I have only recently got into contact with Windows Communication Foundation (WCF). As a newbie, one of the things I struggled with at first was securing a WCF service with self-signed certificates. Never having used certificates and not knowing how it actually works, it was challenging task to say the least. Looking back now it makes me feel a little silly …
For this post we will use a common business-2-business scenario. We will create a transport-secured (HTTPS) WCF service with certificate client-credential authentication.
1. Create the solution setup:
For this scenario, we will build a solution called “WCF.Tutorial.TransportSecurity”
There are 2 projects in this solution: (both are default template projects)
- WCF Service Application called “WCF.Tutorial.TransportSecurity.Service”
- Client console application called “WCF.Tutorial.TransportSecurity.Client”
At some point, you might experience some issues if you try to consume a service that is hosted on another role instance that is not being hosted in the default workerrole process.
We host a WCF Service in a windows service that is being installed on the azure role instance by a startup Task. This means the WCF service is not being hosted inside of the workerrole, which derives from the RoleEntryPoint.
We want to consume this service from another role instance.
For the first role instance where we host the WCF service in a windows service, we need to define an internal endpoint, which we will use for the WCF service to listen on.
This endpoint is only used for communication between both the role instances, thus making it an internal endpoint.
The required binaries of the windows service get copied to the windows azure instance by
We also have a startup task defined, which triggers the install of the windows service on the azure instance. This startup task startup.cmd has been copied to the azure instance at the approot/definedfolder/ by the contents copy, together with the necessary windows service binaries.