Develop Reference

HTTP Windows Service to HTTPS

I have a windows service that hosts my wcf service.
The app.config is:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>
</startup>
<system.serviceModel>
<services>
<service behaviorConfiguration="RestWCFServiceLibrary.Service1Behavior" name="RestWCFServiceLibrary.RestWCFServiceLibrary">
<endpoint address="" binding="webHttpBinding" contract="RestWCFServiceLibrary.IRestWCFServiceLibrary" behaviorConfiguration="web">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8888/RestWCFServiceLibrary/"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="RestWCFServiceLibrary.Service1Behavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp/>
<CorsSupport/>
</behavior>
</endpointBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="CorsSupport" type="WebHttpCors.CorsSupportBehaviorElement, WebHttpCors, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
</system.serviceModel>
</configuration>
My problem is that if I have my website using https:// it fails to make the http call because of CORS. The https website makes an ajax GET request to the localhost.
Now I am trying to change my windows service to https but everywhere I see some command line ssl bindings. Is there a different way I can change my wcf self hosted windows service to use https?
What do I need to do in order to get this http service migrated over to https.
Please provide example of what needs to be modified in my app.config.

I stumbled upon similar problem so what i did was used WCF Configuration tool to write a App.Config for me and inside endpoints I selected mexhttpsbinding and yaa the https binding worked..

Let's just add an https endpoint. The following configuration works properly over both http and https.
<system.serviceModel>
<services>
<service behaviorConfiguration="mybehavior" name="WcfService1.Service1">
<endpoint address="" binding="webHttpBinding" contract="WcfService1.IService1" behaviorConfiguration="webbev"></endpoint>
<endpoint address="" binding="webHttpBinding" contract="WcfService1.IService1" behaviorConfiguration="webbev" bindingConfiguration="myhttpsbinding"></endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:11010"/>
<add baseAddress="https://localhost:11011"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="myhttpsbinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="mybehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webbev">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
Since https protocol is protected by the certificate, we are supposed to bind the certificate to the https port for https endpoint. (we could specify the certificate in IIS binding module instead of CMD if hosting the service in IIS)
netsh http add sslcert ipport=0.0.0.0:11011 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
Execute CMD with administrator privileges and ensure that the certificate is installed on the local machine certificate store (certlm.msc). Certhash parameter specifies the thumbprint of the certificate. The appid parameter is a GUID that can be used to identify the owning application(located in the project.csproj file)
<ProjectGuid>{56FDE5B9-3821-49DB-82D3-9DCE376D950A}</ProjectGuid>
https://learn.microsoft.com/en-us/windows/desktop/http/add-sslcert
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
Feel free to contact me if there is anything I can help with.

Https only works on port 443. so you better have your virtual host created in your SSL script tag in your server configuration.
Or you can also proxy pass your request http:// port(8888) to https:// (port:443)

Problems with Hosting WCF service on IIS (Using WAS) for netTCP bindings?

I created a simple WCF service and hosted it in IIS by creating a new website. In Web.config file,I am providing bindings for http and net tcp.
I created a console client and adding service reference. It generates two binding in client config - for http and for tcp. When I try to invoke the service using tcp, I get this error -
An unhandled exception of type 'System.ServiceModel.EndpointNotFoundException' occurred in mscorlib.dll
Additional information: There was no endpoint listening at net.tcp://computername/Service.svc that could accept the message. This is often caused by an incorrect address or SOAP action.
when I run using Http endpoint , it works fine.
Note -
I am using Windows 10 OS, IIS 10.0 and WPAS\WAS (Windows Process Activation Service) are installed. I already enabled\checked HTTP Activation, TCP Activation in .Net framework in Windows features. And modified IIS server settings to include net tcp. Please check it in attached image.
My website Web.config file looks like
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NewBinding0" portSharingEnabled="true">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="My" name="WCFServiceOM.Service1"> <!-- the service name must match the configuration name for the service implementation. -->
<endpoint address="" binding="basicHttpBinding" contract="WCFServiceOM.IService1"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint binding="netTcpBinding" bindingConfiguration="NewBinding0" contract="WCFServiceOM.IService1" />
<endpoint address="mexOM" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8087/Service1" />
<add baseAddress="http://localhost:7777/Service1"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webBehanior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="My">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
And my client App.Config look like
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" />
</basicHttpBinding>
<netTcpBinding>
<binding name="NetTcpBinding_IService1">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="http://computername:7777/Service.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
contract="ServiceReference1.IService1" name="BasicHttpBinding_IService1" />
<endpoint address="net.tcp://computername/Service.svc" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IService1" contract="ServiceReference1.IService1"
name="NetTcpBinding_IService1" />
</client>
</system.serviceModel>

Enabling http and https on the same service

I am writing a WCF service which contains a singe contract. I would like web clients to call the service endpoint using either http or https.
My web.config is as follows:
(Some parts have been removed for brevity)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IDataService" />
<binding name="BasicHttpsBinding_IDataService" >
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="DataServiceMetadataBehavior" name="DummyService.DataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDataService"
contract="DummyService.IDataService"/>
<endpoint address=""
binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_IDataService"
contract="DummyService.IDataService" name="BasicHttpsBinding_IDataService"
/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DataServiceMetadataBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" />
<add scheme="https" binding="basicHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
When I try to test the service using the VisualStudio test client, it gives the following error:
Could not find a base address that matches scheme https for the
endpoint with binding BasicHttpBinding. Registered base address
schemes are [http].
Everything works fine with only a single endpoint.

An endpoint consists of address, binding and contract.
http://YourBaseAddress/YourApp/YourService.svc and httpS://YourBaseAddress/YourApp/YourService.svc are different address with different schema name or protocol as well as different ports: 80 and 443 by default, so you can have both endpoints for the service, with the same basicHttpBinding, provided that the https one has a bindingConfiguration for SSL transportation as you had done. The error message is quite informative, so you need to go to IIS (or IIS Express) to make sure there's a http listener, say https binding defined after checking the "Edit Bindings" function of the Website. After you had done so, you should be able to get WSDL through httpS://YourBaseAddress/YourApp/YourService.svc?wsdl in a Web browser.
In fact, many Web services/applications like those from Microsoft and Google support both http and https through the same host name and path.

Unable to call through https request

I'm using the website which contain .svc file and hosted on https as rest api. My question is:
My website has SVCUTIL.exe is https://XXXXXXX but when I call it with https request it fails but working fine with http request.And I don’t want use SSL certificates
Thanks
This is my webconfig settings:
<serviceBehaviors>
<behavior name="Mybehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="Mybehaviour" name="PBUIService">
<endpoint address="https://XXXXXXXXXXXXXXX" behaviorConfiguration="PBBehaviour" binding="webHttpBinding" bindingConfiguration="wsHttpBindingSettings" contract="PBUIService">
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>

I've added the following lines to make it work with https:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="Transport">
</security>
</binding>
</webHttpBinding>
</bindings>

wcf server authentication without certificates

I have a self-hosted WCF service with netTcpBinding bindings. Both my servers and clients will all be in the same domain, so I'd like to use windows authentication, but I'd also like the clients to verify server credentials (to avoid an internal man-in-the-middle/dns tampering attack). I've read that the way to do this is to use an SPN, but I can't seem to get that to work; no matter what the spn is set to the client works (i.e. the server and client don't match, but the client connects anyway). Obviously I've got some kind of configuration error, but I'm not sure where. Here is the service config for the server:
<system.serviceModel>
<services>
<service name="AaaAuthService.AaaAuthService" behaviorConfiguration="AaaAuthServiceBehavior">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IAaaAuth" contract="AAA.IAaaAuthService">
<!--
<identity>
<servicePrincipalName value="AaaShlkjhlkjjjjhhhhjjpn/justink-pc.sgasdf1.allamericanasphaltasdf.casdfom"/>
</identity>
-->
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:9000/IAaaAuthService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AaaAuthServiceBehavior">
<serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentInstances="2147483647" maxConcurrentSessions="2147483647"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IAaaAuth" closeTimeout="00:00:20" openTimeout="00:00:10" receiveTimeout="00:00:10" sendTimeout="00:00:10" hostNameComparisonMode="StrongWildcard" maxConnections="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
</binding>
</netTcpBinding>
</bindings>
The windows credentials do seem to get passed in - OperationContext.Current.ServerSecurityContext.WindowsIdentity is populated with the account information.
What am I missing here?