WCF Binding Configuration with a Certificate

I recently had my first encounter with setting up a WCF service and had to set up WCF Binding Configuration with a Certificate to an already configured end point.  So mainly for my knowledge I thought it would be a good idea to document some notable pieces while it’s fresh in my mind.  Setting up the binding and endpoint configurations with using a certificate took a little bit of trial and error but is not too bad to understand.

The configuration for the WCF service goes in the web.config.  The first part we will look at is the <endpoint>.

Here is a sample endpoint.

<endpoint address="http://localhost:8001/Service/service.svc"
      binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
      contract=" ServiceIntegration.IService1" name="ServiceIntegration"
      behaviorConfiguration="CustomBehavior" />

Each endpoint consists of four main properties:

  • An address that indicates where the endpoint can be found.
  • A binding that specifies how a client can communicate with the endpoint.
  • A contract that identifies the operations available.
  • A set of behaviors that specify local implementation details of the endpoint.

The next part of the configuration is the binding attribute.  This will correspond to the WSHttpBinding_IService1 above denoting that it will use this specific binding.

<bindings>
  <wsHttpBinding>
    <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
        <message clientCredentialType="None" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

This properties within are pretty straight forward.  The part I want to bring your attention to is the <security> properties.  Since we have to use our installed certificate as our accessor into the endpoint we have to define how to send and what to send.  Here we pick transport designating that security is being provided by using a secure transport (example, HTTPS).

Finally, we are going to create our CustomBehavior.  It is important here to input the exact name of your certificate so the services knows what certificate to use.

<behaviors>
  <endpointBehaviors>
    <behavior name=" CustomBehavior ">
      <clientCredentials>
        <clientCertificate findValue="certificate.not.real.com" x509FindType="FindBySubjectName" />
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

There are many other properties and values that can be used but I found that this method worked for my purpose.  If you have a better way or a different way of going about this I would love to hear it.