How To Use Forms Auth When SSL Is On A Proxy In Front Of The IIS Farm (WCF)?

- 1 answer

Here is my scenario:

I have a proxy that actually has the SSL Cert installed and this sits in front of a load balanced web farm. Each IIS server does not have SSL so I can't use transport security via wsHttp binding. I have not investigated basicHttp because we want to provide SOAP 1.2 going forward w/ this solution. In addition to this, my network team won't allow any use of certs to encrypt at the message level. (this alone would solve my dilemma i'm sure)

My security group has a requirement that we use Forms Authentication (membership provider).

The final solution must allow SSL via the front proxy, yet some type of WCF binding to keep complexity encapsulated in a config file.

I was working with a custom binding that allowed for username/password sent via clear text, but when I try to connect via https i get the usual "http expected" uri error.

How can I use SSL via the proxy to connect securely from client app to web service, but not have SSL installed on IIS and leverage the WCF stack + forms authentication?

I'm not new to WCF, but this very custom setup seems to have me unsure if the requirements allow for any type "easy" solution.

Thank you in advance!

EDIT: I did finally get this working and decided to write a short blog post with complete source code required to write the custom binding.



I think this is similar to a problem many have had when wanting to provide WCF services over SSL when the actual service in IIS is behind an SSL-offloading device. In which case, the following two pages should help you out:

Basically you need to lie to WCF and say that the service is secure, even though the traffic will be conducted over HTTP (between the service and the proxy).