If You Need to Publish Your WCF Service Metadata, Publish it Over HTTPS Protocol
- J.D. Meier, Carlos Farre, Jason Taylor,
Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher
Publish your service metadata over HTTPS to protect clients from being spoofed when adding a service reference. Clients cannot be certain they have added a reference to the right service if you expose your service metadata over HTTP. The service may have been
spoofed through DNS poisoning or a man in the middle attack.
To publish your service metadata over HTTPS use the mexHttpsBinding and configure a server certificate for the service.