WCF Configuration Pt1 : SSL and Windows Authentication

2012, Mar 14    

WCF isn’t the easiest beast to wrangle, and when looking to secure a WCF web service I usually do it in stages.
In this post and further posts in the next week, I’ll be securing a WCF web service with various endpoints with various different security requirements.  To start with I’m just going to secure it with Windows authentication and SSL.

It always seems to take a little fiddling to get to the first stage, published in IIS using SSL and Windows Authentication whilst still functioning.

Once IIS has been configured

  • Website created
  • Single HTTPS binding
  • SSL Settings (Require) (Ignore client certificates)

The next step is to get the webconfig to work over SSL and to use windows authentication.

        <behavior name="basicSSLServiceBehaviour">
          <serviceMetadata httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <dataContractSerializer maxItemsInObjectGraph="2147483646" />
        </behavior>
        <binding name="SimpleWinAuth" maxBufferPoolSize="1000000" maxReceivedMessageSize="1000000">
          <readerQuotas maxStringContentLength="6553600" maxArrayLength="6553600"/>
          <security mode="Transport">
            <transport clientCredentialType="Windows"></transport>
          </security>
        </binding>

And the endpoint config will look something like this;

      <service  behaviorConfiguration="basicSSLServiceBehaviour"
               name="MyCompany.MyApp.Services.SomeNameOrAnother">
        <endpoint binding="wsHttpBinding"
                  contract="MyCompany.MyApp.Services.ISomeNameOrAnother"
                  bindingConfiguration="SimpleWinAuth" />
      </service>

So there you go, simple configuration to use enforce SSL and Windows Authentication in WCF.