WCF Configuration Pt1 : SSL and Windows Authentication

WCF isn’t the easiest beast to wrangle, and when looking to secure a WCF web service I usually do it in stages.
In this post and further posts in the next week, I’ll be securing a WCF web service with various endpoints with various different security requirements.  To start with I’m just going to secure it with Windows authentication and SSL.

It always seems to take a little fiddling to get to the first stage, published in IIS using SSL and Windows Authentication whilst still functioning.

Once IIS has been configured

  • Website created
  • Single HTTPS binding
  • SSL Settings (Require) (Ignore client certificates)

The next step is to get the webconfig to work over SSL and to use windows authentication.

And the endpoint config will look something like this;

So there you go, simple configuration to use enforce SSL and Windows Authentication in WCF.