You will need to create a service with two WebHttpBinding endpoints. One endpoint will use HTTP (binding without transport security), and the second endpoint will use HTTPS (binding with transport security). You will also need to configure IIS to support HTTP and HTTPS (assign a certificate).
Question: if it is reasonable? If you really believe that your service should provide secure transport due to confidential data, then providing an unsecured endpoint at the same time does not seem like a good solution.