WCF Tutorial - HTTPS setting for WCF application
HTTPS (TLS / SSL) setting for WCF application
This post will explain how to implement TLS/ SSL (https) settings in WCF to secure the services, assuming that the readers will have basic knowledge on WCF components (ABC) and cryptographic terminologies (X509). To implement Https settings in WCF, an url needs to be reserved in Url access control list (urlacl) and a cryptographic certificate is required to set SSL port and finally some setting in service config and host file.
Pre requisites:
Makecert.exe - for X509 certificate creation (comes with Visual studio by default).
HttpCfg.exe - for urlacl / ssl settings in case of XP / Windows 2003 Server.
Netsh.exe - for urlacl / ssl settings in case of Vista / Windows 7 / x64bit OS.
Cryptographic Certificates
The cryptographic or X509 certificates are digital certificates which are used for authentication and authorization between the server and the client. X509 certificates can be Self-Signed or signed by a certificate authority (CA), which is again a root certificate. These certificates can be created by a tool called makecert.exe. It comes with visual studio by default or it can be downloaded. These certificates can be used in development environment and in production it can be replaced with real certificates issued by authorized providers. The following are the commands to create certificates.
Https Implementation:
Let’s take a look at my WCF service library application.
- I have a data contract named MyContract with two data members in it as given below
namespace MyWCFServiceLibrary
{
[DataContract]
public class MyContract
{
[DataMember]
public string MyName { get; set; }
[DataMember]
public long MyMobileNo { get; set; }
}
}
- I have a service contract named MyInterface with two operation contracts in it as given below
namespace MyWCFServiceLibrary
{
[ServiceContract]
public interface MyInterface
{
[OperationContract]
void AddDetail(MyContract data);
[OperationContract]
MyContract GetMobileNo(string name);
}
}
- And finally I have a service implementation named MyService with implementations for interface members in it as given below
namespace MyWCFServiceLibrary
{
[ServiceBehavior(InstanceContextMode=InstanceContextMode.Single)]
public class MyService : MyInterface
{
List<MyContract> details = newList<MyContract>();
public void AddDetail (MyContract data)
{
details.Add(data);
}
public MyContract GetMobileNo (string name)
{
return details.Find(x => x.MyName == name);
}
}
}
Steps
Step 1: Create CA certificate using the following command
cmd :\> makecert -n "CN=MyCACert" -r -sv MyCACert.pvk MyCACert.cer (From VisualStudio Cmd tool - Run As Administrator)
Step 2: Install the RootCA certificate
From MMC Snap-in Certificates (localmachine), import MyCACert into "Trusted Root Certificates" folder.
Step 3: Create a new server Certificate using CA
cmd:\ > makecert -sk MyMachine -iv MyCACert.pvk -n "CN=MyMachine" -ic MyCACert.cer -sr localmachine -ss my -sky exchange –pe (From VisualStudio Cmd tool)
This command will directly add the server certificate created to the certificate store in local machine where the command is executed.
MMC
MMC (Microsoft Management Console) is used to check the certificates in certificate store.
HttpCfg.exe / Netsh.exe
The command line utility which is used to reserve an url and to do ssl settings is HttpCfg.exe in case of XP and Windows 2003 Server. And netsh.exe is the utility for Vista and Windows 7. The utility Httpcfg.exe will be available only with latest service packs. So check for the patches in xp / win 2003 which holds the utility.
After certificate creation,
- a url can be reserved for the service and can be restricted to user groups.
- a ssl port must be set for https.
Step 4: choose a ssl port which is not already in use
cmd :\> httpcfg query ssl (For XP / 2003 environment)
cmd:\> netsh http show sslcert (For win 7 / vista /2008 environment)
To delete an existing ssl port (Ex : 8733)
cmd :\> httpcfg delete ssl -i 0.0.0.0:8733 -h [certhash] (For XP / 2003 environment)
cmd :\> netsh http delete sslcert ipport=0.0.0.0:8733 (For win 7 / vista /2008 environment)
Step 5: Reserve an url in urlacl using HttpCfg.exe
cmd :\> httpcfg set urlacl /u https://+:8733/ /a "D:(A;;GXGW;;;WD)" (For XP / 2003 environment)
cmd :\> netsh http add urlacl url=https://+:8733/ user=\Everyone (For win 7 / vista /2008 environment)
Step 6: Set the ssl port with certificate hash using HttpCfg.exe
cmd :\> httpcfg set ssl -i 0.0.0.0:8733 -h dd6202a426d143391cb4b7e91ddb5d94020a13a6 -g {5FF9F81C-97EF-47ED-BCF9-921667CD1FBD} (For XP / 2003 environment)
cmd :\> netsh http add sslcert ipport=0.0.0.0:8733 certhash=dd6202a426d143391cb4b7e91ddb5d94020a13a6 appid={5FF9F81C-97EF-47ED-BCF9-921667CD1FBD} (For win 7 / vista /2008 environment)
Step 7: Add / Modify host entry in C:\WINDOWS\System32\Drivers\etc\hosts file.
Step 8: Make config entry in App.Config of WCF
The implementation is recorded as a video presentation which will be available in the link
For More Info
SSL Settings (Https) - http://msdn.microsoft.com/en-us/library/ms733791.aspx
-->
Labels: .NET, HTTP.SYS, HTTS, SSL, TLS, WCF
posted by NMK @ 1:45 AM
21 Comments:
I was very much frustrated when I was working on HTTPS setting.When I followed your given steps of HTTPS setting for WCF application ,It was successfully implemented.Thanks for sharing this information with us.
your blog is really good and thus it is very well done and so much interesting ya i got really more information it is nice and good too. thus it is really interesting and very much unique too.
Digital Marketing services in Chennai
Nice to see. This blog provide separate information for questions and answers. Thank you for this. very helpful for interview.
SMO Services in Chennai
This idea is mind blowing. I think everyone should know such information like you have described on this post. Thank you for sharing this explanation.
Your final conclusion was good. We are sowing seeds and need to be patiently wait till it blossoms.
Best Android Training Institute in Chennai
This blog is having the general information. Got a creative work and this is very different one. We have to develop our creativity mind. This blog helps for this. Thank you for this blog. this is very interesting and useful.
Web Designing Training in Chennai
Superb. I really enjoyed very much with this article here. Really it is an amazing article I had ever read. I hope it will help a lot for all. Thank you so much for this amazing posts and please keep update like this excellent article.thank you for sharing such a great blog with us. expecting for your.
seo company in india
This blog is having the general information. Got a creative work and this is very different one.We have to develop our creativity mind.This blog helps for this. Thank you for this blog. This is very interesting and useful.
Study in Europe Consultants in Chennai
Thank you for your post. I found your blog more informative and useful.
IOS training in chennai
This is a very interesting web page and I have enjoyed reading many of the articles and posts contained on the website, keep up the good work and hope to read some more interesting content in the future.
J2EE Training in Chennai
iOS Training in Chennai
Informatica Training in Chennai
This is a very interesting web page and I have enjoyed reading many of the articles and posts contained on the website, keep up the good work and hope to read some more interesting content in the future.
Digital Marketing Company in Chennai
These provided information was really so nice,thanks for giving that post and the more skills to develop after refer that post. Your articles really impressed for me,because of all information so nice.
Digital Marketing Company in India
Web Development Company in India
Web Design Company in Chennai
These ways are very simple and very much useful, as a beginner level these helped me a lot thanks fore sharing these kinds of useful and knowledgeable information.
SEO Company in India
Excellent way of describing, and nice post.you are posting such a new idea is very interesting and give updates.
Digital Marketing Company in Chennai
this is very nice post thanks for updating your information to us.it is such a wonderful information about the software development and java is one of growing technology this is useful for me thank you so much.
Hadoop Training in Chennai
The blog is very different and useful. The way of writing makes it more interesting.
Selenium Training in Chennai
great tips thanks for your impressive enhancement of getting unique style of design a website. and it much more wonderful information to me. keep share many different ideas....
Hadoop training in chennai
Digigtal marketing in chennai
AWS training in chennai
The blog is very different and useful..
SAP MM Training in Chennai
written in very creative way and it also conveys useful information.
Selenium Training in Chennai
very nice blogs!!! i have to learning for lot of information for this sites...Sharing for wonderful information.Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing
Online Marketing Services
Best SEO Services in Bangalore
seo plans india
Thanks for the informative article. This is one of the best resources I have found in quite some time. Nicely written and great info. I really cannot thank you enough for sharing.
Restaurant in OMR
Great... thank u
Corporate Training in Nigeria
Post a Comment
Subscribe to Post Comments [Atom]
<< Home