How to: Use HTTPS with a Domain Service

[ This document was written for WCF Services Version 1 Service Pack 2 and might not be up to date Please see Release Notes or Changelog for a list of changes since WCF RIA Services ]

This topic explains how to configure the domain service to only accept requests made over HTTPS. This is done to improve the security of communication with a domain service. The resulting behavior is that domain service denies all requests made over HTTP. When a domain service is configured for HTTPS, the corresponding DomainContext class that is generated for the client application also uses HTTPS for all requests.

To use HTTPS, you must perform several steps to configure your Web server. For more information, see How to Set Up an HTTPS Service in IIS, and Configuring HTTP and HTTPS. After you have configured your Web server, you must perform the following step to specify that the domain service uses HTTPS. For more information about network security and Silverlight, see Network Security Access Restrictions in Silverlight.

To require HTTPS with a domain service

• Set the RequiresSecureEndpoint() property to true when you apply the EnableClientAccessAttribute attribute to the domain service.

  <EnableClientAccess(RequiresSecureEndpoint:=True)> _
  Public Class AuthenticationDomainService
      Inherits AuthenticationBase(Of User)

  [EnableClientAccess(RequiresSecureEndpoint = true)] 
  public class AuthenticationDomainService : AuthenticationBase<User>