Niraj Bhatt – Architect's Blog

Ruminations on .NET, Architecture & Design

Securing WCF Compression via HTTPS

I had blogged some time earlier about making GZipCompression work for large messages over WCF. Though GZipCompression reduces the overall size of message, message per se is vulnerable from security perspective. To encrypt this message transfer via HTTPS you need to follow below steps:

1) Change BindingElement from httpTransport to httpsTransport

<gzipMessageEncoding innerMessageEncoding=”textMessageEncoding” />

<httpsTransport … />

2) Now you need to enable support in IIS 7 by adding a Binding for https as shown below:


(Note the above would require a certificate. Easiest way in which you can create it in IIS 7 is by clicking on root computer name and then going to Server Certificates in features view, edit it, to create a self signed certificate for development environment. If you are on IIS 6 you can refer to Step 5 below).

3) Repeat Step 1 for client’s app.config

4) Ensure that all service URLs are https in app.config

5) To create a dummy certificate (for development environment) open VS.NET command prompt & key in :
a) makecert -pe -sr CurrentUser -ss My -n CN=YourCertificateNameHere -sky exchange (Certificate will be created in Current User’s personal store. For more options on certificate generation click here.)
b) certmgr : This will open the Current User’s certificate store. Go to Personal & select the certificate you created in previous command & right click it -> All Tasks -> Export -> Select Private Key (.pfx) -> Enter your password -> select the physical path for export -> Finish.
You are ready to move around with certificate you just created (N.B. not selecting to export the private key will give you a public certificate with .cer extension)

6) Your certificate name has to match the machine name or you can change system32/drivers/etc/hosts to make bind to certificate name. This is required because a self signed certificate is not trusted by default.

One response to “Securing WCF Compression via HTTPS

  1. Pingback: Username Authentication over HTTPS with WCF’s ChannelFactory Interface « Niraj Bhatt – Architect’s Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: