Saturday, October 20, 2012

WCF Tutorial - HTTPS setting for WCF application


HTTPS (TLS / SSL) setting for WCF application

                   This post will explain how to implement TLS/ SSL (https) settings in WCF to secure the services, assuming that the readers will have basic knowledge on WCF components (ABC) and cryptographic terminologies (X509). To implement Https settings in WCF, an url needs to be reserved in Url access control list (urlacl) and a cryptographic certificate is required to set SSL port and finally some setting in service config and host file.

Pre requisites:
Makecert.exe                            - for X509 certificate creation (comes with Visual studio by default).
HttpCfg.exe                               - for urlacl / ssl settings in case of XP / Windows 2003 Server.
Netsh.exe                                  - for urlacl / ssl settings in case of Vista / Windows 7 / x64bit OS.

Cryptographic Certificates
                                   The cryptographic or X509 certificates are digital certificates which are used for authentication and authorization between the server and the client. X509 certificates can be Self-Signed or signed by a certificate authority (CA), which is again a root certificate. These certificates can be created by a tool called makecert.exe. It comes with visual studio by default or it can be downloaded. These certificates can be used in development environment and in production it can be replaced with real certificates issued by authorized providers. The following are the commands to create certificates.

Https Implementation:

Let’s take a look at my WCF service library application.
  •      I have a data contract named MyContract with two data members in it as given below

namespace MyWCFServiceLibrary
{
    [DataContract]
    public class MyContract
    {
        [DataMember]
        public string MyName { get; set; }

        [DataMember]
        public long MyMobileNo { get; set; }
       
    }
}

  •      I have a service contract named MyInterface with two operation contracts in it as given below

namespace MyWCFServiceLibrary
{
    [ServiceContract]
    public interface MyInterface
    {
        [OperationContract]
        void AddDetail(MyContract data);
        [OperationContract]
        MyContract GetMobileNo(string name);
    }
}

  •      And finally I have a service implementation named MyService with implementations for interface members in it as given below

namespace MyWCFServiceLibrary
{
    [ServiceBehavior(InstanceContextMode=InstanceContextMode.Single)]
    public class MyService : MyInterface
    {

        List<MyContract> details = newList<MyContract>();

        public void AddDetail (MyContract data)
        {
            details.Add(data);
        }

        public MyContract GetMobileNo (string name)
        {
           return details.Find(x => x.MyName == name);
        }
    }
}

Steps

Step 1: Create CA certificate using the following command

cmd :\> makecert -n "CN=MyCACert" -r -sv MyCACert.pvk MyCACert.cer    (From VisualStudio Cmd tool - Run As Administrator)

Step 2: Install the RootCA certificate

From MMC Snap-in Certificates (localmachine), import MyCACert into "Trusted Root Certificates" folder.

Step 3: Create a new server Certificate using CA

cmd:\ > makecert -sk MyMachine -iv MyCACert.pvk -n "CN=MyMachine" -ic MyCACert.cer -sr localmachine -ss my -sky exchange –pe (From VisualStudio Cmd tool)

This command will directly add the server certificate created to the certificate store in local machine where the command is executed.

MMC
MMC (Microsoft Management Console) is used to check the certificates in certificate store.

HttpCfg.exe / Netsh.exe
 The command line utility which is used to reserve an url and to do ssl settings is HttpCfg.exe in case of XP and Windows 2003 Server. And netsh.exe is the utility for Vista and Windows 7. The utility Httpcfg.exe will be available only with latest service packs. So check for the patches in xp / win 2003 which holds the utility.

After certificate creation,
  •       a url can be reserved for the service and can be restricted to user groups.
  • a ssl port must be set for https.


Step 4: choose a ssl port which is not already in use

cmd :\> httpcfg query ssl   (For XP / 2003 environment)
cmd:\> netsh http show sslcert (For win 7 / vista /2008 environment)

To delete an existing ssl port (Ex : 8733)

cmd :\> httpcfg delete ssl -i 0.0.0.0:8733 -h [certhash]   (For XP / 2003 environment)
cmd :\> netsh http delete sslcert ipport=0.0.0.0:8733 (For win 7 / vista /2008 environment)

Step 5: Reserve an url in urlacl using HttpCfg.exe

cmd :\> httpcfg set urlacl /u https://+:8733/ /a "D:(A;;GXGW;;;WD)"  (For XP / 2003 environment)
cmd :\> netsh http add urlacl url=https://+:8733/ user=\Everyone (For win 7 / vista /2008 environment)

Step 6: Set the ssl port with certificate hash using HttpCfg.exe




cmd :\> httpcfg set ssl -i 0.0.0.0:8733 -h dd6202a426d143391cb4b7e91ddb5d94020a13a6 -g {5FF9F81C-97EF-47ED-BCF9-921667CD1FBD} (For XP / 2003 environment)

cmd :\> netsh http add sslcert ipport=0.0.0.0:8733 certhash=dd6202a426d143391cb4b7e91ddb5d94020a13a6 appid={5FF9F81C-97EF-47ED-BCF9-921667CD1FBD}  (For win 7 / vista /2008 environment)

Step 7: Add / Modify host entry in C:\WINDOWS\System32\Drivers\etc\hosts file.




Step 8: Make config entry in App.Config of WCF




The implementation is recorded as a video presentation which will be available in the link

For More Info

-->

Labels: , , , , ,

22 Comments:

At October 29, 2012 at 2:49 AM , Anonymous Offshore Software Development India said...

I was very much frustrated when I was working on HTTPS setting.When I followed your given steps of HTTPS setting for WCF application ,It was successfully implemented.Thanks for sharing this information with us.

 
At July 28, 2016 at 4:03 AM , Blogger Sowmiya said...



your blog is really good and thus it is very well done and so much interesting ya i got really more information it is nice and good too. thus it is really interesting and very much unique too.


Digital Marketing services in Chennai

 
At July 28, 2016 at 6:11 AM , Blogger Giri Mani said...


Nice to see. This blog provide separate information for questions and answers. Thank you for this. very helpful for interview.
SMO Services in Chennai

 
At July 29, 2016 at 11:18 PM , Blogger Suseela Susiee said...



That is very interesting; you are a very skilled blogger. I have shared your website in my social networks..!

Digital Marketing Services in Chennai

Digital Marketing Company in Chennai

 
At August 19, 2016 at 5:48 AM , Blogger Giri Mani 2 said...

This blog explains the details of most popular technological details. This helps to learn about what are all the different method is there. And the working methods all of that are explained here. Informative blog.
Digital Marketing Company in Chennai

 
At August 23, 2016 at 1:07 AM , Blogger Sowmiya said...


This idea is mind blowing. I think everyone should know such information like you have described on this post. Thank you for sharing this explanation.
Your final conclusion was good. We are sowing seeds and need to be patiently wait till it blossoms.



Best Android Training Institute in Chennai

 
At August 24, 2016 at 2:44 AM , Blogger Harish Raju said...

This blog is having the general information. Got a creative work and this is very different one. We have to develop our creativity mind. This blog helps for this. Thank you for this blog. this is very interesting and useful.
Web Designing Training in Chennai

 
At October 20, 2016 at 4:43 AM , Blogger Pricilla Prasanth said...

I cant wait to check out some of these blogs! I’ve really wanted to start learning more about cars and auto repairs lately and I think this will help a lot. I think it can save my family some money if we knew how to do some repairs at home.! Thanks again for all the options.

bike spa services in mumbai
house cleaning services in mumbai
car wash services in mumbai
car spa at doorstep in mumbai

 
At December 28, 2016 at 9:30 PM , Blogger Jeffy said...


Thank you for sharing such a nice and interesting blog with us. Hope it might be much useful for us. keep on updating...!!
seo company in india
digital marketing company in india
seo company in chennai
digital marketing company in chennai

 
At January 6, 2017 at 9:59 PM , Blogger Shalini said...

Superb. I really enjoyed very much with this article here. Really it is an amazing article I had ever read. I hope it will help a lot for all. Thank you so much for this amazing posts and please keep update like this excellent article.thank you for sharing such a great blog with us. expecting for your.

seo company in india

 
At January 19, 2017 at 1:47 AM , Blogger vinu priya said...

Wonderful blog.. Thanks for sharing informative blog.. its very useful to me..
PHP Training in Chennai

 
At January 30, 2017 at 8:37 PM , Blogger Navya Kumar said...


Great Article… I love to read your articles because your writing style is too good, its is very very helpful for all of us and I never get bored while reading your article because, they are becomes a more and more interesting from the starting lines until the end.
SEO Company in Chennai

 
At March 7, 2017 at 12:17 AM , Blogger Akshaysri said...

This blog is having the general information. Got a creative work and this is very different one.We have to develop our creativity mind.This blog helps for this. Thank you for this blog. This is very interesting and useful.
Study in Europe Consultants in Chennai

 
At March 7, 2017 at 10:35 PM , Blogger Thamizharasi J said...

Great site for these post and i am seeing the most of contents have useful for my Carrier.Thanks to such a useful information.Any information are commands like to share him.

Fresher Jobs in Chennai
Fresher Jobs in Delhi
Fresher Jobs in Bangalore
Fresher Jobs in Kolkata

 
At March 23, 2017 at 5:29 AM , Blogger Guhan said...

Thank you for your post. I found your blog more informative and useful.

IOS training in chennai

 
At March 29, 2017 at 2:15 AM , Blogger Nandhini said...

This is an awesome post.Really very informative and creative contents. These concept is a good way to enhance the knowledge.I like it and help me to development very well.Thank you for this brief explanation and very nice information.Well, got a good knowledge.
Housekeeping Services in Chennai

 
At March 29, 2017 at 9:31 PM , Blogger Shalini said...

Great post! I am actually getting ready to across this information, It's very helpful for this blog.Also great with all of the valuable information you have Keep up the good work you are doing well.

Digital Marketing Company in Chennai

 
At April 19, 2017 at 2:02 AM , Blogger sathya said...

Superb explanation & it's too clear to understand the concept as well, keep sharing admin with some updated information with right examples.Keep update more posts.

Hadoop Training in Chennai

Base SAS Training in Chennai

 
At May 8, 2017 at 6:12 AM , Blogger Pavel Co Ebele said...

I have read your blog its very attractive and impressive. I like it your blog.


SEO Services in India SEO Company in India SEO Company in India

Guaranteed SEO services Guaranteed SEO

 
At June 14, 2017 at 12:23 AM , Anonymous Aashi siva said...

This is a very interesting web page and I have enjoyed reading many of the articles and posts contained on the website, keep up the good work and hope to read some more interesting content in the future.
J2EE Training in Chennai
iOS Training in Chennai
Informatica Training in Chennai

 
At July 12, 2017 at 3:57 AM , Anonymous mahalyasree said...

Someone essentially lend a hand to make severely posts I would state. That is the very first time I frequented your website page and thus far? I surprised with the analysis you made to create this particular submit incredible. Fantastic job!
Office Interiors in Chennai
Interior Decorators in Chennai

 
At July 31, 2017 at 3:42 AM , Blogger Shalini said...


Really Good blog post.provided a helpful information.I hope that you will post more updates like this.
Digital marketing company in Chennai

 

Post a Comment

Subscribe to Post Comments [Atom]

Links to this post:

Create a Link

<< Home