Exposing WCF REST Service Over HTTPS


In this article, I will explain how we can expose a WCF REST Service over secure HTPP (HTTPS)? Essentially there are three steps involved.

  1. Create a certificate or use a third party provided certificate
  2. Configure HTTPS in IIS
  3. Configure webHttpBinding to use transport level security

Create Certificate

To expose a service over HTTPS, we need to have a certificate in store. Either you can create your own X.509 certificate or use certificate provided by 3rd parties.
 
I am going to create my own certificate. To create a X.509 certificate, open Inetmgr.

WCF1.gif

In the center you will get an option for Server Certificates. Double click on that.

WCF2.gif

In the left pane you will get an option to create a server certificate. Select Create Self-Signed Certificate:

WCF3.gif

Just follow the wizard to create the self-signed certificate.

WCF4.gif

Configure HTTPS in IIS

The next step to do is to configure SSL in IIS. Follow the steps below to do that.
  1. Open IIS
  2. Select Default Web Site

    WCF5.gif
     
  3. Select SSL setting:

    WCF6.gif
     
  4. Select Binding option of Edit Site tab from left panel:

    WCF7.gif
     
  5. Add a Binding for HTTPS:

    WCF8.gif
     
  6. Select HTTPS from dropdown:

    WCF9.gif
     
  7. Now we need to choose a certificate for secure communication over HTTP. We can choose a certificate provided by a third party or self-created certificate from personal store. In thje beginning of this article we created a certificate called DEBUGMODE. CER. I am going to use that certificate.

    WCF10.gif
     
  8. HTTPS is being configured at port 443:

    WCF11.gif

Create WCF REST Service

Since the purpose of this article is to demonstrate REST over HTTPS, I am assuming you know how to create a REST service and hosting.

I am creating a simple resource like below:

WCF12.gif

Implement the service as below.

HOST WCF REST Service

I am going to host the service in a console application. Right-click on the WCF Service Application project and a console application project. Change the target framework from to .Net framework 4.0. Add the required references.

Add reference for:
  • System.ServiceModel
  • System.ServiceModel.Web
  • Add project reference of WCF Service project


1. We are going to use WebServiceHost to host REST service in a managed Console application.

WCF13.gif

2. We need to construct a URI for the base address of the service:

WCF14.gif

In the base address URI construction, you need to make sure of the following points:
  • Address scheme is HTTPS not HTTP.
  • Since HTTPS is configured on port 443 so base address is constructed with port 443.

3. Obviously we need to choose binding as WebHttpBinding.

WCF15.gif

A point to take care of is that we are setting the security mode for WebHttpBinding as Transport.

4. Adding EndPoint to the instance of WebServiceHost:

WCF16.gif
Iservice1 is the service contract and Service1 is the service implementation file.

The host program will be as below:

Program.cs

using System;
using System.ServiceModel;
using System.ServiceModel.Web;
using WcfService13;
using System.Diagnostics;

namespace ConsoleApplication1
{
    class Program
    {
        static void Main(string[] args)
        {
            WebServiceHost host = new WebServiceHost(typeof(Service1));
            string uri = "https://localhost:443/Service1.svc/";
            WebHttpBinding binding = new WebHttpBinding();
            binding.Security.Mode = WebHttpSecurityMode.Transport;
            host.AddServiceEndpoint(typeof(IService1), binding, uri);
            host.Open();
            Console.WriteLine("REST Service with HTTPS is running ");
            Process.Start(uri);
            Console.ReadKey(true);

        }
    }
}


Running Service


Now when we run the console application the browser will be started automatically.

WCF17.gif

If you notice the URL, you will see that the service is running on SSL over HTTP. The URL is starting with HTTPS.

In the next article, I will show you calling WCF REST Service over HTTPS from a client. Thanks for reading.