I'm looking to have a WCF service hosted which will be accessed both by the website and by external applications. On my dev machine I am using WSHTTP binding with a self created X509 certificate. I think I read in another post that you did not have the facility to install an X509 certificate. Is that still the case? If so can you recommend any alternative methods to secure the WCF service? Thanks, Mark
Yes that is correct. Unfortunately our system simply cannot accommodate a custom certificate. However, since you are using HTTP binding for your WCF service, you can order a SSL for your account install it on our server and use a HTTP address https://www.mydomain.com. This will pass the connection through the SSL protocol, encrypting it, and protecting it from the Internet.
Thanks again for the quick reply. Would that work with the "RapidSSL" you advertise for $29.99? Thanks, Mark
Yes, but bear in mind the common name you use for the SSL may play an important role on the http address you use for the WCF. You may want to read up on SSL common name to get a thorough understanding on what you will need to do. http://www.enterprisessl.com/ssl-certificate-support/server_faq/ssl-server-certificate-common.html http://www.sslshopper.com/ssl-certificate-name-mismatch-error.html
Thanks for the links. I've had a read on the limitations of SSL common name and it all makes sense. I think the moral is just deciding on the best way to go before buying the certificate... Following your suggestions my intention was to use the SSL certificate to secure the WCF service (rather than pages from the main website). I was then anticipating authenticating the windows applications clients with Username and Password over https, probably with WSHTTP binding. (Perhaps not quite as elegant as using x509 certs but I think it should do the job.) Reading posts on the forum there seems to be a bit of confusion when dealing with subdomains, especially rewriting or redirecting etc. I'd like to keep things as simple as possible and I know that WCF generally likes things done quite explicitly especially when it comes to the address of service points. What do you think would be the simplest / cleanest way to set this up? eg something like: http://www.mydomain.com/mainwebsite -> contains all the pages for the main website https://www.mydomain.com/secureWCF -> contains the WCF service Or is there a more sensible way? (I'm assuming in the above that I would have the SSL certificate registered to www.mydomain.com) Also, on the dev machine I typically use a different port for the WCF service. Would I be right in thinking it would be restricted to port 80 here? Thanks, Mark
https://www.mydomain.com/secureWCF -> contains the WCF service This will actually be the cleanest way since their is really no redirecting involved. If you are hosting the web service then yes it will be limited to port 80. But if the web service is hosted some where else then you should be able to use any port you like since we do not block the ports for outgoing calls.
Well I think the best way for me to find out more is to sign up and start testing things out. It was the low costs that made me look here initially, but it was the responsiveness to my questions that made me feel confident enough to give it a go. Many thanks for all the help. ...Will no doubt be asking more questions soon....! Thanks, Mark
