How to enable HTTPS in WCF service

dsi picture dsi · Nov 6, 2014 · Viewed 27.8k times · Source

I have hosted my service on IIS.

Hosted service has applied SSL certificate and on browse of URL, it appears with HTTPS.

But, when i do consume this URL into client application (ASP.NET WEB Application) then, it allows to add https//domain/service.svc but, on client configuration, it appears the URL as http and not https. when do manual change then, it gives error as follow: The provided URI scheme 'https' is invalid; expected 'http'.

Below is the WCF service configuration (hosted on IIS):

<system.serviceModel>
<behaviors>
  <serviceBehaviors>
    <behavior name="customBehavior">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

<bindings>
  <basicHttpBinding>
    <binding name="basicBindingConfiguration" closeTimeout="00:05:00"
            openTimeout="00:05:00" receiveTimeout="00:10:00" sendTimeout="00:05:00"
            allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
            maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
            useDefaultWebProxy="true">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />

      <security mode="None">

      </security>
    </binding>
  </basicHttpBinding>
</bindings>

<serviceHostingEnvironment  multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />
<services>
  <service name="Administrator.OAP.CRMServices.CRMServices"
           behaviorConfiguration="customBehavior">
    <endpoint address=""
              binding="basicHttpBinding"
              bindingConfiguration="basicBindingConfiguration"
              contract="Administrator.OAP.CRMServices.Contracts.ICRMServices" />
  </service>
</services>

can any one please guide me what is the problem or changes require here to consume this service with HTTPS only ?

Answer

tomasr picture tomasr · Nov 6, 2014

Your binding has this:

<security mode="None">

Which means your service is not expecting to use security of any kind. HTTPS is transport authentication, so you need to set:

<security mode="Transport">

The following link includes useful information about setting up transport security in WCF: http://msdn.microsoft.com/en-us/library/ms733043(v=vs.110).aspx