In this post, I will explain; how could we expose a WCF REST Service over secure HTPP (HTTPS)? Essentially there are three steps involved
1. Create a certificate or use a third party provided certificate
2. Configure HTTPS in IIS
3. Configure webHttpBinding to use transport level security
Create Certificate
To expose a service over HTTPS, we need to have a certificate in store. Either you can create your own X.509 certificate or use certificate provided by 3rd parties.
I am going to create my own certificate. To create X.509 certificate Open Inetmgr
In center you will get an option of Server Certificates. Double click on that.
At left pane you will get option to create a server certificate. Select Create Self-Signed Certificate
Just follow the wizard to create the self-signed certificate
Configure HTTPS in IIS
Next step we need to do is to configure SSL in IIS. Follow below steps for the same.
1. Open IIS
2. Select Default Web Site
3. Select SSL setting
4. Select Binding option of Edit Site tab from left panel
5. Add a Binding for HTTPS.
6. Select HTTPS from dropdown
7. Now we need to choose a certificate for secure communication over HTTP. We can choose a certificate provided by third party or self-created certificate from personal store. In beginning of this post we created a certificate called DEBUGMODE. CER. I am going to use that certificate.
8. HTTPS is being configured at port 443.
Create WCF REST Service
Since purpose of this post is to demonstrate REST over HTTPS so basic assumption I do have is you know how to create REST service and hosting.
I am creating a simple resource like below,
Implement service as below,
HOST WCF REST Service
I am going to host service in a console application. Right click on WCF Service Application project and a console application project. Change the target framework from to .Net framework 4.0. Add required references.
Add reference of,
a. System.ServiceModel
b. System.ServiceModel.Web
c. Add project reference of WCF Service project
1. We are going to use WebServiceHost to host REST service in managed [Console] application.
2. We need to construct URI for base address of service
In base address URI construction, you need to make sure below points
a. Address scheme is HTTPS not HTTP.
b. Since HTTPS is configured on port 443 so base address is constructed with port 443.
3. Obviously we need to choose binding as WebHttpBinding.
Point to take care is that we are setting security mode for WebHttpBinding as Transport.
4. Adding EndPoint to the instance of WebServiceHost
Iservice1 is the service contract and Service1 is the service implementation file.
Host program will be as below,
Program.cs
using System;
using System.ServiceModel;
using System.ServiceModel.Web;
using WcfService13;
using System.Diagnostics;
namespace ConsoleApplication1
{
class Program
{
static void Main(string[] args)
{
WebServiceHost host = new WebServiceHost(typeof(Service1));
string uri = "<a href="https://localhost:443/Service1.svc/">https://localhost:443/Service1.svc/</a>";
WebHttpBinding binding = new WebHttpBinding();
binding.Security.Mode = WebHttpSecurityMode.Transport;
host.AddServiceEndpoint(typeof(IService1), binding, uri);
host.Open();
Console.WriteLine("REST Service with HTTPS is running ");
Process.Start(uri);
Console.ReadKey(true);
}
}
}
Running Service
Now when we run console application browser will automatically get started
If you notice URL, you can see that service is running on SSL over HTTP. URL is starting with HTTPS.
In next post, I will show you calling WCF REST Service over HTTPS from a client. Thanks for reading.
Dhananjay Kumar 
Leave a Reply