IIS Express - Host WCF service over SSL

In my previous article, I described about configuring virtual directory under IIS Express. Here I am going to explore about setting up a WCF service using iis express and setting the transport security over SSL. We'll go step by step. 

Setup SSL
If you have experience with setting up SSL on IIS, it is very similar on iis express, except you don't have an GUI tool support, you will need to use proper utilities to do it manually. In a high level, we will need to perform following tasks to achieve this.
  • Get an appropriate certificate.
  • Create an HTTPS binding on the site.
  • Create a secure WCF service.
  • Test the changes.
Get an appropriate certificate: There are two ways to choose from, if it's not important for an end user to trust your server you could use a self-signed certificate created on your computer. If you want your end user to be able to verify the server's identity with your certificate, then you can obtain a certificate from one of the known certificate authority (CA) (such as Verisign etc). Here, in this example, I am going to use an self-signed certificate, and which I am going re-use an already installed certificate from the system. Objective is to setup SSL on a port 442. 

Steps: 
  1. First, run the command - c:\> netsh http show sslcert - list out all the existing certificate on the machine. You will see the out put as figure below.
     

  2. Now, we'll re-use one of these certificate on a new port 442. In my case, I am going to re-use the certificate on port 44300, which is installed by the WebMatrix tool. In order to re-use, we need to delete this entry from the existing location. Use following command to do that.
    c:\> netsh http delete sslcert ipport=0.0.0.0:44300
  3. Now we can add this certificate on port 442 with the command
    netsh http add sslcert ipport=0.0.0.0:442 certhash=<certhash> appid=<appid>
    Use the same certificate hash and appID from the above list.
Now you have successfully setup SSL on port 442. Next step would be to create binding for the website to run under SSL in iisexpress.
    Create an HTTPS binding on the site
    This can be done in two ways. 
    1. Use appcmd.exe (found under the iis express installation folder) and run it with following parameters as
      c:\> appCmd.exe set config "Default Web Site" -commitPath:APPHOST -section:access -sslFlags:Ssl
    2.  Or you can manually edit the applicationhost.config file and add following entry in it.
      <system.webServer>
        <security>
          <access flags="Script, Read" sslFlags="Ssl" />
        </security>
      </system.webServer>
    After completing one of the above step, you will need to setup the website configuration in applicationhost.config file to use HTTPS protocol and the newly configured port.
      Edit site node as follows: 
        <site name="WebSite1" id="1" serverAutoStart="true">
          <application path="/">
            <virtualDirectory path="/" physicalPath="C:\Hari\IISExpress\WebSite1" />
          </application>
          <bindings>
            <binding protocol="https" bindingInformation=":442:localhost" />
          </bindings>
        </site>

      Now, if you browse your test page under website1 with https in the url, you should see the test page - https://localhost:442/Webform1.aspx. The security warning that you see first is because you are using a self-signed certificate.  

      Create a secure WCF service
      I am not going in too detailed about this just to stay focused on the topic.; may be I will explain in high level and can provide the source code which will give enough details.

      When you host WCF under ssl, you are enabling the security mode as "Transport". In a high level, you can follow these steps to create a secure service. 
      1. Create basic service with wsHTTPBinding. 
      2. Add / change endpoint to use the new https://... address. Also specify a new bindingConfiguration to enable transport security.
      3. Add new binding with security mode="Transport"
      Once you enable the WCF service to run with https protocol, you can test the same in browser by navigating to the given address. Now, deploy this new WCF service under the same website1 configured under iis express. Remember, you will need to have a test page also to call the service and to confirm whether your service is working as expected. 

      Note: You may see a SecurityNegotiationException when you test the service under SSL. This happens only when you use a self-signed certificate locally. There is a workaround to fix this issue - use ServerCertificateValidationCallback and return true for the local testing scenarios.

      Now you are ready to test the code... Enjoy!  

      References

      Comments

      Post a Comment

      Popular posts from this blog

      SCTE35 Parser

      The SCTE (Society of Cable Telecommunications Engineers) defines the SCTE-35 as "SCTE 35, Digital Program Insertion Cueing Message for Cable, is the core signaling standard for advertising and distribution control (ex. blackouts) of content for content providers and content distributors"  SCTE-35 CUEs are signals that can be used to identify AD breaks, program chapters etc in a VOD, DVR or live streams contents. While creating the original content, encoders uses SCTE-104 messages to insert appropriate SCTE-35 info in the stream. This usually will be packaged as separate stream with other video, audio streams. The downstream packager can use this info to create appropriate SCTE-35 CUEs on the end user metadata, for example HLS manifest, DASH manifest etc.  Sample manifest with SCTE-35 cues: #EXTM3U #EXT-X-TARGETDURATION:10 #EXT-X-VERSION:3 #EXT-X-MEDIA-SEQUENCE:00001 http://server-host/path/file44.ts http://server-host/path/file45.ts SCTE 35 2016 SCTE STANDARD ©SCT
      Keep reading

      Dijkstra's Algorithm in JavaScript

      Image
      I happend to read through a series of blog posts by Nicholas C. Zakas here -  http://www.nczonline.net/blog/2009/06/09/computer-science-in-javascript-binary-search-tree-part-1 . These are really interesting thoughts. So I decided to take it another step by implementing the shortest span/path solution using Dijkstra's Algorithm. A beautiful explanation of the algorithm is available in YouTube at -  http://www.youtube.com/watch?v=8Ls1RqHCOPw  - so that I can stay focussed on the implementation part. Now, let me walk you through the steps taken to implement the algorithm in javascript. First of all, I need to define the graph that I am going to traverse. The best way to represent the graph is in metrix form, where each of the entry will indicate the weighted edge from one node to the other. To do this in JS, I created an array of arrays, with a header element at the first row. Figure 1. The above graph can be represented as follows.     [['A',
      Keep reading