November
14th,
2007
This is just something to remind myself next time I need to implement a WCF service using the BasicHttpBinding with transport-only security (SSL + client certificates)':
- WCF expects that the "Require SSL" option in IIS is enabled.
- If Metadata Exchange is needed, configure the MEX endpoint with a custom binding with the right settings; otherwise the service won't start.
- Remember to set httpsGetEnabled="true" option in the
service behavior instead of the usual httpGetEnabled attribute. - WCF does not understand the "Accept Client Certificates" option in IIS. It treats it the same as "Ignore Client Certificates" option.
To use client certificates:
- Enable the "Require Client Certificates" option in IIS
- On the service side, use a custom binding to set the requireClientCertificate option of the httpsTransport binding element:
<bindings>
<customBinding>
<binding name="sslBasicHttp">
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport requireClientCertificate="true"/>
binding>
customBinding>
bindings>
- On the client side, use basicHttpBinding with the security mode set to "Transport" and the option clientCredentialType set to "Certificate" on the
Technorati tags: Windows Communication Foundation