WCF + SSL/HTTPS in IIS(6). How to disable HTTP access in web.config?

I have a WCF app hosted in IIS6 (and 7 in dev environment) with one wsHttp (SOAP) and two webHttp (REST) bindings.

I want to secure the services when publishing to production site and disable metadata and webHttp help page and ENABLE SSL for the bindings. At the same time i would like to have HTTP disabled. I'm aware of the option in IIS to "Require Secure Channel" but I was wondering if the same can be achieved in web.config?

I was under the impression that

<security mode="Transport">

would "disable" http access (ie. https required) but in my case it didn't.

Her is the ServiceModel part of web.config:

<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="SoapTransportSecurityBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"/>
        <message establishSecurityContext="false"/>
      </security>
    </binding>
  </wsHttpBinding>
  <webHttpBinding>
    <binding name="RestTransportSecurityBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
    </binding>
  </webHttpBinding>
</bindings>
<services>
  <service name="CustomerWcfService" behaviorConfiguration="Web.ServiceBehavior">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="SoapTransportSecurityBinding" contract="ICustomerWcfService">
      <identity>
        <dns value="ws.somecompany.com"/>
      </identity>
    </endpoint>
  </service>
  <service name="SentShipmentsWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
    <endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="ISentShipmentsWcfRestService"
      behaviorConfiguration="RestEndpointBehavior"/>
  </service>
  <service name="InsuranceInfoWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
    <endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="IInsuranceInfoWcfRestService"
      behaviorConfiguration="RestEndpointBehavior"/>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="Web.ServiceBehavior">
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
    <behavior name="webHttpServiceBehavior">
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="RestEndpointBehavior">
      <webHttp helpEnabled="false"/>
    </behavior>
  </endpointBehaviors>
</behaviors>

Answers


It looks it couldn't be achieved in web.config. But in the binding settings you can set

      <security mode="Transport">

In this case endpoints will not be valid if there is no SSL required.


Need Your Help

Data structure/ Retrieving elements parent

algorithm data-structures tree binary-tree

im looking a way to find out any common elements for two parent elements.