HowTo: Securing the Essence Webservice

When you expose the Essence Webservice, there is a difference in the web.config for non-secure and secure communication. With the Installer you will get the version for HTTP. So if you have an HTTPS Essence Portal, you will need to adjust your Essence web.config to match this situation. Here's the two different versions for the System.ServiceModel that can be found at the bottom of the web.config. Use only one of these and make sure all your external applications and websites point to the correct service URL.

The System.ServiceModel for HTTP

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="SilverWebServiceAspNetAjaxBehavior">
        <webHttp/>
      </behavior>
  </endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
  <services>
    <service name="SilverWebService">
      <endpoint address="" behaviorConfiguration="SilverWebServiceAspNetAjaxBehavior" binding="webHttpBinding" contract="SilverWebService"/>
    </service>
  </services>
</system.serviceModel>

The System.ServiceModel for HTTPS

<system.serviceModel>
  <behaviors>
    <endpointBehaviors>
      <behavior name="SilverWebService">
        <webHttp/>
      </behavior>
    </endpointBehaviors>
  </behaviors>
  <bindings>
    <webHttpBinding>
      <binding name="SilverBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"/>
      </security>
      </binding>
    </webHttpBinding>
  </bindings>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
  <services>
    <service name="SilverWebService">
      <endpoint address="" behaviorConfiguration="SilverWebService" binding="webHttpBinding" bindingConfiguration="SilverBinding" contract="SilverWebService"/>
    </service>
  </services>
</system.serviceModel>