A complete guide to create secure WCF REST API with custom Basic Authentication
WCF REST API services are still being used by many developers for client server connectivity for data and messaging. This blog is a complete guide on creating a WCF Rest service from scratch and Adding security to the service using Basic Authentication. Then we’ll learn how to encrypt the basic authentication information which would be sent over the network using SSL. The main sections of this guide are:
- Creating a WCF REST API service
- Hosting and Deploying a WCF REST service on IIS (Local machine)
- Adding security to the Service by using Basic Authentication
- Securing basic authentication credentials using SSL over Http i.e. (Https)
- Creating a certificate and Enabling IIS website to use Https
- Setting up WCF REST service to use SSL (Https)
- Basic knowledge of Visual studio/WCF basics.
- Visual studio version > 2008
- .Net framework > 3.5 installed
- IIS server >7 or equal
Hosting and Deploying a WCF REST service in IIS
To Host the above service in IIS follow below steps:
1. Right click on the project and go to Properties. In properties window select Web.
2. Now under Servers on Web settings you’ll see following details change the “IIS Express” to “IIS Server”.
3. Now Click on Create Virtual Directory. Now if you have Visual Studio running As Administrator then you’ll get a message The Virtual directory was created successfully! Otherwise you’ll receive an error message and you need to launch again Visual studio as Administrator. I mentioned it in the start of this Guide.
4. Now press F5 and your website will be up and running on IIS server instead of your IIS express.
Deploying a WCF REST service on IIS Local machine (optional)
(Optional) You don’t actually need to deploy the current WCF service because the visual studio already using IIS server for hosting as detailed in above step. This is just to let you know how to deploy a WCF REST service on IIS.
Follow below steps:
1. Right click on Project -> Goto Publish.
2. In Publish windows open the dropdown for profiles and select New Profile.
3. Select publish method as “Web Deploy”. Enter server as “Localhost”. Add site name as “Default Web site/WcfWebHttpIISHostingSample_Demo2”. Click Validate connection it’ll verify access rights and other information provided.
4. Once the Validate connection succeeds click publish. You’ll get the success message in output window in Visual studio.
5. Test the service by entering in browser following url - http://localhost/WcfWebHttpIISHostingSample_Demo2/Data/TestingDeploymentSuccess
Continue reading - Adding security to the WCF REST service using custom Basic Authentication