TCP and TLS/SSL over internet

Hi,

I am completely overwhelmed with the options available for WCF. What I am trying to figure out is if it is possible to host (either in a Windows service or under IIS) a WCF service using a TCP channel secured using TLS/SSL over the internet (i.e. no active directory). I am looking to encrypt the channel and authenticate the server, but do not require client authentication (i.e. clients are anonymous and should not require certificates). Is this possible? If so, can you recommend a resource describing how to set this up?

Thanks,
Zaphod.
LVL 7
Z_BeeblebroxAsked:
Who is Participating?
 
Z_BeeblebroxConnect With a Mentor Author Commented:
Hi Paranormastic,

Thanks for the links. I had already read most of them, but your last one (http://msdn.microsoft.com/en-us/magazine/cc163394.aspx) give me some hints that finally led me to the resources I need (unfortuately, I didn't find a single resource, I had to piece things together).

Based on that, and a day of trial and error, it seems it is possible to use SSL over TCP when hosting in a Windows service, but only using a custom binding, like the attached.

I am not totally convinced that this is the right way to do this, so I will leave this question open for a few days to see if someone can point out a built in way to do this, or if there is something wrong with it, otherwise I will award you the points.

Thanks,
Zaphod.


      <customBinding>
        <binding name="custom">
          <security authenticationMode="SecureConversation" >
            <secureConversationBootstrap authenticationMode="AnonymousForSslNegotiated" />
          </security>
          <binaryMessageEncoding/>
          <sslStreamSecurity/>
          <tcpTransport/>
        </binding>
      </customBinding>

Open in new window

0
 
ParanormasticCryptographic EngineerCommented:
IIS just set up regular SSL.  IIS will create the encrypted session and everything else should work just fine beneath that.  You wil need a commercial CA cert for that if you're dealing with the public - check out rapidssl, comodo, or godaddy.
here's a quick guide with some video links on setting that up in IIS7:
http://www.netometer.com/video/tutorials/iis7-godaddy-ssl-certificate/

If you're looking to do it as a service, it gets a little more complicated, but possible.  here are a few links to get you going in the right direction:
http://icoder.wordpress.com/2007/06/22/how-to-setup-a-wcf-service-using-basic-http-bindings-with-ssl-transport-level-security/
http://www.codeproject.com/KB/WCF/WCFSSL.aspx
http://msdn.microsoft.com/en-us/netframework/aa663324.aspx

0
 
Z_BeeblebroxAuthor Commented:
Hi Paranormastic,

Thanks for your response, however it looks like all your links use HTTP channels, and I am looking to use a TCP channel (i.e. netTcpBinding).

Zaphod.
0
 
ParanormasticConnect With a Mentor Cryptographic EngineerCommented:
Sorry about that.  Here's some MSDN stuff on that:
http://msdn.microsoft.com/en-us/library/system.servicemodel.nettcpbinding.aspx
and more generic info on binding with links to better info:
http://msdn.microsoft.com/en-us/library/ms731092.aspx

WCF security:
http://msdn.microsoft.com/en-us/library/ms731925.aspx
x509 (certs) and wcf:
http://blogs.msdn.com/suwatch/archive/2007/04/06/x509-and-wcxf-security.aspx
Transport security overview:
http://msdn.microsoft.com/en-us/library/ms729700(VS.85).aspx

a little more in depth for wcf bindings:
http://msdn.microsoft.com/en-us/magazine/cc163394.aspx

hope this helps you out better!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.