Still no support for HTTPS?

Topics: Web Api
Apr 18, 2011 at 1:06 PM

Lack of support for SSL remains a primary issue for those of us considering using this for production. What's the hold up on this?

Apr 18, 2011 at 8:29 PM

Not that it's the official thread, but a few of us posted similarly this week here.  Might be good to consolidate thoughts/discussion in one place.

Coordinator
Apr 19, 2011 at 12:29 AM

We actually do support HTTPs, that item in the release notes was wrong / left over from the previous notes :-)

To do this now you need to able transport security on the HttpBinding. If you look on the HttpBinding and on HttpEndpoint you will see a property called Security of type HttpBindingSecurity. It exposes on it a mode property which needs to be set to "Transport". If you are in self-host, you will grab the bindiing to set transport security.

First, I think we need to make setting this easier by maybe surfacing it into the config class.

Second, the easiest way to do this with today's bits and to still work with routes/IIS is to derive from HttpConfigurableServiceHostFactory and create your own factory (HttpsConfigurableServiceHostFactory). In the CreateServiceHost method, call to the base and grab the host, then get the endpoint and set the properties. 

Glenn

Apr 19, 2011 at 2:12 AM

Great.  Thanks for setting the record straight, Glenn!

Coordinator
Apr 19, 2011 at 11:27 AM
Edited Apr 19, 2011 at 11:35 AM

David, I committed a change to configuration in our experimental branch that will make it easy to set the endpoint. If you grab it from that branch, you can now set things on the endpoint using the ConfigureEndpoint method. To use it you have to call the BuildAdvanced method as below.

var builder = HttpHostConfigurationBuilder.BuildAdvanced().
  ConfigureEndpoint(e=>e.Security.Mode = HttpBindingSecurityMode.Transport);

ConfigureEndpoint passes in the endpoint, so you can set additional settings as well.

Apr 23, 2011 at 10:27 PM
gblock wrote:

David, I committed a change to configuration in our experimental branch that will make it easy to set the endpoint. If you grab it from that branch, you can now set things on the endpoint using the ConfigureEndpoint method. To use it you have to call the BuildAdvanced method as below.

var builder = HttpHostConfigurationBuilder.BuildAdvanced().
  ConfigureEndpoint(e=>e.Security.Mode = HttpBindingSecurityMode.Transport);

ConfigureEndpoint passes in the endpoint, so you can set additional settings as well.


Thank you, Glenn.

I'm currently running IIS with both HTTP and HTTPS bindings.  I'd like the WCF services to only be accessible via HTTPS.  When I attempt to access the service over HTTPS, I get the following exception:

	The provided URI scheme 'http' is invalid; expected 'https'.

I was able to work around this issue temporarily by disabling the HTTP binding in IIS. I'm guessing I'm getting this exception because I need to programatically set multipleSiteBindingsEnabled to false. Is this correct?

Thank you for your help!

Apr 28, 2011 at 6:51 PM
Edited Apr 28, 2011 at 6:54 PM

Did you get an answer for this issue.  I was having success with a self hosted environment but am not having success with being hosted in IIS.

 

Edit: nevermind I was debugging in Visual Studio under http.  My fault.

Apr 29, 2011 at 10:10 PM
ddanie1 wrote:

Did you get an answer for this issue.  I was having success with a self hosted environment but am not having success with being hosted in IIS.

 

Edit: nevermind I was debugging in Visual Studio under http.  My fault.


No answer yet.