SSL and WCF Security

Question

SSL and WCF Security

I have an IIS-enabled WCF service that is configured to use basicHttpBinding with transport security.

I configured IIS with a certificate, and I use the https endpoint to invoke the service.

Now I have enabled message logging on the service at the transport level, however the messages that I see are in clear text. It is right? If so, why? Is there a way to see encrypted messages?

Thanks in advance Fabio

+4

wcf wcf-binding wcf-security

Fabio Apr 18 '11 at 14:47

source share

2 answers

Use Fiddler and do not enable SSL decryption in the parameters. This will allow you to check message traffic, as in wiring.

In addition, you should read Debugging Localhost traffic with Fiddler , which is usual for them new to Fiddler. Then, see the HTTPS decryption info page, if you later want to use this feature.

+1

Mike atlas Apr 18 '11 at 14:49

source share

Ladislav Mrnka · Accepted Answer · 2011-04-18T14:54:05+0000

This is the correct behavior. The transport layer processes its decryption before it passes the message to the upper level api, for example WCF, so WCF always receives a message with decryption and cannot intercept the process. Migration security outside of WCF. An encrypted message at the transport level is only registered if you use message protection, because in this case the transport layer simply transmits the message, like WCF, to process it.

SSL and WCF Security

More articles: