I have an IIS-hosted WCF service which is configured to use basicHttpBinding with transport security.
I have configured IIS with a certificate and I'm using an https endpoint to call the service.
Now, I have enabled message logging on the service at transport level - however, the messages I'm seeing are in clear text. Is this right? If so, why? Is there a way to see the encrypted messages?
Thank you in advance, Fabio
This is correct behavior. Transport layer handles its decryption before it passes message to upper layer api like WCF so WCF always get message decrypted and it can't intercept the process - transport security is outside of WCF. Encrypted message on transport layer is logged only if you use message security because in such case transport layer just passes the message as is to WCF to deal with it.
Use Fiddler and don't enable SSL decryption in the options. It will allow you to inspect the message traffic as it is on the wire.
Also, worth reading is Debugging Localhost Traffic with Fiddler, a common gotcha for those new to Fiddler. Then check out the info page on HTTPS decryption, if you're interested in using that feature later.
