Setting up a secure HTTPS connection to the Core Service

Create a custom binding in web.config to connect to the Core Service using HTTPS.

Procedure

  1. Open Internet Information Services (IIS) Manager.
  2. Open the web.config file in the root of the SDL Tridion 2011 Web application.
  3. In the <system.serviceModel> section, add a system-provided binding element within the <bindings> element, for example <netTcpBinding>, or a custom binding element:
    <bindings>
      <netTcpBinding>
        <binding name="myNetTcp" transactionFlow="true" 
          maxReceivedMessageSize="10485760">
          <readerQuotas maxStringContentLength="10485760" /> 
        </binding>
      </netTcpBinding>
    </bindings>
  4. Go to the path: <configuration><system.serviceModel><bindings><wsHttpBinding><binding>. Add <reliableSession enabled="true" ordered="false" /> under the <security> element:
    <security mode="TransportWithMessageCredential">
      <transport clientCredentialType="Windows" />
    </security>
    <reliableSession enabled="true" ordered="false" />
  5. Go to the path: <configuration><system.serviceModel><services><service><endpoint name="wsHttp"...> and change to the following to use your own ServerName:
    <dns value="ServerName" />
  6. Go to the path: <configuration><system.serviceModel><services><service> and add the following using your own ServerName:
    <host>
      <baseAddresses>
        <add baseAddress="https://ServerName/webservices/" />
      </baseAddresses>
    </host>
  7. Go to the path: <configuration><system.serviceModel><behaviors><serviceBehaviors><behavior> and enable HTTPS and disable HTTP:
    <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
  8. Save and close web.config.
  9. Open the TcmServiceHost.exe.config configuration file, by located in the bin\ subfolder of the Content Manager root location (defaults to C:\Program Files\Tridion or C:\Program Files (x86)\Tridion), in a text editor.
  10. Go to the path: <configuration><system.serviceModel><bindings><netTcpBinding><binding name="CoreService_netTcpBinding"...> and add the following:
    <security mode="Transport">
        <transport clientCredentialType="Windows" />
    </security>
    <reliableSession enabled="true" ordered="false" />
  11. Go to the path: <configuration><system.serviceModel><behaviors><serviceBehaviors><behavior> and add the following using your own ServerName:
    <serviceCredentials>
        <serviceCertificate x509FindType="FindBySubjectName"
             findValue="ServerName"
             storeLocation="LocalMachine" storeName="My" />
    </serviceCredentials>
  12. Save and close TcmServiceHost.exe.config.
  13. Using your proxy generator, generate a new proxy. The new URLs now point to HTTPS locations.
  14. Ensure that the Content Manager server and all clients that connect to it using the Core Service, have a certificate that allows the HTTPS connection to be made.
  15. Because Content Manager Explorer is a client that uses the Core Service, modify its application configuration files to use the new HTTPS binding. To do so, start by going to the WebUI\Models\ subfolder of the Content Manager root and opening the file Web.config in the CME\ subfolder.
  16. Follow the path <configuration>, then <system.serviceModel, then <services>, then <service>.
    You see an HTTPS binding enclosed in comment tags.
  17. Uncomment this binding and, if you want to disallow an HTTP connection, enclose the HTTP binding in comments.
  18. Save and close the Web.config file.
  19. Open the file Web.config in the TCM54\ subfolder, navigate to the same path as before, and make the same changes as before. Then save and close this Web.config file, too.
  20. Similarly, update your bindings in all other clients that connect to the Core Service.