in Uncategorized

How to do SSL pass-through with WCF (a link for the MVP crowd)

I sat in on a very informative roundtable discussion about WCF tips, tricks and pitfalls this afternoon here at the MVP conference. In that discussion one of the topics that came up was load balancing. After some brief discussion, I chimed in with a pitfall that people would need to watch out for which is that, if they’re using something like a BIG-IP box from F5, which proxies SSL communication for them, they will have problems getting their message credentials to flow through to the actual web server since communication between the F5 and the web server is done over just plain HTTP. After I finished talking, people were asking for more detail and whether or not I had written something up on the topic. I thought maybe I never ended up writing anything, but it turns out I did! So for those MVPs who are probably here looking for that info now, or for anyone else who might have missed it, here’s a link that write up.

Also, I mentioned it in the original article, but I again wanted to give credit to Pedro Felix because he was a big help in guiding me down the right path to get this all implemented originally. I finally met Pedro today after he recognized the topic and my URL in the roundtable discussion. Thanks again Pedro, nice to finally put a face to the name!

Leave a comment

Comment

  1. Hi Drew, nice post We’ve read through all your posts. What I find a bit strange is that there is now official statement/support from MS, using WCF and Hardware based SSL accelerators. I don’t think using a hardware based SSL accelerator is such an uncommon scenario. Have you heard anything from MS, or read other posts, giving some sort of statment on this topic?We haven’t tried to implement your solution (we’ll try this week :)), but our concern is that we implement something that is not recommended or supported from MS. Maybe we should only use Message based security for our Internet based WCF services! Any comments?thxFRisla