Https with BasicHTTPBinding - Note to Self

So if you are looking to implement SSL using basicHttpBinding for your WCF service, look no further. Here is your config file settings

The modified basicHttpBindinging to allow security mode = Transport

                <binding name="defaultBasicHttpBinding">
                    <security mode="Transport">
                        <transport clientCredentialType="None"/>

which corresponds to your end point.

            <service behaviorConfiguration="MyServiceBehavior"
                <endpoint address=""


                            contract="Axis.IServiceContract" />    

and the httpsGetEnabled

                <behavior name="MyServiceBehavior">
                    <serviceMetadata httpsGetEnabled="true"/>
                    <serviceDebug includeExceptionDetailInFaults="false"/>

and last but not least, if hosting in IIS, here is the key for custom factory. Details about how to do this part can be found on the MSDN article "Deploying an Internet Information Services-Hosted WCF Service" referenced below.

        <add key="CustomIISServiceHostEndPoint" value="/>

and you should be all set. Got any questions, email me.

Helpful Links

Inside the Standard Bindings: BasicHttp

WCF-basicHttp receive location


WCF Endpoints

Securing your Web Service

Deploying an Internet Information Services-Hosted WCF Service

Custom Service Host


4 thoughts on “Https with BasicHTTPBinding - Note to Self

  1. Because my service requires streaming to be enabled, I have to use basicHttpBinding and Transport level security (right?); further to that, the method contained in my service can only accept a Stream object. Taking those constraints into consideration along with my preference to use username/password validation... How should I modify my service's config file to force username/password credentials to be supplied?
    How will my service validate the supplied credentials?
    How will my client application pass credentials the service when making a call?
    Will this require using SSL and, if so, will all client machines require a certificate as well?

  2. 'd like to avoid adding certificates to client machines since the users of the application change often. I'd like to implement the username/password method you mentioned but I'm not sure how I would transmit those values to the actual service. The method being exposed by the service has streaming enabled so I wouldn't be able to pass those values as parameters (due to the method signature restrictions in place for a streaming-enabled service); can you recommend a method for passing a un/pw combo to the service and authenticating from within the service?

Comments are closed.