Advantages of Transport Security
- Improved interoperability as it does not required for both parties to understand
XML level security.
- Improvement in overall performance as compare to Message level security.
- Streaming is possible where as in Message level security it is not possible.
We can implement SSL for WCF service in two ways
- If you are hosting WCF service in IIS you can use IIS infrastructure to set up SSL.
- If your WCF service is self-hosted you can create SSL certificate using HttpCfg.exe and use it for service binding.
Step by step configuration of IIS for WCF Service with SSL
Create Self Signed SSL certificate
In this step we will create self-signed certificate using IIS manager.
Open IIS manager using inetmgr command. Select <server name > from
connection pane which is at left side of IIS manager.
Double click on Server Certificates from middle pane of IIS manager.
From actions (right side) pane of IIS manager click on Self Signed Certificate.
You will get a new window where you have to enter certificate name. Give name as
Create and Host your WCF Service
Create a WCF service.
Endpoint configuration for Transport security
Open the WCF service library application created in previous step. Open app.config
file from NorthwindServices application to make changes for WCF endpoint
to allow transport security with ssl.
Add bindingConfiguration which sets attributes for basicHttpBinding and set
its security mode. There are three type of security modes avilable in WCF Message
for message level security, Transport for transport level security and
TransportWithMessageCredential for providing security over transport with
encrypted messages or you can set it as None to disable security of WCF service.
Set clientCredentialType as None to specify anonymous authentication
which does not perform client authetication. The possible values for clientCredentialType
are None, Basic, Digest, Ntlm, Windows.
Change serviceBehaviors for allowing https request by setting httpsGetEnabled="true".
Your Service endpoint will be
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Configure SSL Certificate for WCF Service
Host your WCF
service in IIS. In IIS manager right click on the site which you created
for hosting and click on Edit Bindings.... From the new window you should
be able to see http binding configured.
Now click on Add button and select https from type dropdown of Add
Site Binding window.
From SSL Certificate drop down select NorthwindCertificate which you
created in first step. Click Ok and close Site Bindings window.
Publish your WCF service once again to https://localhost/ address.
Client application for SSL secured WCF service
Create a client application for this SSL secured WCF service and Add Service Reference
Add below code to client application which calls WCF service and get Product details
for ProductID 1.
static void Main(string args)
= new ProductServiceRef.ProductsClient();
string category = client.GetCategoryName(1);
string name = client.GetProductName(1);
int qty = client.GetProductQty(1);
Console.WriteLine("Product Name : " + name);
Console.WriteLine("Product Qty : " + qty.ToString());
Console.WriteLine("Product Category : " + category);
Execute the client application you might get SecurityNegotiationException
with Could not establish trust relationship for the SSL/TLS secure channel with authority
'localhost'. To resolve this issue open app.config file of client
application and replace localhost from endpoint address with your computer
Change it to
https://<your computer name>/ProductServiceHost.svc
Download source code.