[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

TCP and TLS/SSL over internet

Posted on 2008-10-10
4
Medium Priority
?
1,566 Views
Last Modified: 2008-10-19
Hi,

I am completely overwhelmed with the options available for WCF. What I am trying to figure out is if it is possible to host (either in a Windows service or under IIS) a WCF service using a TCP channel secured using TLS/SSL over the internet (i.e. no active directory). I am looking to encrypt the channel and authenticate the server, but do not require client authentication (i.e. clients are anonymous and should not require certificates). Is this possible? If so, can you recommend a resource describing how to set this up?

Thanks,
Zaphod.
0
Comment
Question by:Z_Beeblebrox
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Paranormastic
ID: 22689205
IIS just set up regular SSL.  IIS will create the encrypted session and everything else should work just fine beneath that.  You wil need a commercial CA cert for that if you're dealing with the public - check out rapidssl, comodo, or godaddy.
here's a quick guide with some video links on setting that up in IIS7:
http://www.netometer.com/video/tutorials/iis7-godaddy-ssl-certificate/

If you're looking to do it as a service, it gets a little more complicated, but possible.  here are a few links to get you going in the right direction:
http://icoder.wordpress.com/2007/06/22/how-to-setup-a-wcf-service-using-basic-http-bindings-with-ssl-transport-level-security/
http://www.codeproject.com/KB/WCF/WCFSSL.aspx
http://msdn.microsoft.com/en-us/netframework/aa663324.aspx

0
 
LVL 7

Author Comment

by:Z_Beeblebrox
ID: 22689579
Hi Paranormastic,

Thanks for your response, however it looks like all your links use HTTP channels, and I am looking to use a TCP channel (i.e. netTcpBinding).

Zaphod.
0
 
LVL 31

Assisted Solution

by:Paranormastic
Paranormastic earned 2000 total points
ID: 22689763
Sorry about that.  Here's some MSDN stuff on that:
http://msdn.microsoft.com/en-us/library/system.servicemodel.nettcpbinding.aspx
and more generic info on binding with links to better info:
http://msdn.microsoft.com/en-us/library/ms731092.aspx

WCF security:
http://msdn.microsoft.com/en-us/library/ms731925.aspx
x509 (certs) and wcf:
http://blogs.msdn.com/suwatch/archive/2007/04/06/x509-and-wcxf-security.aspx
Transport security overview:
http://msdn.microsoft.com/en-us/library/ms729700(VS.85).aspx

a little more in depth for wcf bindings:
http://msdn.microsoft.com/en-us/magazine/cc163394.aspx

hope this helps you out better!
0
 
LVL 7

Accepted Solution

by:
Z_Beeblebrox earned 0 total points
ID: 22690684
Hi Paranormastic,

Thanks for the links. I had already read most of them, but your last one (http://msdn.microsoft.com/en-us/magazine/cc163394.aspx) give me some hints that finally led me to the resources I need (unfortuately, I didn't find a single resource, I had to piece things together).

Based on that, and a day of trial and error, it seems it is possible to use SSL over TCP when hosting in a Windows service, but only using a custom binding, like the attached.

I am not totally convinced that this is the right way to do this, so I will leave this question open for a few days to see if someone can point out a built in way to do this, or if there is something wrong with it, otherwise I will award you the points.

Thanks,
Zaphod.


      <customBinding>
        <binding name="custom">
          <security authenticationMode="SecureConversation" >
            <secureConversationBootstrap authenticationMode="AnonymousForSslNegotiated" />
          </security>
          <binaryMessageEncoding/>
          <sslStreamSecurity/>
          <tcpTransport/>
        </binding>
      </customBinding>

Open in new window

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While working on Silverlight and WCF application, I faced one issue where fault exception occurred at WCF operation contract is not getting propagated to Silverlight client. So after searching net I came to know that it was behavior by default for s…
Here I am going to explain creating proxies at runtime for WCF Service. So basically we use to generate proxies using Add Service Reference and then giving the Url of the WCF service then generate proxy files at client side. Ok, what if something ge…
Video by: ITPro.TV
In this episode Don builds upon the troubleshooting techniques by demonstrating how to properly monitor a vSphere deployment to detect problems before they occur. He begins the show using tools found within the vSphere suite as ends the show demonst…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question