In this post, I will explain; how could we expose a WCF REST Service over secure HTPP (HTTPS)? Essentially there are three steps involved

1. Create a certificate or use a third party provided certificate

2. Configure HTTPS in IIS

3. Configure webHttpBinding to use transport level security

Create Certificate

To expose a service over HTTPS, we need to have a certificate in store. Either you can create your own X.509 certificate or use certificate provided by 3rd parties.

I am going to create my own certificate. To create X.509 certificate Open Inetmgr

clip_image001

In center you will get an option of Server Certificates. Double click on that.

clip_image003

At left pane you will get option to create a server certificate. Select Create Self-Signed Certificate

clip_image004

Just follow the wizard to create the self-signed certificate

clip_image006

Configure HTTPS in IIS

Next step we need to do is to configure SSL in IIS. Follow below steps for the same.

1. Open IIS

2. Select Default Web Site

clip_image007

3. Select SSL setting

clip_image009

4. Select Binding option of Edit Site tab from left panel

clip_image010

5. Add a Binding for HTTPS.

clip_image011

6. Select HTTPS from dropdown

clip_image012

7. Now we need to choose a certificate for secure communication over HTTP. We can choose a certificate provided by third party or self-created certificate from personal store. In beginning of this post we created a certificate called DEBUGMODE. CER. I am going to use that certificate.

clip_image013

8. HTTPS is being configured at port 443.

clip_image014

Create WCF REST Service

Since purpose of this post is to demonstrate REST over HTTPS so basic assumption I do have is you know how to create REST service and hosting.

I am creating a simple resource like below,

clip_image015

Implement service as below,

clip_image016

HOST WCF REST Service

I am going to host service in a console application. Right click on WCF Service Application project and a console application project. Change the target framework from to .Net framework 4.0. Add required references.

Add reference of,

a. System.ServiceModel

b. System.ServiceModel.Web

c. Add project reference of WCF Service project

1. We are going to use WebServiceHost to host REST service in managed [Console] application.

clip_image018

2. We need to construct URI for base address of service

clip_image020

In base address URI construction, you need to make sure below points

a. Address scheme is HTTPS not HTTP.

b. Since HTTPS is configured on port 443 so base address is constructed with port 443.

3. Obviously we need to choose binding as WebHttpBinding.

clip_image022

Point to take care is that we are setting security mode for WebHttpBinding as Transport.

4. Adding EndPoint to the instance of WebServiceHost

clip_image024

Iservice1 is the service contract and Service1 is the service implementation file.

Host program will be as below,

Program.cs


using System;
using System.ServiceModel;
using System.ServiceModel.Web;
using WcfService13;
using System.Diagnostics;

namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
WebServiceHost host = new WebServiceHost(typeof(Service1));
string uri = "<a href="https://localhost:443/Service1.svc/">https://localhost:443/Service1.svc/</a>";
WebHttpBinding binding = new WebHttpBinding();
binding.Security.Mode = WebHttpSecurityMode.Transport;
host.AddServiceEndpoint(typeof(IService1), binding, uri);
host.Open();
Console.WriteLine("REST Service with HTTPS is running ");
Process.Start(uri);
Console.ReadKey(true);

}
}
}

Running Service

Now when we run console application browser will automatically get started

clip_image026

If you notice URL, you can see that service is running on SSL over HTTP. URL is starting with HTTPS.

In next post, I will show you calling WCF REST Service over HTTPS from a client. Thanks for reading.

Advertisements

10 thoughts on “Exposing WCF REST Service over HTTPS

  1. nice post 🙂
    i am waiting for the next post as you mentioned i.e calling WCF REST Service over HTTPS from a client

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s