Silverlight & WCF – HTTPS

June 8th, 2009 by mokosh Leave a reply »

BTE054

Today we’ll have a look at securing traffic between Silverlight client and WCF services using Https protocol.
First we create Silverlight compatible WCF Service with basicHttpBinding and add security node to the configuration with mode set to Transport:

   1: <basicHttpBinding>   

   2:     <binding name="httpsBinding">   

   3:          <security mode="Transport"/>   

   4:     </binding>   

   5: </basicHttpBinding>

Then, in Silverlight application, add Service Reference to service we just created and https enabled service is ready to use!

The only problem is that we cannot test it from Visual Studio as its web server doesn’t support https protocol. To see how to setup testing environment using IIS read this post.

HTTPS and Fiddler2

When using Fiddler2 to monitor Https traffic, it’s often useful to let it decrypt https traffic:

https1

Inside the Web Sessions panel we can now see HTTPS requests and that our Silverlight application uses secure connection to communicate with WCF Service:

https2

https3

Silverlight and Cross Scheme Access Restrictions



As described in this msdn document, Silverlight cannot access cross scheme resources without proper configuration on the server where resource is located.

This means that by default we cannot call HTTPS resource from HTTP hosted SL application.

To change this behaviour clientaccesspolicy.xml file has to be located and be accessible externally on the server.

To allow all HTTPS hosted Silverlight applications to access both HTTPS and HTTP hosted resources we should use <domain uri="*"/> literal wildcard in clientaccesspolicy.xml.

To allow all HTTP hosted Silverlight applications to access both HTTPS and HTTP hosted resource we should use <domain uri="http://*"/> literal wildcard in the config file.

As a result our clientaccesspolicy.xml file may look like this:

   1: <?xml version="1.0" encoding="utf-8" ?>   

   2:     <access-policy>   

   3:         <cross-domain-access>   

   4:              <policy>   

   5:                    <allow-from http-request-headers="*">   

   6:                        <domain uri="*"/>   

   7:                        <domain uri="http://*"/>   

   8:                    </allow-from>

   9:                    <grant-to>  

  10:                        <resource path="/" include-subpaths="true"/>  

  11:                    </grant-to>  

  12:              </policy>  

  13:        </cross-domain-access>  

  14:     </access-policy>

Playground

Complete solution can be downloaded here.

Buy me a coffee to sponsor more posts like this!

Posted in silverlight, tools, wcf

Tags:

You can follow any responses to this entry through the RSS 2.0 Feed. You can leave a response , or trackback from your own site.

Advertisement

Leave a Reply