How to secure WCF service

I have the follosinw wb.config. When I cand this service from ajax over http, it works. But when I try it over secure channel, it fails. What modifications should I do to this file?


<configuration>
  <system.webServer>
    <security>
      <requestFiltering>
        <requestLimits maxQueryString="20000">
          <headerLimits>
            <add header="Content-type" sizeLimit="20000" />
          </headerLimits>
        </requestLimits>
      </requestFiltering>
    </security>
    <modules runAllManagedModulesForAllRequests="true">
      <add name="ContentTypeHttpModule"
             type="ContentTypeHttpModule.ContentTypeHttpModule, ContentTypeHttpModule" />
    </modules>
  </system.webServer>
  <system.web>
    <httpRuntime maxQueryStringLength="20000" maxRequestLength="20000"/>
    <webServices>
      <protocols>
        <add name="HttpGet"/>
        <add name="HttpPost"/>
      </protocols>
    </webServices>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
      </assemblies>
    </compilation>
    <identity impersonate="false" />
    <authentication mode="Windows" />
  </system.web>
  <connectionStrings>
    
  </connectionStrings>

  <system.serviceModel>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
          <serviceAuthorization serviceAuthorizationManagerType="statevault.APIKeyAuthorization, statevault" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <standardEndpoints>
      <webHttpEndpoint>
        <standardEndpoint automaticFormatSelectionEnabled="true" helpEnabled="true" crossDomainScriptAccessEnabled="true" />
      </webHttpEndpoint>
    </standardEndpoints>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
</configuration>

Open in new window

adriandragomirescuAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

guveraCommented:
Hi,

 Step1: Install the WSE2.0 Service Pack.

Step2: Open a project (applies to both windows and web applications) and right click the solution file.

Step3: On Clicking on the WSE Settings2.0 window a popup properties windows as shown below will be displayed. Check the on "Enable the project for Web Services Enhancements" check box.

Step4: Steps 1 through step3 should be repeated for the project where the web service is hosted.

Step5: Now let's write a simple piece of code which accesses the web service method on which the WSE2.0 settings have been implemented.

Assuming we have a Web Service named Weatherservice already exists we write the following lines of code to access a method called GetTemperature ( ) in the project accessing the Weather web service.

Weatherservice wservice = new Weatherservice();
// Get the SoapContext object for the message
SoapContext context = wservice.RequestSoapContext;
// Instantiate a new UsernameToken object.
UsernameToken token = new UsernameToken (name,
Password, PasswordOption.SendNone);
// Add the token to the SoapContext.
context.Security.Tokens.Add(token);
// Generate a signature using the username token,
// and add the signature to the SoapContext.
context.Security.Elements.Add(new Signature(token));
try
{
// Call the Web method.
String temperature = service.GetTemperature();
}
catch(Exception ex)
{
// Error handling
}

Hope it may helpful to you.

Thanks
Guvera
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
SSL / HTTPS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.