While developing Silverlight 4 (SL 4) Line-of-Business (LOB) applications, it is recommended to use WCF services while dealing with data. However what if that WCF is configured with SSL using self-signed certificates? If it is the case, then there some important configurations recommended to be followed as mentioned below:
· Use custom binding on the WCF service.
· Enable HttpsTransport for Transport security using SSL.
· Enable BinaryMessageEncoding for binary communication.
In this article, I have used IIS 7.5 on Windows Server 2008 R2 where a new Web site is created using Self-Signed certificate. To help you understand the entire process, in the following steps, I have first explained the procedure of creating a Web Site with SSL enabled and configuring self-signed certificate.
Creating Web Site and Self signed certificate
Step 1: Open IIS and right click on ‘Application Pools’ and select ‘Add Application Pool’. Name it as ‘SSLTestPool’ and set the framework to .NET Framework 4.0 as shown below:
Step 2: Right click on the newly created application pool and select ‘Advanced Settings’, from the ‘Process Model’. Change the ‘Identity’ to the ‘Local System’ as shown below:
Step 3: To create a new Web Site, right click on Sites and ‘Add Web Site’ as shown below, for the newly created pool:
Step 4: Since the above site is used for SSL, we need to create a self signed certificate. Go to the root of the IIS (sites) and from the features view, select the ‘Server Certificate’ as shown below:
Then from the ‘Server Certificate’ right click and select ‘Create Self-Signed Certificate’ as shown below:
Finally, create the certificate as shown below:
Step 5: After creating the certificate, we need to configure it for HTTPS communication. To configure, right click on the new web site created and select ‘Edit Bindings’ and add the ‘https’ binding as below:
Now assign the self-signed certificate:
This completes the process of creating a web site with SSL.
Creating WCF Service with Custom Binding
In this series of steps, the WCF service is created and hosted in the IIS under the web site, created in the above steps.
Step 1: Open VS2010 and create a blank solution, name it as ‘SILV4_WCF_SSL’. To this solution, add a WCF service application and name it as ‘WCF_SampleService’.
Step 2: Rename IService1.cs to ‘IService.cs’ and ‘Service1.Svc’ to ‘Service.Svc’. Right-Click on ‘Service.Svc’ and select ‘View Markup’ and make the following changes.
<%@ ServiceHost Language="C#" Debug="true" Service="WCF_SampleService.Service" CodeBehind="Service.svc.cs" %>
Step 3: In the Web.Config file, write the following configuration:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="WCF_SampleService.Service" behaviorConfiguration="ServBehave">
<endpoint
address=""
binding="customBinding"
bindingConfiguration="custBind"
contract="WCF_SampleService.IService"/>
</service>
</services>
<bindings>
<customBinding>
<binding name="custBind">
<binaryMessageEncoding></binaryMessageEncoding>
<httpsTransport></httpsTransport>
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServBehave">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
The above file uses ‘Custom Binding’ with ‘HttpsTransport’. This enables secure and encrypted communication from the client application over SSL.
Step 4: Open ‘IService1.cs’ and write following ServiceContract, OperationContract and DataContract.
C#
using System.Runtime.Serialization;
using System.ServiceModel;
namespace WCF_SampleService
{
[ServiceContract]
public interface IService
{
[OperationContract]
clsPerson[] GetAllPerson();
}
[DataContract]
public class clsPerson
{
[DataMember]
public int PersonId { get; set; }
[DataMember]
public string PersonName { get; set; }
[DataMember]
public int Age { get; set; }
}
}
VB.NET (Converted Code)
Imports System.Runtime.Serialization
Imports System.ServiceModel
Namespace WCF_SampleService
<ServiceContract>
Public Interface IService
<OperationContract>
Function GetAllPerson() As clsPerson()
End Interface
<DataContract>
Public Class clsPerson
<DataMember>
Public Property PersonId() As Integer
<DataMember>
Public Property PersonName() As String
<DataMember>
Public Property Age() As Integer
End Class
End Namespace
Step 5: Implement the ‘IService’ interface in ‘Service’ class as below:
C#
namespace WCF_SampleService
{
public class Service: IService
{
public clsPerson[] GetAllPerson()
{
return new clsPerson[]
{
new clsPerson() {PersonId=101,PersonName="Tejas",Age=6},
new clsPerson() {PersonId=102,PersonName="Mahesh",Age=34},
new clsPerson() {PersonId=103,PersonName="Ramesh",Age=61},
new clsPerson() {PersonId=104,PersonName="Ram",Age=90},
};
}
}
}
VB.NET (Converted Code)
Namespace WCF_SampleService
Public Class Service
Implements IService
Public Function GetAllPerson() As clsPerson()
Return New clsPerson() { New clsPerson() With {.PersonId=101, .PersonName="Tejas", .Age=6}, New clsPerson() With {.PersonId=102, .PersonName="Mahesh", .Age=34}, New clsPerson() With {.PersonId=103, .PersonName="Ramesh", .Age=61}, New clsPerson() With {.PersonId=104, .PersonName="Ram", .Age=90} }
End Function
End Class
End Namespace
Step 6: Now the service needs to hosted on the Web Server (IIS). Right-click on the WCF service project and select the ‘Web’ tab and specify the web server as shown below:
Make sure that, you specify the machine name instead of ‘localHost’. This is important because the certificate will generate a warning if you use localhost and your application will not be able to communicate with the service. After clicking ‘Create Virtual Directory’, the virtual directory will be created under the web site.
Step 7: Go to IIS and select the virtual directory created, browse the Service.svc file the following result will be displayed:
Once you get the above result, it means that the service is successfully hosted using SSL.
Consuming the Secured WCF service in Silverlight 4.0 application
Step 1: In the same solution, add a new SL 4.0 application, name it as ‘SILV4_Client_SSL’.
Step 2: In the Silverlight application, right click on the ‘References’ and add the reference of the WCF service using the ‘https’ url as shown below:
The above screen-shots shows the certification security alert while adding reference.
Once the reference is added, the Silverlight project will have the auto generated ‘ServiceReferences.ClientConfig’ with custom binding as shwb below:
Note: Makes sure the endpoint address has the machine name instead of ‘localhost’.
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IService">
<binaryMessageEncoding />
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://mahesh-server.mithilla.com/WCF_SampleService_SSL/Service.svc"
binding="customBinding" bindingConfiguration="CustomBinding_IService"
contract="MyRef.IService" name="CustomBinding_IService" />
</client>
</system.serviceModel>
</configuration>
Step 3: Open MainPage.Xaml and write the following XAML:
<Grid x:Name="LayoutRoot" Background="White">
<TextBlock Height="48" HorizontalAlignment="Left" Margin="20,11,0,0" Name="textBlock1" Text="Personal Information" VerticalAlignment="Top" Width="356" TextAlignment="Center" FontSize="32" />
<sdk:DataGrid AutoGenerateColumns="True"
Height="215" HorizontalAlignment="Left"
Margin="21,63,0,0" Name="dgPerson" VerticalAlignment="Top" Width="364" />
<Button Content="Get Person Details" Height="32" HorizontalAlignment="Left" Margin="90,296,0,0" Name="brntGetPerson" VerticalAlignment="Top" Width="139" Click="brntGetPerson_Click" />
</Grid>
Step 4: In the ‘Get Person Details’ button click event, write the following code to make a call to the WCF service. This code will be successfully executed if the ‘ClientAccessPolicy.xml’ is on the root of the Web Site and the certificate is valid.
C#
private void brntGetPerson_Click(object sender, RoutedEventArgs e)
{
MyRef.ServiceClient proxy;
proxy = new MyRef.ServiceClient();
proxy.GetAllPersonCompleted += new EventHandler<MyRef.GetAllPersonCompletedEventArgs>(Proxy_GetAllPersonCompleted);
proxy.GetAllPersonAsync();
}
void Proxy_GetAllPersonCompleted(object sender, MyRef.GetAllPersonCompletedEventArgs e)
{
dgPerson.ItemsSource = e.Result;
}
VB.NET (Converted Code)
Private Sub brntGetPerson_Click(ByVal sender As Object, ByVal e As RoutedEventArgs)
Dim proxy As MyRef.ServiceClient
proxy = New MyRef.ServiceClient()
AddHandler proxy.GetAllPersonCompleted, AddressOf Proxy_GetAllPersonCompleted
proxy.GetAllPersonAsync()
End Sub
Private Sub Proxy_GetAllPersonCompleted(ByVal sender As Object, ByVal e As MyRef.GetAllPersonCompletedEventArgs)
dgPerson.ItemsSource = e.Result
End Sub
Step 5: Run the application, click on the ‘Get Person Details’ button and the following result should be displayed.
Conclusion: For the next-gen LOB application development, smooth secure communication over SSL can be an excellent proven mechanism.
The entire source code of this article can be downloaded over here
This article has been editorially reviewed by Suprotim Agarwal.
C# and .NET have been around for a very long time, but their constant growth means there’s always more to learn.
We at DotNetCurry are very excited to announce the The Absolutely Awesome Book on C# and .NET. This is a 500 pages concise technical eBook available in PDF, ePub (iPad), and Mobi (Kindle).
Organized around concepts, this eBook aims to provide a concise, yet solid foundation in C# and .NET, covering C# 6.0, C# 7.0 and .NET Core, with chapters on .NET Standard and the upcoming C# 8.0 too. Use these concepts to deepen your existing knowledge of C# and .NET, to have a solid grasp of the latest in C# and .NET OR to crack your next .NET Interview.
Click here to Explore the Table of Contents or Download Sample Chapters!
Was this article worth reading? Share it with fellow developers too. Thanks!
Mahesh Sabnis is a DotNetCurry author and Microsoft MVP having over 17 years of experience in IT education and development. He is a Microsoft Certified Trainer (MCT) since 2005 and has conducted various Corporate Training programs for .NET Technologies (all versions). Follow him on twitter @
maheshdotnet