Creating WCF Service hosted in Azure Service Fabric over Https with Basic Authentication


This post will show how we can create a WCF Service in Azure Service Fabric and how to configure Basic authentication to it using simple username and password validation.

Follow the below steps in the given order:

  1. Create Service fabric service.
    Create a service fabric stateless service in Visual studio.
  2. Add a sample contract and implementation with a sample method. In this case it just returns a random guid.

  3. Create a communication listener for the Wcf Service. Read next steps which would be part of the communication listener
  4. In our example, we’re going to expose the WCF Service over HTTPS on the port 44000. As part of the communication listener, we’ll create a BasicHttpsBinding and set the security mode to Transport and CredentialType to Basic.
  5. Next create the listener object which is of type WcfCommunicationListener<ContractType>. This type is in the namespace Microsoft.ServiceFabric.Services.Communication.Wcf.Runtime. You will have to add the NuGet package Microsoft.ServiceFabric.Services.Wcf. See sample code below.
  6. Next, set the Credentials for the service host listener. Since, we’re using custom Username authentication, we will set the UserNamePasswordValidationMode to Custom and we would also specify the custom validator class object which would override the UserNamePasswordValidator class. This is an abstract class that provides a Validate method that takes in 2 parameters, the username and password.
  7. The Custom validator class implementation is as shown below.
  8. Coming back to the listener creation part. Now we also want to add a service metadata behavior so that clients can access the service metadata. Also we have to make sure that we set the httpsGetEnabled to true so that metadata is available over https. See sample code below.
  9. Now return the above created listener. The complete Listener creation method is given below.
  10. This method is called from the CreateServiceInstanceListener method provided by Service Fabric.
  11. Run the service and check that it is healthy in the service fabric explorer. Make a note of the URL.
  12. If you click on the URL, you would see something like below.

    This is because the specified port doesn’t have any certificate bound to it. We need to bind a certificate to the specified port, in this case port 44000. In your dev machine, you can create a self-signed certificate using the New-SelfSignedCertificate powershell cmdlet. Next run the below command in command prompt in admin mode to bind the certificate to the port.

     netsh http add sslcert ipport= certhash=<cert_thumbprint> appid={someguid}

    See sample below.

  13. Now run the service again and try opening the URL. You would be able to see the service wsdl as seen below.
  14. As you can see in the wsdl above, there are references to other files (see wsdl:import tag). If you want everything in a single wsdl, we can add a endpoint behavior for that. I’ve added it in the sample application code uploaded with this post (refer link at the end of post). I thank the author of this post for explaining it clearly.
  15. Now for the client side. Create a wcf client. I’m creating a sample console application here.
  16. Add a service reference and put the URL you copied above. After clicking on Go, it shows a popup that certificate is not trusted, which is ok in our case as we’ve created it locally. Then it prompts for username and password. Enter the username and password that your WCF service expects. Now service reference is added.

  17. In the code, make sure that you’ve provided the credentials (username and password) as shown in below sample.
  18. As mentioned above, make sure that small piece of code marked with comment doesn’t go into production. That is meant for local dev purposes only.
  19. When we run the client, if we’re passing correct username and password, we will get a guid response as shown below.

I’ve uploaded the complete sample application here. Alternatively, you can clone the repo using this git url directly.

Hope this helps!

This entry was posted in .NET and tagged , , , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *