Create a secure socket layer WCF service

Name: *
My email: *
Recipient email: *
Message: *
Fields marked as bold are compulsory.
You haven't filled in compulsory values. The email is not correct

We have already seen how to create a WCF service. This time we are going to see how to combine a WCF service with SSL security, which will be a trickier thing to do.
To reach our goal, we need to take three steps. Step one is to create a WCF Service. Step two is to install a certificate for authentication. Step three is to bring the two first steps together. Since creating a secure socket layer for a website takes more than just a few words. I am planning on writing some future article about that. In order to apply the following methods, a reader should either already have a secure website or, if unable to wait, find a proper article since there are quite a lot out there.

Concerning WCF services

This is the article where we created a WCF service. However since this task is more complex, we will start by repeating a few things.
To create a WCF service, we create a service (svc) file. This is where we place the code to execute when the service is requested.
The svc file may look like that
<%@ ServiceHost Language="C#" Factory="System.Data.Services.DataServiceHostFactory, Microsoft.Data.Services, Culture=neutral, PublicKeyToken=31bf3856ad364e31" Service="IceCream" %>
while the code behind file contains the following source code
[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class IceCream
    [WebInvoke(Method = "GET", RequestFormat = WebMessageFormat.Json, ResponseFormat = WebMessageFormat.Json)]
    public string GetIceCreamFlavours()
       return "This service is actually working!";
If the service works fine, you will get the success message when requesting MyPath/IceCream.svc/GetIceCreamFlavours. If not, you will get 404 or 500 errors trying to tell you what you should fix.
Now, we need to set up our project so that the code reaches the service when it is requested. Let's edit our web.config file properly. The following code is the minimum code required for a service to work.
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
        <behavior name="DotNetHints.IceCream">
          <enableWebScript />
      <service name="IceCream">
        <endpoint address="" behaviorConfiguration="DotNetHints.IceCream" binding="webHttpBinding" contract="IceCream" />
OK, here's what we have here.
We created the system.serviceModel node and placed three extra nodes inside: serviceHostingEnvironment, behaviors and services. Let's take a look at them.
serviceHostingEnvironment does not have much to do with where we want to get. It contains elements like aspNetCompatibilityEnabled, which control whether ASP.NET HTTP pipeline is used and non-HTTP protocols are prohibited, and multipleSiteBindingsEnabled which allows multiple IIS bindings per site.
Our key part, is the services tag. You can see in the following image how service connects all parts. However since sevices require a behavior, let's take a break and build one first. So, we create a behavior named DotNetHints.IceCream which we declare as an EndpointBehavior and place it inside the proper tag.
HTTP service diagram
Then we create our service named IceCream. Services require endpoints. Consider an endpoint as the access point for that service. 
The address attribure points to the URL the service will use. Since the endpoint we created contains an empty address, requesting MyPath/IceCream.svc/GetIceCreamFlavours will cause the service to show up. Binding contains "webHttpBinding" value. This is the standard WCF method to handle HTTP requests. 
The contract attribute stands for our service name on the WCF file. We can easily guess that more than one endpoint may use the same sevice.
To connect the behavior we created with the service endpoint we use the behaviorConfiguration attribute.
That's all we need to implement a simple WCF service. Now let's go for the secure part.

Creating a secure socket WCF service

https security
We are now moving forward to step 3, which requires a secure website in order to work. To use https settings, in addition to the parts we placed on our web.config file, we have to create a custom binding. Let's create one and call it HttpsBinding
     <binding name="HttpsBinding">
        <security mode="Transport">
           <transport clientCredentialType="None"/>
By setting security mode to Transport we enable transport security. clientCredentialType determines the messages authentication type. "None" is the simplest type and uses no authentication at all.
A few minutes ago we created an endpoint behavior. Behaviors can be classified as endpoint or service behaviours depending on where we call them. This one being set as an endpoint attribute was classified as an endpoint behavior.
<endpoint address="" behaviorConfiguration="DotNetHints.IceCream" binding="webHttpBinding" contract="IceCream" />
The behavior we are creating now is a service behavior.
      <behavior name="DotNetHints.IceCream">
It's quite similar to the one we already created. All there is left is to create the service and bring everything together. We will create the IceCream service the way we did earlier and add an extra endpoint. This endpoint's bindingConfiguration will be set to our new binding. 
   <service name="IceCream" behaviorConfiguration="DotNetHints.IceCream"> 
      <endpoint address="" 
                         contract="IceCream" />
     <endpoint address=""
                         contract="IceCream" />
We are ready to go. Our service supports both secure and non-secure requests. We can request MyPath/IceCream.svc/GetIceCreamFlavours using http and https supposing that our service is set correctly (and https protocol is enabled for our website). Enjoy!


We followed the implementation of a WCF service all the way from the beginning to the end. First we created an svc file which consists of the actual service. Then we started editing the web.config file in order to create a behavior, a binding and finally the service that will put them all together. We managed to create a service that supports both http and https requests.


Back to BlogPreviousNext


    Leave a comment