Search code examples
wcfsslwebsocket

WCF WebSocket Service needs to be secure TLS/SSL WSS

We have an existing WCF Web Service used for WebSockets. We distribute our solution to our customers who host the application in IIS. I have been tasked to make the service work with port 443 (WSS/HTTPS). I have tried updating the Web.Config of the customBinding to use httpsTransport, but I haven't been able to connect successfully to the service using wss://. I have uploaded a simplified sample of our application to https://github.com/kevmoens/WcfWebSocketService which uses ws://.

Here is the Web.Config updated to try to use httpsTransport

<?xml version="1.0"?>
<configuration>
  <appSettings>
    <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
  </appSettings>
  <system.web>
    <compilation debug="true" targetFramework="4.6.2" />
    <httpRuntime targetFramework="4.6.2"/>
  </system.web>
  <system.serviceModel>
    <services>
      <service name="WcfWebSocketService.ConnectService"
               behaviorConfiguration="WcfWebSocketService.ConnectService">
        <endpoint address=""
                  binding="customBinding"
                  bindingConfiguration="webSocket"
                  contract="WcfWebSocketService.IConnectService"/>
      </service>
    </services>
    <bindings>
      <customBinding>
        <binding name="webSocket">
          <byteStreamMessageEncoding />
          <httpsTransport>
            <webSocketSettings transportUsage="Always"
                               createNotificationOnConnection="true"
                               />
          </httpsTransport>
        </binding>
      </customBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WcfWebSocketService.ConnectService">
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
  </system.serviceModel>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>
</configuration>

Here is a sample client that works if I change it to use WS://.

<!doctype html>
<html>
<head>
    <meta content="text/html;charset=utf-8" http-equiv="Content-Type" />
    <meta content="utf-8" http-equiv="encoding" />
    <meta name="viewport" content="width=device-width, initial-scale=0.5, maximum-scale=0.5, user-scalable=0" />
    <meta name="apple-mobile-web-app-capable" content="yes" />
    <meta name="apple-mobile-web-app-status-bar-style" content="black" />
    <title>Web Socket Demo</title>
    <style type="text/css">
        * { margin: 0; padding: 0; box-sizing: border-box; }
        body { font: 13px Helvetica, Arial; }
        form { background: #000; padding: 3px; position: fixed; bottom: 0; width: 100%; }
        form input { border: 0; padding: 10px; width: 90%; margin-right: .5%; }
        form button { width: 9%; background: rgb(130, 200, 255); border: none; padding: 10px; }
        #messages { list-style-type: none; margin: 0; padding: 0; }
        #messages li { padding: 5px 10px; }
        #messages li:nth-child(odd) { background: #eee; }
    </style>
</head>
<body>
    <ul id="messages"></ul>
    <form action="">
    <input id="txtBox" autocomplete="off" /><button>Send</button>
    </form>

    <script type="text/javascript" src="https://code.jquery.com/jquery-1.11.1.js" ></script>
    <script type="text/javascript">

        var CONNECTION;

        window.onload = function () {
            // open the connection to the Web Socket server
            CONNECTION = new WebSocket('wss://localhost:51462/ConnectService.svc');


            // When the connection is open
            CONNECTION.onopen = function () {
                $('#messages').append($('<li>').text('Connection opened'));
            };

            // when the connection is closed by the server
            CONNECTION.onclose = function () {
                $('#messages').append($('<li>').text('Connection closed'));
            };

            // Log errors
            CONNECTION.onerror = function (e) {
                console.log('An error occured');
            };

            // Log messages from the server
            CONNECTION.onmessage = function (e) {
                $('#messages').append($('<li>').text(e.data));
            };
        };
        
        // when we press the Send button, send the text to the server
        $('form').submit(function(){
            CONNECTION.send($('#txtBox').val());
            $('#txtBox').val('');
            return false;
        });
        
    </script>
</body>
</html>
Solution

  • I found that the client would not work with localhost when working with IIS and Require SSL. I was correct on the assumption that the httpTransport needed to change to httpsTransport. Also I didn't need to add anything in the Web.Config about the certificate as it inherits the certificate from IIS.

    CLIENT

    Before

     CONNECTION = new WebSocket('wss://localhost/ConnectService.svc');

    After

     CONNECTION = new WebSocket('wss://<MACHINENAME>/ConnectService.svc');

    WEB.CONFIG

    Before

              <httpTransport>
            <webSocketSettings transportUsage="Always"
                               createNotificationOnConnection="true"
                               />
          </httpTransport>

    After

              <httpsTransport>
            <webSocketSettings transportUsage="Always"
                               createNotificationOnConnection="true"
                               />
          </httpsTransport>