Hosting WCF 4.0 Service on IIS 7.5 with SSL

Posted by: Mahesh Sabnis , on 4/1/2010, in Category Windows Communication Foundation (WCF)
Views: 71962
Abstract: This article is Part 2 of the two part series where I demonstrate how to create a certificate, create a WCF service that uses this certificate and finally host a WCF service on IIS 7.5 with SSL. In this article, we will see how to host a WCF service we created in Part 1, on IIS 7.5 with SSL.
Hosting WCF 4.0 Service on IIS 7.5 with SSL
 
In the first part, Implementing Transport Message Security with WCF 4.0 and VS 2010 RC, I demonstrated how to create a certificate and configure a WCF 4.0 service to use this certificate. In this article, I will demonstrate how to host this WCF Service on IIS 7.5 with SSL.
Note: The same steps can also be followed for IIS 7.0.
Step 1: Open IIS 7.5 and create a new Application Pool. To do this, follow the steps shown below:
·         Right click on ‘Application Pools’ and select ‘Add Application Pool’,




ApplicationsPools
Remember you need to set the .NET Framework Version to 4.0, this will use ASP.NET 4.0 process to handle requests.
·         Right Click on the Application pool you have created, and select ‘Advanced Settings’ from the ‘Process Model’ group and change the ‘Identity’ to ‘LocalSystem’ as shown below:
AdvancedSettings
Step 2: Right click on the ‘Sites’ and select ‘Add New Web Site’. Provide ‘Site Name’, using ‘Select’ button and select the application pool which you have created in the ‘Step 1’. Provide a Physical Path for the web site. In the ‘Binding’, select ‘Https’. This will select the 443 port number. Once you select https, it will show a combobox for SSL certificate selection for the web site. Select the certificate which you have created. You will see the window shown below:
AddWebSite
Step 3: To the web site you have created, right click and select ‘Add Application’ by following the screen shot below:
AddApplications
Step 4: Switch back to the VS2010 and to publish the WCF service in this web site, right click on the WCF Service and select ‘Publish’ as below:
(Note: By default you will have ’Web Deploy’ as ‘Publish Method’, change it to ‘File System’ and from the Target location, select ‘Local IIS’ and navigate to the web site and the application which you have created in previous step), the following window will be displayed:
PublishWeb
Click on ‘Publish’.
Step 5: Switch back to IIS and expand the web site and application where the WCF service is published > switch to content view > you will see the following window:
IISManager
Step 6: Right click on ‘Service.svc’ and click on browse, the browser will open the url with the following output:
CertificateError
This means that the certificate which we have configured is not issued by a trusted certificate authority. Now since we are just giving a demo here, the option of ‘Continue to this website’ can be selected. But remember that in a production scenario, you must be careful and resolve the certificate issue. So after selecting the continue option, the following output will be displayed:
Service
Now the WCF service is successfully hosted. You can now use this service in your client application.

Conclusion: SSL provides an effective security mechanism for the communication between Client applications and WCF services.

Give a +1 to this article if you think it was well written. Thanks!
Recommended Articles
Mahesh is having 10 years of experience in IT education and development. He is a Microsoft Certified Trainer (MCT) since 2005 and has conducted various Corporate Training programs for .NET Technologies (all versions). Follow him on twitter @maheshdotnet


Page copy protected against web site content infringement by Copyscape


User Feedback
Comment posted by sujit kumar sumaN on Thursday, April 8, 2010 3:04 AM
Hi,
i am sujit,I am a .net developer,so this site is very useful for me,so i give 5 stars
thanks
Comment posted by cav on Wednesday, May 19, 2010 8:35 PM
Can't get it to work. I've been following walkthroughs like this for five days now and not a single one of them works. In this case, step 6 gives me:

------------
This webpage is not available.
The webpage at https://localhost/UNamePwd_WCF/Service.svc might be temporarily down or it may have moved permanently to a new web address.

Below is the original error message
Error 102 (net::ERR_CONNECTION_REFUSED): Unknown error.
------------
Totally, totally at my wits end. Any help might save my sanity and perhaps my job.
Comment posted by Mahesh Sabnis on Tuesday, November 30, 2010 5:56 AM
Hi Cav,

  You need to rename localhost by the name of your machine. Also have you configured a web site with SSL enability with a specific port (443 by default) using self signed certificate or other imported certificate?
Hope it will help you
Thanks\
Mahesh Sabnis
Comment posted by Pete Rime on Sunday, January 16, 2011 3:12 PM
The service should be running with lower privileges than "system", shouldn't it?  We should be striving for the lowest privileges possible and assigning them explicitly where needed. Am I missing something?
Comment posted by Vinay on Thursday, November 24, 2011 2:07 AM
m getting the error
"The webpage cannot be found"
can sm1 help me
Comment posted by char on Wednesday, March 21, 2012 12:45 AM
In my case after I publish the service can be accessed via https and http both? Is there any way I can stop http?
Comment posted by Mike on Thursday, May 17, 2012 8:43 PM
Do you have an sample code that calls this service?  When I use svchost to try to create the config and cls file I get an error.
Comment posted by Prashanth on Thursday, August 16, 2012 11:27 AM
Mahesh, I have hosted the service in my Local system and trying to invoke the service from my local Client console application.
When I try to do that I get an error
Could not establish trust relationship for the SSL/TLS secure channel with authority. Please help me with this Issue.
Comment posted by Naeem Raza on Wednesday, September 19, 2012 4:23 AM
I am receiving the below error message when i browse my service.

Service 'AAJ.FL.Services.ClientDefinition' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element.
Comment posted by hfhf on Thursday, March 14, 2013 4:29 AM
bnhf
Comment posted by 111111111111 on Thursday, March 14, 2013 4:30 AM
asdfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
Comment posted by umesh on Friday, May 31, 2013 9:35 AM
Hi Mahesh, I have just followed your part 1 & 2 tutorials, was able to create service and hosting on IIS 7.5 but somehow my browser is not able to resolve the URL "https://localhost/Test1/Service.svc" and does not show up "Continue with this website". Any help is highly appreciated. Thanks -Umesh
Comment posted by Thomas Hagström on Sunday, December 29, 2013 9:45 AM
Works on the dev machine but not on Windows (2012) Server.
Thought I did it all right, installed certificate properly in IIS (8.5), but if I svutil my service I still get

"Could not establish trust relationship for the SSL/TLS secure channel with authority..."
"The remote certificate is invalid according to the validation procedure."

Tried adding the cert through MMC > Trusted Root Certification Authorities. Still doesn't work. Any pointers?

Post your comment
Name:  
E-mail: (Will not be displayed)
Comment:
Insert Cancel