformedMessages="true" logMessagesAtTransportLevel="true"/> </diagnostics> </system.serviceModel> //Contract Description [ServiceContract] interface IService { [OperationContract] string TestCall(); } //Implementation public class Service:IService { public string TestCall() { return "You just called a WCF webservice On SSL (Transport Layer Security)"; } } //Tracing and message logging <system.diagnostics> <sources> <source name="System.ServiceModel" switchValue="Information,ActivityTracing" propagateActivity="true"> <listeners> <add name="xml"/> </listeners> </source> <source name="System.ServiceModel.MessageLogging"> <listeners> <add name="xml"/> </listeners> </source> </sources> <sharedListeners> <add initializeData="C:\Service.svclog" type="System.Diagnostics.XmlWriterTraceListener" name="xml"/> </sharedListeners> <trace autoflush="true"/> </system.diagnostics>
C:\program files\microsoft sdks\windows\v6.0\bin\svcconfigeditor.exe
If you try to run the code from Visual Studio then you get an exception as shown below:
"Could not find a base address that matches scheme HTTPS for the endpoint with bindingWSHttpBinding. Registered base address schemes are [HTTP]."
So first configure the website on SSL. To get an idea on how to configure SSL, you can go through this. Make sure that when you configure the SSL, the certificate CN value should be exactly the same as the URL of the website. For example, if your webservice address is
http:\\www.example.com, then issue a certificate on the name :CN = http:\\www.example.com.
Don't forget to host an entry in the hosts file c:\windows\system32\drivers\etc\hosts. If you want to put this on localhost then just enter the following in the host file127.0.0.1 www.example.com.
Configurewww.example.comas the header value in the website properties on port 80. Once you are done with SSL, you will access the webservice through the web browser ashttps://www.example.com/service.svc. On this page you will have the HTTPS URL for WSDL .
I have even enabled tracing and message logging on the webservice. To view the service log just use svctraceviewer.exe by loading service.log file in this. See the<system.diagnostics>tag above
No comments:
Post a Comment