Hi,

We have to expose a BizTalk WCF Service over SSL with schema. I have done this with out SSL. It is working fine. Now, I have add SSL to this WCF service.

Please let me know how to do this.

Regards,

Venkat.

 

Hi,

There are a lot of descriptions on the internet on how to do this. See for example here, here, here and here.

Does this help?

 

Thanks for your response Randal.

I successfully completed to configure BizTalk WCF Web Service over SSL. This folowing link helps me a lot while doing this. http://rocksolidknowledge.com/Screencasts.mvc/Watch?video=WCFSSL.wmv  - It talks about configuration of WCF Service over SSL.

The following are the steps for BizTalk WCF Web Service over SSL

1. Expose a BizTalk WCF Web Service using BizTalk WCF Service Publishing Wizard tool.

2. Changes required in Web.Config of WCF Web Service.

    Go to the web.config file by navigating from WCF Web Service in IIS.

       a. Configure BizTalk Receive Location

<receiveLocationMappings>

<add markupFileName="AcountDataService.svc"

receiveLocationName="WcfService_BizTalkAccountDataWcfService/AcountDataService"

publicBaseAddress=https://<<MachineName>>:9090/ />

</receiveLocationMappings>

       b. HttpsGetEnable should be true

<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />

         c. Enable HttpsMexendpoint

<endpoint name="HttpsMexEndpoint" address="mex" binding="mexHttpsBinding" bindingConfiguration="" contract="IMetadataExchange" />

3. Changes required in BizTalk ReceiveLocation configuration.

     Go to the Biztalk ReceiveLocation that will be created by Wizard in first step.

     Click on the configuration button (here transport type may be WCF-BasicHttp or WCF-WSHttp).Next Click on Security tab of Transport Property, then change the below configuration.

     Security Mode : Transport

     Transport clint credential type : None

4. Changes required in IIS

   A. Set the Application Pool for the WCF Web Service.

       Select your WCF Web Service from IIS and click on Advanced Settings from Action pane. Create a new application pool and select here, otherwise you can give BAMAppPool temporarly.

          ApplicationPool – BAMAppPool (example)

   B. Create a Self signed Certificate

       I. Go to IIS and click on the Top node then Click on the Server Certificates from central panel.

       II. Click on the Create a Self Signed Certificate from Action panel.

       III. Enter the name and click ok.

   C. Add https with port and certificate.

       I. Select Default Web Sites in IIS then click on bindings option from Actions panel (it will be right panel of the IIS).

       II. Click on the Add button on Site Bindings pop up.

          III. Select following setting on Add site bindings.

          Type : Https

          Port: 9090 (Use the same port what you used in web.config – look at the2.a section above)

         SSL Certificate: Select a certificate you created in 4.a section above.

       D. Enable SSL for you WCF web Service.

                I. Click on your WCF Web Service inside IIS.

                II. Then Click on SSL Settings from central panel. Next Check the SSL Required checkbox and Select the Accept radio button for Clint Certificates.      

 5.  Restart the IIS and enable the BizTalk ReceiveLocation then try to browse the URL . It will show the WSDL file without an error.

 

• Marked as answer by Munaga Venkat Wednesday, September 29, 2010 9:04 AM

Thanks for your response Randal.

I successfully completed to configure BizTalk WCF Web Service over SSL. This folowing link helps me a lot while doing this. http://rocksolidknowledge.com/Screencasts.mvc/Watch?video=WCFSSL.wmv  - It talks about configuration of WCF Service over SSL.

The following are the steps for BizTalk WCF Web Service over SSL

1. Expose a BizTalk WCF Web Service using BizTalk WCF Service Publishing Wizard tool.

2. Changes required in Web.Config of WCF Web Service.

    Go to the web.config file by navigating from WCF Web Service in IIS.

       a. Configure BizTalk Receive Location

<receiveLocationMappings>

<add markupFileName="AcountDataService.svc"

receiveLocationName="WcfService_BizTalkAccountDataWcfService/AcountDataService"

publicBaseAddress=https://<<MachineName>>:9090/ />

</receiveLocationMappings>

       b. HttpsGetEnable should be true

<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />

         c. Enable HttpsMexendpoint

<endpoint name="HttpsMexEndpoint" address="mex" binding="mexHttpsBinding" bindingConfiguration="" contract="IMetadataExchange" />

3. Changes required in BizTalk ReceiveLocation configuration.

     Go to the Biztalk ReceiveLocation that will be created by Wizard in first step.

     Click on the configuration button (here transport type may be WCF-BasicHttp or WCF-WSHttp).Next Click on Security tab of Transport Property, then change the below configuration.

     Security Mode : Transport

     Transport clint credential type : None

4. Changes required in IIS

   A. Set the Application Pool for the WCF Web Service.

       Select your WCF Web Service from IIS and click on Advanced Settings from Action pane. Create a new application pool and select here, otherwise you can give BAMAppPool temporarly.

          ApplicationPool – BAMAppPool (example)

   B. Create a Self signed Certificate

       I. Go to IIS and click on the Top node then Click on the Server Certificates from central panel.

       II. Click on the Create a Self Signed Certificate from Action panel.

       III. Enter the name and click ok.

   C. Add https with port and certificate.

       I. Select Default Web Sites in IIS then click on bindings option from Actions panel (it will be right panel of the IIS).

       II. Click on the Add button on Site Bindings pop up.

          III. Select following setting on Add site bindings.

          Type : Https

          Port: 9090 (Use the same port what you used in web.config – look at the2.a section above)

         SSL Certificate: Select a certificate you created in 4.a section above.

       D. Enable SSL for you WCF web Service.

                I. Click on your WCF Web Service inside IIS.

                II. Then Click on SSL Settings from central panel. Next Check the SSL Required checkbox and Select the Accept radio button for Clint Certificates.      

 5.  Restart the IIS and enable the BizTalk ReceiveLocation then try to browse the URL . It will show the WSDL file without an error.

 

• Marked as answer by Munaga Venkat Wednesday, September 29, 2010 9:04 AM

Thanks for your response Randal.

I successfully completed to configure BizTalk WCF Web Service over SSL. This folowing link helps me a lot while doing this. http://rocksolidknowledge.com/Screencasts.mvc/Watch?video=WCFSSL.wmv  - It talks about configuration of WCF Service over SSL.

The following are the steps for BizTalk WCF Web Service over SSL

1. Expose a BizTalk WCF Web Service using BizTalk WCF Service Publishing Wizard tool.

2. Changes required in Web.Config of WCF Web Service.

    Go to the web.config file by navigating from WCF Web Service in IIS.

       a. Configure BizTalk Receive Location

<receiveLocationMappings>

<add markupFileName="AcountDataService.svc"

receiveLocationName="WcfService_BizTalkAccountDataWcfService/AcountDataService"

publicBaseAddress=https://<<MachineName>>:9090/ />

</receiveLocationMappings>

       b. HttpsGetEnable should be true

<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />

         c. Enable HttpsMexendpoint

<endpoint name="HttpsMexEndpoint" address="mex" binding="mexHttpsBinding" bindingConfiguration="" contract="IMetadataExchange" />

3. Changes required in BizTalk ReceiveLocation configuration.

     Go to the Biztalk ReceiveLocation that will be created by Wizard in first step.

     Click on the configuration button (here transport type may be WCF-BasicHttp or WCF-WSHttp).Next Click on Security tab of Transport Property, then change the below configuration.

     Security Mode : Transport

     Transport clint credential type : None

4. Changes required in IIS

   A. Set the Application Pool for the WCF Web Service.

       Select your WCF Web Service from IIS and click on Advanced Settings from Action pane. Create a new application pool and select here, otherwise you can give BAMAppPool temporarly.

          ApplicationPool – BAMAppPool (example)

   B. Create a Self signed Certificate

       I. Go to IIS and click on the Top node then Click on the Server Certificates from central panel.

       II. Click on the Create a Self Signed Certificate from Action panel.

       III. Enter the name and click ok.

   C. Add https with port and certificate.

       I. Select Default Web Sites in IIS then click on bindings option from Actions panel (it will be right panel of the IIS).

       II. Click on the Add button on Site Bindings pop up.

          III. Select following setting on Add site bindings.

          Type : Https

          Port: 9090 (Use the same port what you used in web.config – look at the2.a section above)

         SSL Certificate: Select a certificate you created in 4.a section above.

       D. Enable SSL for you WCF web Service.

                I. Click on your WCF Web Service inside IIS.

                II. Then Click on SSL Settings from central panel. Next Check the SSL Required checkbox and Select the Accept radio button for Clint Certificates.      

 5.  Restart the IIS and enable the BizTalk ReceiveLocation then try to browse the URL . It will show the WSDL file without an error.

 

• Marked as answer by Munaga Venkat Wednesday, September 29, 2010 9:04 AM

Thanks Munaga Venkat,

This came out very handy and straight forward.

Mayur

Thanks Venkat for the detailed steps, its so straight forward and works as a charm.