[Last Call] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 878
  • Last Modified:

How to secure WCF service

I have the follosinw wb.config. When I cand this service from ajax over http, it works. But when I try it over secure channel, it fails. What modifications should I do to this file?

        <requestLimits maxQueryString="20000">
            <add header="Content-type" sizeLimit="20000" />
    <modules runAllManagedModulesForAllRequests="true">
      <add name="ContentTypeHttpModule"
             type="ContentTypeHttpModule.ContentTypeHttpModule, ContentTypeHttpModule" />
    <httpRuntime maxQueryStringLength="20000" maxRequestLength="20000"/>
        <add name="HttpGet"/>
        <add name="HttpPost"/>
    <compilation debug="true" targetFramework="4.0">
        <add assembly="System.Data.Entity, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
    <identity impersonate="false" />
    <authentication mode="Windows" />

          <serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
          <serviceAuthorization serviceAuthorizationManagerType="statevault.APIKeyAuthorization, statevault" />
        <standardEndpoint automaticFormatSelectionEnabled="true" helpEnabled="true" crossDomainScriptAccessEnabled="true" />
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Open in new window

  • 2
1 Solution

 Step1: Install the WSE2.0 Service Pack.

Step2: Open a project (applies to both windows and web applications) and right click the solution file.

Step3: On Clicking on the WSE Settings2.0 window a popup properties windows as shown below will be displayed. Check the on "Enable the project for Web Services Enhancements" check box.

Step4: Steps 1 through step3 should be repeated for the project where the web service is hosted.

Step5: Now let's write a simple piece of code which accesses the web service method on which the WSE2.0 settings have been implemented.

Assuming we have a Web Service named Weatherservice already exists we write the following lines of code to access a method called GetTemperature ( ) in the project accessing the Weather web service.

Weatherservice wservice = new Weatherservice();
// Get the SoapContext object for the message
SoapContext context = wservice.RequestSoapContext;
// Instantiate a new UsernameToken object.
UsernameToken token = new UsernameToken (name,
Password, PasswordOption.SendNone);
// Add the token to the SoapContext.
// Generate a signature using the username token,
// and add the signature to the SoapContext.
context.Security.Elements.Add(new Signature(token));
// Call the Web method.
String temperature = service.GetTemperature();
catch(Exception ex)
// Error handling

Hope it may helpful to you.


Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now