Sunday, June 3, 2012

Requiring SSL over HTTP WCF with an upstream proxy

Its a common problem with WCF services that you have a deployment infrastructure that will strip the SSL before the traffic arrives at your service.  This is so the site only needs one certificate but can still use a farm of servers to respond to requests. A proxy or firewall holds the certificate and strips the SSL out before forwarding traffic onto the server farm. There are reasons why you may still require specifying TransportEncryption (SSL) in your service config.  When you do the service will fail because SSL is expected but traffic received is not encrypted.

To fix this problem Michelle Leroux Bustamate of IDesign has provided a solution here.

There is also a hot-fix published by Microsoft, that adds the enableUnsecuredResponse attribute and this is reputed to solve the issue as well.  Although I haven't personally tried it.

No comments:

Post a Comment