Setting up WCF services to use SSL

  • 398 Views
  • Last Post 12 April 2016
DerekMaciak posted this 12 April 2016

By default, an Accelerator generated system has SSL turned off. With a few steps, it is easy to turn this capability on.

Here are the steps:

1) In the Web.config for the Accelerator services and your System services, you need to add a security and transport element to the bindings element.  

<bindings>
  <!-- A4DN_Tag: Binding Quota Size -->
  <basicHttpBinding>
    <binding name="BasicHttpWithBigQuota" maxReceivedMessageSize="2147483647">
      <readerQuotas maxDepth="64" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <!-- For SSL Deployment, uncomment the <security> element below -->
      <security mode="Transport">
        <transport clientCredentialType="Windows"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

2) Set the clientCredentialType. The enum HttpClientCredenttialType has the valid values. For example, if you set it to "Windows", the client windows credentials will be passed to the WCF service. In you use this, you need to make sure that the windows authentication is enabled in IIS for the service.

3) Verify that all endpoints have the bindingConfiguration equal to BasicHttpWithBigQuota.

<service name="BOS.CustomerBusinessProcess.CustomerBP" behaviorConfiguration="BOS.EasyBuyCyclesBPServiceHost.Service1Behavior">
  <endpoint address="" binding="basicHttpBinding" contract="BOS.CustomerBusinessProcess.ICustomerBPServiceContract" bindingConfiguration="BasicHttpWithBigQuota" />
  <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>

4) In the Services.Config, set the BindingSecurityMode to "Transport" and set the BindingTransportClientCredentialType to the same value you set clientCredentialType in the Web.config.  You will need to set these setting on both the system and accelerator web services. You also need to change the address from "http" to https". Note: The BindingTransportClientCredentialType key is only supported with Accelerator Version 6.2.1 or greater.

<system.bp>
    <add key="Address" value="https://localhost/EasyBuyCycles/" />
    <add key="ConnectionType" value="WebServices" />
    <add key="Binding" value="BasicHttpBinding" />
    <add key="BindingSecurityMode" value="Transport" />
    <add key="BindingTransportClientCredentialType" value="Windows" />
</system.bp>

5) Publish your Accelerator and System Services to IIS.

DerekMaciak posted this 12 April 2016

6) Configure IIS.

You will need to have a Server Certificate in order to use SSL. In the IIS manager, click on the root item and open the Server Certificates in the Feature View. Refer to the Actions to import or create a test certificate. 

In the IIS Manager, click on your website and under the actions, select Bindings...  You will need to make sure that https is added.

In the IIS Manager, click on your website WCF service application and in the Feature View, open the SSL Settings.  Check the "Requires SSL" checkbox.

If you set the client credential type to windows, then you need to turn on windows authentication. In the same Feature View, click the Authentication setting. Enable just the Windows Authentication.

Test the IIS configuration, by trying to browse to one of your services.  Note, if you have windows authentication turned on, then you will get a login prompt. Supply your crendtials and then you should get to the service page.

Close