How to create a https binding for a wcf service?

Question

I have inherited a service which has been running on an intranet for a while. Security was never an issue but I have been asked if I could expose it to the internet.

Binding definitions

The LeanBinding binding was inherited while the SecureLeanBinding is my guess.

        <bindings>
            <customBinding>

                <binding name="LeanBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
                    <binaryMessageEncoding compressionFormat="GZip">
                        <readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
                    </binaryMessageEncoding>
                    <httpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
                </binding>

                <binding name="SecureLeanBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">             
                    <binaryMessageEncoding compressionFormat="GZip">
                        <readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
                    </binaryMessageEncoding>
                    <httpsTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"></httpsTransport>
                </binding>

            </customBinding>
        </bindings>

Client Endpoints

I copied the existing endpoint, but changed the address to use https and the binding configuration to use SucereLeanBinding.


        <client>

           <endpoint address="http://localhost/APP.Service/" binding="customBinding" bindingConfiguration="LeanBinding" contract="APP.IService" name="customBinding_IService" />

           <endpoint address="https://localhost/APP.Service/" binding="customBinding" bindingConfiguration="SecureLeanBinding" contract="APP.IService" name="SecureBinding_IService" />

        </client>

Service Behavior

I Set httpsGetEnabled to true

        <behaviors>
            <endpointBehaviors>

                <behavior name="LeanEndPointBehaviour">
                    <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
                </behavior>

            </endpointBehaviors>
            <serviceBehaviors>

                <behavior name="LeanServiceBehaviour">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
                    <serviceDebug includeExceptionDetailInFaults="true"/>
                    <dataContractSerializer ignoreExtensionDataObject="false" maxItemsInObjectGraph="2147483647"/>
                </behavior>

            </serviceBehaviors>
        </behaviors>

Protocol Mapping

The protocol mapping does not seem to affect the behavior of the service. But I included it for completeness.

        <protocolMapping>
            <add binding="customBinding" bindingConfiguration="SecureLeanBinding" scheme="https"/>
        </protocolMapping>

Service Definition

I added the second endpoint and baseAddress.

        <services>
            <service name="APP.ServiceName" behaviorConfiguration="LeanServiceBehaviour">

               <endpoint address="" binding="customBinding" contract="APP.IService" behaviorConfiguration="LeanEndPointBehaviour" bindingName="LeanBinding" bindingConfiguration="LeanBinding" >
                   <identity>
                       <dns value="localhost" />
                   </identity>
               </endpoint>

               <endpoint address="" binding="customBinding" contract="APP.IService" behaviorConfiguration="SecureLeanEndPointBehavior" bindingName="SecureLeanBinding" bindingConfiguration="SecureLeanBinding" >
                  <identity>
                      <dns value="localhost" />
                  </identity>
               </endpoint>

               <host>
                   <baseAddresses>
                       <add baseAddress="http://localhost:80/APP.Service/" />
                       <add baseAddress="https://localhost:443/APP.Service/" />
                   </baseAddresses>
               </host>
          </service>

        </services>
    </system.serviceModel>
</configuration>

The http bindings work but the https bindings does not work. Any help will be appreciated.

Abraham Qian Abraham Qian · Accepted Answer · 2020-04-28T07:11:00

How do you host the service? the HTTP service endpoint requires the transport security mode and a certificate to secure the communication. We should bind the certificate to the port of the server. If in IIS, it could be completed by the IIS website binding module.
The base address is unnecessary in the configuration file.

   <host>
                   <baseAddresses>
                       <add baseAddress="http://localhost:80/APP.Service/" />
                       <add baseAddress="https://localhost:443/APP.Service/" />
                   </baseAddresses>
               </host>

It needs to be done in the IIS site binding module.
If in a console application or it is self-hosted, we should bind a certificate to the specific port by means of below command.

netsh http add sslcert ipport=0.0.0.0:443 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

https://docs.microsoft.com/en-us/windows/win32/http/add-sslcert
Feel free to let me know if the problem still exists.