none
Deploying WCF Service in IIS

Answers

  • Thanks An! Helpful as usual. But, actually I went off and figured it out by myself yesterday. Bare in mind the certificate stuff here is only if you use security. This is specific to Windows Server 2003 but will probably work for other OSs. Here are my notes:

     

    Certificate

    • Get copy of makecert.exe. This is not part of the operating system; it is part of the SDKs that come with Visual Studio. You can just copy the one from C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin.
      Create the certificate. This is the command that I use. Bare in mind that if you have other certificates you will need to specify in your web.config some kind of criteria for finding the correct certificate. This example is not very good at that. "makecert.exe" -ss My -sr LocalMachine -n "CN=localhost" -sky exchange –pe
    • Apply permissions to certificate. Don't be fooled by this. Permissions literally means the normal security permissions you would setup through explorer. It's not magic. Certificates are stored at: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys. For security reasons you should only apply permissions to the certificate you created. You can easily identify your certificate file because it will have been created today. Microsoft has a tool that you can build to find your certificate but I feel that it is unnecessary. Once you have identified your certificate, you can either right click on the file and hit the Security tab. Or, you can specify permissions from the command prompt. You need to give read access to the users that are execute with IIS's process. Usually that is ASPNET and/or Internet Guest Account/IIS_WPG. But I'll leave it up to you to figure out which users are necessary. If you want to do it through the commnd prompt, the command is below. Microsoft gives instructions for this but I don't know why. It just seems hard for no reason,
      "c:\windows\system32\cacls.exe" "C:\Documents and Settings\All Users\Application\Data\Microsoft\Crypto\RSA\MachineKeys\[Key Name]" /E /G "ASPNET":R

    Register WCF for IIS

    • The most important thing is to make sure IIS has the WCF component registered. This is similar to the ASPNet registration aspnet_regiis.exe but not the same thing. The command is
      %windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe". You have to specify a couple of arguments but unfortunately I didn't note down the ones I used. The standard one doesn't install everything so you may have to try a few things to get it right. For some reason you have to also do this but I don't know why. %windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /s:W3SVC

    Setup IIS Application

    • Give access to files in WCF service to the same users as the certificate using the process mentioned above. I think read access is sufficient.
    • Go in to IIS and add the folder as a virtual directory or use the folder that is already there. Click on the "Create Application" to make it an application. (See Microsoft's instructions for setting up IIS if you are unfamiliar - this is out of the scope of this post)
    • Note that you must specify .svc files for IIS. On the development server, you do not need .svc files but IIS requires them. They are the equivalent of .asmx files in web services. The .svc files are just pointers to your service contracts.
    Wednesday, July 16, 2008 10:08 PM

All replies

  • Hi Christian,

     

    Because of its modular and secure design, every feature in IIS7 is implemented in module.  You only install feature you need.  One such feature is Wcf Http activation.  Since IIS7 is only available on Windows 2008 and Vista, you don't need to worry about it.

     

    The ServiceModel registration tool is used to register Wcf runtime and scriptmaps with IIS.  When you install .net 3.0 and 3.5, this tool is run so you don't need to worry about this either.  (On this server, is .net 3.0/3.5 installed?)

     

    Why don't you try publishing the service?  It is perhaps the easiest way to get a service running on IIS. 

     

    How are you getting the error?  I.e, When you try getting the wsdl file?  When you browse to the .svc file?

     

    An

     

    Wednesday, July 16, 2008 2:36 AM
  •  

    Not sure how you have deployed the service ( could you please elaborate have you created a virtual directory to do that? )

     

    You also need to register IIS with asp.net in win 2k3 server to make things work

    you can do that by running C:\WINNT\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis.exe -i

    Wednesday, July 16, 2008 1:31 PM
  • Thanks An! Helpful as usual. But, actually I went off and figured it out by myself yesterday. Bare in mind the certificate stuff here is only if you use security. This is specific to Windows Server 2003 but will probably work for other OSs. Here are my notes:

     

    Certificate

    • Get copy of makecert.exe. This is not part of the operating system; it is part of the SDKs that come with Visual Studio. You can just copy the one from C:\Program Files\Microsoft SDKs\Windows\v6.0A\bin.
      Create the certificate. This is the command that I use. Bare in mind that if you have other certificates you will need to specify in your web.config some kind of criteria for finding the correct certificate. This example is not very good at that. "makecert.exe" -ss My -sr LocalMachine -n "CN=localhost" -sky exchange –pe
    • Apply permissions to certificate. Don't be fooled by this. Permissions literally means the normal security permissions you would setup through explorer. It's not magic. Certificates are stored at: C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys. For security reasons you should only apply permissions to the certificate you created. You can easily identify your certificate file because it will have been created today. Microsoft has a tool that you can build to find your certificate but I feel that it is unnecessary. Once you have identified your certificate, you can either right click on the file and hit the Security tab. Or, you can specify permissions from the command prompt. You need to give read access to the users that are execute with IIS's process. Usually that is ASPNET and/or Internet Guest Account/IIS_WPG. But I'll leave it up to you to figure out which users are necessary. If you want to do it through the commnd prompt, the command is below. Microsoft gives instructions for this but I don't know why. It just seems hard for no reason,
      "c:\windows\system32\cacls.exe" "C:\Documents and Settings\All Users\Application\Data\Microsoft\Crypto\RSA\MachineKeys\[Key Name]" /E /G "ASPNET":R

    Register WCF for IIS

    • The most important thing is to make sure IIS has the WCF component registered. This is similar to the ASPNet registration aspnet_regiis.exe but not the same thing. The command is
      %windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe". You have to specify a couple of arguments but unfortunately I didn't note down the ones I used. The standard one doesn't install everything so you may have to try a few things to get it right. For some reason you have to also do this but I don't know why. %windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" /s:W3SVC

    Setup IIS Application

    • Give access to files in WCF service to the same users as the certificate using the process mentioned above. I think read access is sufficient.
    • Go in to IIS and add the folder as a virtual directory or use the folder that is already there. Click on the "Create Application" to make it an application. (See Microsoft's instructions for setting up IIS if you are unfamiliar - this is out of the scope of this post)
    • Note that you must specify .svc files for IIS. On the development server, you do not need .svc files but IIS requires them. They are the equivalent of .asmx files in web services. The .svc files are just pointers to your service contracts.
    Wednesday, July 16, 2008 10:08 PM