WCF IIS settings for load balanced HTTPS

Posted on

Yesterday we run into problem with wcf configuration in IIS to make our Silverlight application working. When you using standard 443 or even custom ssl port in endpoint configuration everything is ok:

 

<system.serviceModel>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
            <services>
            <service behaviorConfiguration="WCFServiceBehavior"
               name="WCF">
                <endpoint address=""
                  binding="customBinding"
                  bindingConfiguration="http"
                  behaviorConfiguration="FaultBehavior"
                  contract="IWCFService">
                    <identity>
                        <dns value="localhost"/>
                    </identity>
                </endpoint>
                </service>
        </services>
        <behaviors>
            <endpointBehaviors>
                <behavior name="FaultBehavior">
                </behavior>
            </endpointBehaviors>
            <serviceBehaviors>
                <behavior name="WCFServiceBehavior">
                    <serviceMetadata />
                    <serviceDebug includeExceptionDetailInFaults="false"/>
                </behavior>
            </serviceBehaviors>
        </behaviors>
        <bindings>
            <customBinding>
                <binding name="http">
                  <binaryMessageEncoding />
                  <httpTransport />
                </binding>
                <binding name="https">
                  <binaryMessageEncoding />
                  <httpsTransport />
                </binding>
            </customBinding>
        </bindings>
    </system.serviceModel>

 

As you can see you can leave endpoint address empty and use http or https custom binding in binding configuration based on your web site protocol.

But this approach is not working when you have load balancer configured to redistribute traffic across  few physical machines. Your load balancer will redirect traffic from  443 port to custom defined (for example 543 port) of your physical  boxes.  This is creating problem of contact mistmatching since Silver light has precompiled setting of endpoint without any knowledge how mapping is done. In order to make it working you need full domain name specified in your end point address and listenUri attribute which contains reference to localhost with custom ssl port number.

 

address="https://gtrifonov.com/Service/WCFService.svc"

listenUri="https://localhost:444/Service/WCFService.svc"

 

Attribute description in MSDN http://msdn.microsoft.com/en-us/library/system.servicemodel.description.serviceendpoint.listenuri.aspx