I have a application that consumes a WCF web service.
I have it cofigured to use a https binding. It works fine. I also wanted to add a HTTP binding to the same.
My requirement is if my client is on my domain (or on VPN) i need them to use the HTTP binding. and if they are external clients I want them to use HTTPS binding. How can I go about doing that? I am very new to WCF and this is my first try on it.
I have attached my Config File for reference. I did not know where to add the end point for the HTTP binding. Any help would be appriciated.
<system.serviceModel>
<services>
<service name="{service name}"
behaviorConfiguration="httpsBehavior">
<!--HTTPS END POINT-->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="SecureHTTPBinding"
contract="{service contract}" />
<!--METADATA ENDPOINT-->
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="httpsBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="" />
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="httpBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<!--HTTPS BINDING-->
<binding name="SecureHTTPBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
<!--HTTP BINDING-->
<binding name="BasicHttpBinding">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
EDIT : Adding netTCP Binding
<system.serviceModel>
<services>
<service name="{Service Name}"
behaviorConfiguration="httpsBehavior">
<!--HTTPS END POINT-->
<endpoint address="https://localhost/Service1.svc"
binding="basicHttpBinding"
bindingConfiguration="SecureHTTPBinding"
contract="{Service Contract}" name="httpsEndPoint"/>
<!--METADATA ENDPOINT-->
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
<!--HTTP END POINT-->
<endpoint address="http://localhost/Service1.svc"
binding="basicHttpBinding"
bindingConfiguration="HttpBinding"
contract="{Service Contract}" name="httpsEndPoint"/>
<!--TCP METATADATA END POINT-->
<endpoint address="mextcp" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:808/Service1.svc" />
</baseAddresses>
</host>
<!--TCP ENDPOIN-->
<endpoint address="net.tcp://localhost:808/Service1.svc" binding="netTcpBinding" contract="{Service Contract}" name="netTCPEndPoint" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="httpsBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<!--HTTPS BINDING-->
<binding name="SecureHTTPBinding" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
<!--HTTP BINDING-->
<binding name="HttpBinding" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
<security mode="None" />
</binding>
</basicHttpBinding>
<!--TCP BINDING-->
<netTcpBinding>
<binding transferMode="Buffered" />
</netTcpBinding>
</bindings>
I am aware of the the possible Dos attacks wrt to the numbers in the code and I would work around it. For now just wanted to get it working. When I use this config file I run into error that says
Could not find a base address that matches the scheme net.tcp for the endpoint MetadataExchageTcpBinding. Registered base addresses are [http,https]
Can some one help me expose a net.tcp binding for my service. Any help would be appriciated
Use netTcpBinding for your domain clients. Your network firewall will almost certainly block raw TCP traffic by default while letting in HTTP traffic, so it will naturally ensure that each client goes to the appropriate endpoint. You may very well get an extra performance boost for domain clients into the bargain.
If you don't want to do that (e.g. your WCF host doesn't support it, or you have problems with VPN clients), then just expose one HTTPS endpoint for all clients regardless of location. The cost of SSL will be trivial compared to the overhead of doing a cross-network call in the first place.
Background:
netTcpBinding transmits data in a compact binary format, which is more efficient than sending XML text over HTTP. The downsides are: it is not compatible with non-.NET clients, and you have to open specific ports on the firewall to let it through. Neither of those issues will be a problem for your scenario though.