0

I have two versions of the same proof-of-concept site: The unsecure version:

http://www.tlsadmin.com/tlsadmin/PortalHome.aspx

and the secure version:

https://www.tlsadmin.com/tlsadmin/PortalHome.aspx

The problem I have is that my WCF-Based web services don't seem to work under HTTPS. Is there something I'm missing, or not understanding about this? I thought a relative URL for the SVC file would cover everything

<asp:ScriptManager ID="ScriptManager1" runat="server" >
    <Services>
        <asp:ServiceReference Path="~/Services/Contacts.svc" />
        <asp:ServiceReference Path="~/Services/Domains.svc" />
        <asp:ServiceReference Path="~/Services/TreeViewNavigation.asmx" />
        <asp:ServiceReference Path="/Services/FullSoaSchedulerService.svc/json" />
    </Services>
</asp:ScriptManager>

Perhaps I need to add an additional binding for the webservice to work over HTTPS?

<service name="LC.www.nexthop.mx.POC.grid_WebService.Domains">
        <endpoint address="" behaviorConfiguration="LC.www.nexthop.mx.POC.grid_WebService.DomainsAspNetAjaxBehavior"
          binding="webHttpBinding" contract="LC.www.nexthop.mx.POC.grid_WebService.Domains" />
      </service>
makerofthings7
  • 60,103
  • 53
  • 215
  • 448

1 Answers1

1

You want to add a custom binding to your configuration to enable it for HTTPS by setting your binding's security mode to transport.

 <bindings>
   <webHttpBinding>
     <binding name="httpsBinding">
       <security mode="Transport">
       </security>
     </binding>
   </webHttpBinding>
 </bindings>

The default security mode is None which doesn't play well with HTTPS.

Then assign that binding to your endpoint:

<service name="LC.www.nexthop.mx.POC.grid_WebService.Domains">
        <endpoint address="" behaviorConfiguration="LC.www.nexthop.mx.POC.grid_WebService.DomainsAspNetAjaxBehavior"
          binding="webHttpBinding" bindingConfiguration="httpsBinding" contract="LC.www.nexthop.mx.POC.grid_WebService.Domains" />
</service>

This blog post helped me out when I first ran into this situation.

Hope this helps!!

David Hoerster
  • 28,421
  • 8
  • 67
  • 102
  • Glad it worked for you. Yeah, that stumped me at first, too. I wish it wasn't so unintuitive (it wasn't intuitive at all for me :) ). The thing to keep in mind is that your development environment may not be HTTPS, so you'll need to change that security mode for DEV. I have a build process that handles that (no security for DEV, Transport for QA/PROD). – David Hoerster Aug 21 '10 at 02:42
  • wht if, I want to make this in both SSL and Non-SSL – Sreekumar P Mar 15 '13 at 08:46