All geek questions in one place

Can I host an HTTPS service in WCF on my own without certificate storage and without using netsh http add sslcert?

I am trying to host a service that serves basic web content (HTML, javascript, json) using WebHttpBinding with minimal administrator involvement.

So far, I have been successful, only the required administrator privileges are during installation (register an email address for the service account and create the service). However, now I am facing SSL issues. Ideally, I would like to maintain a certificate outside of the Windows certificate store. I found this article - http://www.codeproject.com/KB/WCF/wcfcertificates.aspx - it looks like you can specify a certificate on the service node, however, while navigating in the browser to https: // localhost / Dev / MyService results in 404.

[ServiceContract] public interface IWhoAmIService { [OperationContract] [WebInvoke( Method = "GET", UriTemplate = "/")] Stream WhoAmI(); } public class WhoAmIService : IWhoAmIService { public Stream WhoAmI() { string html = "<html><head><title>Hello, world!</title></head><body><p>Hello from {0}</p></body></html>"; html = string.Format(html, WindowsIdentity.GetCurrent().Name); WebOperationContext.Current.OutgoingResponse.ContentType = "text/html"; return new MemoryStream(Encoding.UTF8.GetBytes(html)); } } static void Main(string[] args) { ServiceHost host = new ServiceHost(typeof(WhoAmIService), new Uri("https://localhost:443/Dev/WhoAmI")); host.Credentials.ServiceCertificate.Certificate = new X509Certificate2(@"D:\dev\Server.pfx", "private"); WebHttpBehavior behvior = new WebHttpBehavior(); behvior.DefaultBodyStyle = WebMessageBodyStyle.Bare; behvior.DefaultOutgoingResponseFormat = WebMessageFormat.Json; behvior.AutomaticFormatSelectionEnabled = false; WebHttpBinding secureBinding = new WebHttpBinding(); secureBinding.Security.Mode = WebHttpSecurityMode.Transport; secureBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None; ServiceEndpoint secureEndpoint = host.AddServiceEndpoint(typeof(IWhoAmIService), secureBinding, ""); secureEndpoint.Behaviors.Add(behvior); host.Open(); Console.WriteLine("Press enter to exit..."); Console.ReadLine(); host.Close(); }

If I change my binding to none and the base uri to start with http, it serves everything ok. This message appears to indicate the need for an additional command to register the certificate using the port with netsh (http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/6907d765-7d4c-48e8 -9e29- 3ac5b4b9c405 /). When I try to do this, it fails with some obscure error (1312).

 C:\Windows\system32>netsh http add sslcert ipport=0.0.0.0:443 certhash=0b740a29f 29f2cc795bf4f8730b83f303f26a6d5 appid={00112233-4455-6677-8899-AABBCCDDEEFF} SSL Certificate add failed, Error: 1312 A specified logon session does not exist. It may already have been terminated.

How can I host this service using HTTPS without a Windows certificate store?

+4
source share
1 answer

It's impossible. HTTPS is provided at the OS level (http.sys kernel driver) - this is the same as providing HTTP redundancy and OS level requirements in the certificate store. You must use netsh to assign a certificate to the selected port and allow access to the private key.

This article uses certificates from files because it does not use HTTPS. It uses message protection, and message security is not possible (unless you are developing your own incompatible) with REST and webHttpBinding services.

The only way to make this work with HTTPS is to not use the HTTP http-specific built-in processing = you will either have to implement all HTTP yourself, or prepare a new HTTP channel for WCF, or you will have to find such an implementation.

+7
source

Source: https://habr.com/ru/post/1387690/

More articles:


All Articles