If You Need to Publish Your WCF Service Metadata, Publish it Over HTTPS Protocol

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Publish your service metadata over HTTPS to protect clients from being spoofed when adding a service reference. Clients cannot be certain they have added a reference to the right service if you expose your service metadata over HTTP. The service may have been spoofed through DNS poisoning or a man in the middle attack.

To publish your service metadata over HTTPS use the mexHttpsBinding and configure a server certificate for the service.

Additional Resources

Last edited Jun 12, 2008 at 11:32 PM by prashantbansode, version 1


No comments yet.