开发者

SSL and WCF Transport Security

I have an IIS-hosted WCF service which is configured to use basicHttpBinding with transport security.

I have configured IIS with a certificate and I'm using an https endpoint to call the service.

Now, I have enabled message logging on the se开发者_JAVA百科rvice at transport level - however, the messages I'm seeing are in clear text. Is this right? If so, why? Is there a way to see the encrypted messages?

Thank you in advance, Fabio


This is correct behavior. Transport layer handles its decryption before it passes message to upper layer api like WCF so WCF always get message decrypted and it can't intercept the process - transport security is outside of WCF. Encrypted message on transport layer is logged only if you use message security because in such case transport layer just passes the message as is to WCF to deal with it.


Use Fiddler and don't enable SSL decryption in the options. It will allow you to inspect the message traffic as it is on the wire.

Also, worth reading is Debugging Localhost Traffic with Fiddler, a common gotcha for those new to Fiddler. Then check out the info page on HTTPS decryption, if you're interested in using that feature later.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜