Securing a WCF Service in Windows Azure with SSL

It is easy to find articles on how to create https (SSL) endpoints in Windows Azure services, e.g. this one. But I didn’t find information on how to configure the actual service, so I had to experiment. Here is a summary of what is needed with .NET Framework 4.

Http Endpoint

With .NET Framework 4, you can skip declaring your service and endpoints in the configuration file. Default is an endpoint with basicHttpBinding. But you you probably want to enable metadata publishing using a service behavior:

    <behaviors>
      <serviceBehaviors>
        <behavior>
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true" />
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>

Https Endpoint

To secure your service with SSL (https), you must create a binding configuration, a service definition and an endpoint using the binding configuration like this:

    <bindings>
      <basicHttpBinding>
        <binding name="SecureBasic">
          <security mode="Transport" />
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
      <service name="Namespace.TestService">
        <endpoint binding="basicHttpBinding" bindingConfiguration="SecureBasic" name="basicHttp" contract="Namespace.ITestService" />
      </service>
    </services>

To publish meta data, you would want to change httpGetEnabled=”true” to httpsGetEnabled=”true”:

<serviceMetadata httpsGetEnabled="true" />

Http and Https Endpoints

If you, for testing purposes, want to have both http and https bindings, you add two endpoints:

<endpoint binding="basicHttpBinding" bindingConfiguration="" name="basicHttp" contract="Namespace.ITestService" />
<endpoint binding="basicHttpBinding" bindingConfiguration="SecureBasic" name="basicHttpSecure" contract="Namespace.ITestService" />

To publish metadata on both endpoints, modify serviceMetadata like this:

<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
Advertisements

3 thoughts on “Securing a WCF Service in Windows Azure with SSL”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s