none
Self-hosted basicHttpBinding both with transport security (https) and plain service (http) on the same service, is it possible? RRS feed

  • Question

  • Hi!

    Just a question, should it be possible to define a webHttpBinding service (hypermedia/rest) for instance like so

    http://localhost:8691/Service1.svc/

    https://localhost:8691/Service1.svc/

    where the only difference is the protocol part?

    The relevant configuration blocks could be something like

    service name="HypermediaExample1.Service1" behaviorConfiguration="wsdl"
            <endpoint address="http://localhost:8691/Service1.svc" binding="webHttpBinding" contract="HypermediaExample1.IService1">
              <identity>
                <dns value="localhost" />
              </identity>
            </endpoint>
            <endpoint address="https://localhost:8691/Service1.svc" binding="webHttpBinding" bindingConfiguration="webHttpBindingHttps" contract="HypermediaExample1.IService1">
              <identity>
                <dns value="localhost" />
              </identity>
            </endpoint>
          </service>
        </services>
    
    <bindings>
          <webHttpBinding>
            <binding name="webHttpBindingHttps">
              <security mode="Transport">
                <transport clientCredentialType="None" />
              </security>
            </binding>
          </webHttpBinding>
        </bindings>

    It feels like it's not possible, at least not without doing something in the WCF pipeline, but I'd like to be sure. Hence the question.

    <edit 2013-12-19: To clarify my question as I phrased my initial question rather poorly.

    What I'm after is that is it possible to have a single, self-hosted RESTful service which for the caller appears as a a single service, only difference being the protocol part of http or https. As for an example

    http://localhost/Service1.svc/SomeResource

    https://localhost/Service1.svc/SomeResource

    That is, the caller can decide if it wants to access some given resource either as plain or an encrypted. I haven't succeeded in creating such a self-hosted version and searching the Internet forums allows one to understand I'd need to define the two endpoints to have a different address, such as, for example

    http://localhost/Service1.svc/SomeResource

    https://localhost/Service1.svc/SomeResourceSecure

    I end up having errors like http or https not defined or that baseAddress not defined and so on.

    Mind you, if this were hosted on IIS or I had a reverse proxy or some such arrangement, I could peel of the encryption and direct requests to the http internally or some other arrangement that would look from the outside such that the only visible difference in the URL is the http/https part.




    • Edited by Veikko Eeva Thursday, December 19, 2013 7:34 AM
    Wednesday, December 18, 2013 12:58 PM

All replies

  • Hi,

    We can create a wcf service with both http and https.

    Then we will have to create service with two WebHttpBinding endpoints. One endpoint will use HTTP (binding without transport security) and second endpoint will use HTTPS (binding with transport security).

    For the self-host wcf with https, we may need to bind ssl certificate to the specific port number using netsh or HttpConfig tool depending from OS version. Detailed instructions can be found here .

    Also please try to refer to the following:
    #Hosting a secured RESTful WCF Service (https) with and without IIS:
    http://rajeshsv.blogspot.in/2012/05/create-new-console-app-project-in-vs.html .

    #WCF self hosted service over HTTPS:
    http://www.codeproject.com/Articles/131048/WCF-self-hosted-service-over-HTTPS .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Thursday, December 19, 2013 2:03 AM
    Moderator
  • Hi Veksi,

    For WCF service, you can setup a single service and expose multiple endpoint on it. And each endpoint can has its own binding configuration and address:

    #Exposing a WCF Service With Multiple Bindings and Endpoints
    http://keithelder.net/2008/01/17/Exposing-a-WCF-Service-With-Multiple-Bindings-and-Endpoints/

    and for your case, if you want to open one endpoint with plain HTTP protocol and another with HTTPS/ssl protocol, you cannot use the same port with the two endpoints. Because plain HTTP and HTTPS/SSL need to be opened on separate port. (e.g. 80 for plain HTTP and 443 for HTTPS )


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Thursday, December 19, 2013 2:34 AM
    Moderator
  • Hi, the links had some helpful material. Especially on the parts of creating certificates. But I'm afraid I wasn't clear enough what I really wanted to know and so I clarified my initial question. Would you care to help with the one, now hopefully better phrased?

    Sudet ulvovat -- karavaani kulkee

    Thursday, December 19, 2013 7:37 AM
  • Indeed, that's possible, I know. I edited my original question, as I was unclear what I really wanted to know and hadn't managed to find out conculusively. I clarified my initial question. Would you care to help with the one, now hopefully better phrased?


    Sudet ulvovat -- karavaani kulkee

    Thursday, December 19, 2013 7:38 AM
  • is it possible to have a single, self-hosted RESTful service which for the caller appears as a a single service, only difference being the protocol part of http or https. As for an example

    http://localhost/Service1.svc/SomeResource

    https://localhost/Service1.svc/SomeResource 

    Hi,

    Do you means that just one endpoint in that service and it should be http and https.
    If so I am afraid that it is not possible. One endpoint should only have one address.

    In order to implement the both http and https in one service, we should have two endpoint then one for the http and the other for the https as my first post.

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, December 31, 2013 6:46 AM
    Moderator
  • What matters is that the end user sees only two URLs for which the only difference is the one extra 's' in https. That is, for self-hosted service the end result is that both of these URLs work

    http://localhost/Service1.svc/SomeResource https://localhost/Service1.svc/SomeResource

    For this particular question it doesn't matter how many endpoint definitions I would have to have. URL rewriting either on IIS or on reverse proxy or somesuch should produce the desired results (had there be such machinery), but I became to wonder if it were possible just by plain self-hosted WCF service.


    Sudet ulvovat -- karavaani kulkee

    Wednesday, January 1, 2014 6:11 PM