Geeks With Blogs
Vamsidhar Mamillapalli

Creating a self hosted WCF service with out any security credentials is plain and simple.This article explains how to create a self hosted WCF service with security mode set. (either transport or message).See more information on How to set security Mode.

Below steps explains how to create a self hosted WCF using HTTP S using security as "Transport" and Client Credential Type as "Basic".

Note: Below sample is written assuming both client and server are in same machine.

  1. Create and Install temporary certificates  for Message security.
    • As a First step, you need a self signed certificate. Create a Root certificate to sign the server certificate. Run VS command prompt as a administrator and follow below steps.
      • To Create a certificate (let say certificate name is "MyEmployeeCert"), In Command prompt execute below command to create a certificate.
        • makecert.exe -sk RootCertificateCA -sky signature -pe -n CN=EmployeeCertCA -r -sr LocalMachine -ss Root MyEmployeeCert.cer.
      • To create a server certificate,  In Command prompt execute below command to create a certificate.Let say server certificate name is "ServerEmployeeCert.cer"
        • makecert.exe -sk server -sky exchange -pe -n CN=EmployeeCertCA -ir LocalMachine -is Root -ic MyEmployeeCert.cer -sr LocalMachine -ss My ServerEmployeeCert.cer
    • Now you need to configure a  port (Let say 8585) with SSL certificate. For this execute the following command.
      • netsh http add urlacl url=https://+:8585/ user=EVERYONE
    • By Now, You created certificate and configured port. Now, you need to bind certificate with port. For this follow below steps.
      • Click Start and then click Run.
      • In the command line, type MMC and then click OK.
      • In the Microsoft Management Console, on the File menu, click Add/Remove Snap-in.
      • In the Add Remove Snap-in dialog box, click Add.
      • In the Add Standalone Snap-in dialog box, select Certificates and then click Add.
      • In the Certificates snap-in dialog box, select the Computer account radio button because the certificate needs to be made available to all users, and then click Next.
      • In the Select Computer dialog box, leave the default Local computer: (the computer this console is running on) selected and then click Finish.
      • In the Add Standalone Snap-in dialog box, click Close.
      • In the Add/Remove Snap-in dialog box, click OK.
      • In the left pane, expand the Certificates (Local Computer) node, and then expand the Personal folder.
      • Now, look for "EmployeeCertCA" and click on Open.
      • Click on details tab, and select thumb print. Copy that 20 byte value to notepad and remove all spaces.
      • Now got VS command prompt as administrator, and run 
      • netsh http add sslcert ipport=127.0.0.1:8545 certhash=<20 byte Value> appid=<GUID>
  2. Create a simple WCF service.
    • [ServiceContract]
      public interface IEmployee
      {
              [OperationContract]
              string GetTotalEmployees();

      }

      public class Employee : IEmployee
      {
              public string GetTotalEmployees()
              {
                  Console.WriteLine(ServiceSecurityContext.Current.PrimaryIdentity.Name);
                  return string.Format("Total Number of Employees are 10");
              }
      }

  3. Create a Console to Host WCF service. Add below things to your config file under <ServiceModel/>

      <system.serviceModel>
         <bindings>
           <wsHttpBinding>
             <binding name="MyWSHttpBinding">
               <security mode="Transport">
                 <transport clientCredentialType="Basic"/>
               </security>
             </binding>
           </wsHttpBinding>
         </bindings>
         <behaviors>
           <serviceBehaviors>
             <behavior>
               <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
               <serviceDebug includeExceptionDetailInFaults="False" />
               <serviceCredentials>
                 <serviceCertificate findValue="CN=EmplyeeCertCA" storeLocation="LocalMachine" storeName="My"
                                                                  
                                     x509FindType="FindBySubjectDistinguishedName" />
                 <clientCertificate>
                   <authentication certificateValidationMode="None" />
                 </clientCertificate>
               </serviceCredentials>
             </behavior>
           </serviceBehaviors>
         </behaviors>
         <services>
            <service name="EmployeeService.Employee">
             <endpoint address="" binding="wsHttpBinding"  bindingConfiguration="MyWSHttpBinding"
                       contract="EmployeeService.IEmployee">
               <identity>
                 <dns value="localhost"/>
               </identity>
             </endpoint>
             <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
             <host>
               <baseAddresses>
                 <add baseAddress="https://127.0.0.1:8545/Design_Time_Addresses/EmployeeService/Employee/"/>
               </baseAddresses>
             </host>
           </service>
         </services>
      </system.serviceModel>

  4. Create a Console to Host Client. Add below to your config file under <ServiceMOdel/>

    <system.serviceModel>
       <behaviors>
         <endpointBehaviors>
          <behavior name="WCFEmployeeBehavior">
             <clientCredentials>
               <clientCertificate storeLocation="LocalMachine" findValue="CN=EmployeeCertCA" storeName="My"/>
             </clientCredentials>
           </behavior>
         </endpointBehaviors>
       </behaviors>
        <bindings>
         <wsHttpBinding>
           <binding name="WSHttpBinding_IEmployee" >
             <security mode="Transport">
               <transport clientCredentialType="Certificate" />
             </security>
           </binding>
         </wsHttpBinding>
       </bindings>
       <client>
         <endpoint address="https://127.0.0.1:8545/Design_Time_Addresses/EmployeeService/Employee/"
                   binding="wsHttpBinding"
                   contract="EmployeeService.IEmployee"
                   bindingConfiguration="WSHttpBinding_IEmployee"
                   behaviorConfiguration="WCFEmployeeBehavior">
         </endpoint>
       </client>
    </system.serviceModel>

Posted on Thursday, April 25, 2013 7:22 PM WCF | Back to top


Comments on this post: Self Hosting WCF service using "Basic" Authentication

# re: Self Hosting WCF service using "Basic" Authentication
Requesting Gravatar...
Hey its very hard to understand.Is their any easy way?If that please post new Article about the easy way.Waiting for that.
______________
Lord Mortgage
Website:
Lord"s florida reverse mortgage
Florida.
Left by lordloans on Jul 05, 2015 10:06 PM

# re: Self Hosting WCF service using "Basic" Authentication
Requesting Gravatar...
When i run the last step:
(in my machine i had set up 8080 port with 20 byte certhash as 3ad668950437d3d6776e9c5e047df78c6b45c947.
The guid i obtained from an online generator and tried it with both hyphens and without but I'm getting an error "The parameters is incorrect".

Any idea?

netsh http add sslcert ipport=127.0.0.1:8545 certhash=3ad668950437d3d6776e9c5e047df78c6b45c947 appid=appid=b9c66770-be94-4d5c-97b3-21bc3c7f0620
Left by Arvind on Dec 29, 2015 2:45 PM

# re: Self Hosting WCF service using "Basic" Authentication
Requesting Gravatar...
NVM - the trick is to wrap the guid with curly braces.
Left by Arvind on Dec 29, 2015 2:47 PM

# re: Self Hosting WCF service using "Basic" Authentication
Requesting Gravatar...
Wow...!!! your given code is really work. I appreciate your work you did very good job. Thanks buddy. Dissertation Proofreading Service
Left by David Cyryl on May 24, 2017 1:50 PM

# re: Self Hosting WCF service using "Basic" Authentication
Requesting Gravatar...
for getting the code to work is to wrap the guid with curly braces. neymaar10 football
Left by Scott Will on Nov 03, 2017 3:12 PM

# re: Self Hosting WCF service using "Basic" Authentication
Requesting Gravatar...
Unfortunately I have determined (by analysing the WCF reference source code and the help of the Fiddler tool for HTTP session sniffing) that this is a bug in the WCF stack.

Khaleej Apps
Left by Roger on Mar 13, 2018 3:43 PM

# Dissertation Writers Online
Requesting Gravatar...
This case utilizes default endpoints, and no setup document is required for this administration. On the off chance that no endpoints are arranged, at that point, the runtime makes one endpoint for each base address for each service contract executed by the service.Dissertation Writers Online
Left by Glenn J. Davis on Apr 18, 2018 2:52 PM

Your comment:
 (will show your gravatar)


Copyright © Vamsidhar Mamillapalli | Powered by: GeeksWithBlogs.net