0

We have a solution that consists of a WCF webservice on one side and a smart client on the other side.

Typically, we set up HTTPS on the webserver for the webservice so that communication between client and server happens over HTTPS.

One of our customers however has a proxy server in between that strips incoming HTTPS request from their SSL payload and forwards a plain HTTP request to the webserver:

Client > HTTPS > Proxy > HTTP > Webserver

The problem is that we are using WsHttpBinding to allow us to communicate with WCF over SSL. Typically we use that binding both on client and server and there's no issue.

But since the webservice actually receives an HTTP request, we cannot use WsHttpBinding (requires HTTPS). But we MUST use HTTPS from the client.

But of course, WCF requires the bindings between client and server to match. So we're a bit stuck and I can't find a good way to solve this issue:

  • We cannot set the client up to use HTTP for security reasons
  • We can set the service to accept HTTP requests, BUT the client won't be able to communicate with it.

Is there a certain setup that could cover this requirement?

Improve this question
2
  • How did you make sure that the request is reaching the web server and that it does not have HTTPS but HTTP? Also when you say Smart client, what is it? A browser or something else? Commented Jun 25, 2013 at 12:10
  • Well, I can see on the webserver requests coming in over HTTP, I can also see in the WCF logging the URL that is reporting the error, which is HTTP. Additionally, the guys of the proxy server confirmed that HTTPS is stripped to HTTP and forwarded over HTTP to the webserver. The smart client is a .NET Windows Forms applications, deployed using ClickOnce. So it's the windows forms application that connects to the WCF service. Commented Jun 26, 2013 at 9:01

1 Answer 1

Reset to default
0

use the wcf binding converter to get a custom binding from your wshttpbinding. then change in the custom binding from https to http element.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

Thanks, I'll give you feedback after I've been able to try it. Already some questions: Do I use this custom binding both on client and service? And do I then set the client to HTTPS and the service to HTTP? (seems like that might not work). I can't set the client to HTTP because they refuse incoming HTTP connection and additionally I think my custom username / password will then be readable (using UserName credential type with a custom membership provider).
use it only on service, since client is already good. client stays https and service http. this will work since you have a service in the middle that offloads ssl.
It now complains that: "the contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality." This is because of authentication mode being UserNameOverTransport. I'm not sure which other option I could use for that, given that at the client we use UserName authentication (msdn.microsoft.com/en-us/library/aa751836.aspx).
use CUB webservices20.blogspot.com/2008/11/…
I guess I'm just confusing myself (or WCF is confusing me), but I did loko at CUB earlier. The problem I had there was that it required HTTP (doesn't accept HTTPS). But I had to set both my client and server to the CUB binding. So I was stuck again. I have a hard time setting up a test environment for this situation at the moment, and the customer agreed to not do the HTTPS stripping anymore, so I'm afraid I can't promise I will be able to fully get it solved with your help (even though it probably contains the solution!). I'll do my best though.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.