You experience one or more of the following issues on a computer that is hosting a Microsoft .NET Framework 3.5-based Windows Communication Foundation (WCF) service in Internet Information Services (IIS).
If the WCF service has an HTTP endpoint, and the Virtual Application in the IIS has enabled the Require SSL setting, you receive the following error message when you try to run the WCF service:
Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].
On the SSL Settings page of the IIS, you set the Client certificates area to Require. This sets the SslRequireCert IIS security setting flag to TRUE. Additionally, one of the WCF service’s endpoints that uses the HttpsTransportBindingElement element has the RequireClientCertificate key set to FALSE. In this scenario, you receive the following error message when you try to run the service:
The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'.
Windows Vista Service Pack 2 (SP2) and Windows Server 2008 SP2
To resolve this problem in Windows Vista SP2 or in Windows Server 2008 SP2, download and apply the hotfix that is described in Microsoft Knowledge Base article 981001. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
981001 A hotfix rollup is available for Windows Communication Foundation in the .NET Framework 3.5 SP1 for Windows Vista SP2 and Windows Server 2008 SP2
Windows 7 and Windows Server 2008 R2
To resolve this problem in Windows 7 or in Windows Server 2008 R2, download and apply the hotfix that is described in the following Microsoft Knowledge Base article:
981002 A hotfix rollup is available for Windows Communication Foundation in the .NET Framework 3.5 SP1 for Windows 7 and Windows Server 2008 R2
This hotfix enables the administration of IIS Web Server security settings for WCF Web services. This removes the need to manually modify the services configuration files of the WCF service. The hotfix automatically streamlines the Require SSL and SslRequireCert IIS settings with corresponding WCF settings in the .NET Framework 3.5 SP1.
Applying this hotfix has the following effects:
For the issue that is described under “Issue 1” in the “Symptoms” section, the service is run successfully. Additionally, the Require SSL setting in IIS overrides the security configuration of the WCF service. Therefore, clients cannot access the HTTP endpoint.
For the issue that is described under “Issue 2” in the “Symptoms” section, the service is run successfully. Additionally, the RequireClientCertificate key in the HttpsTransportBindingElement element of the WCF service is set to TRUE.
However, this hotfix does not resolve the issue in which the service cannot be run when both of the following conditions are true:
The SslRequireCert flag is set to false in IIS.
The RequireClientCertificate key in the HttpsTransportBindingElement element of the WCF service is set to false.
IIS has several configuration knobs that IT pros use to administer and manage applications. Examples of these knobs include virtual application authentication settings and HTTP throttling settings. When a WCF service is hosted in IIS, the configuration of an application or of a service should match with the settings of the host. This requirement is not satisfactory to IT pros for the following reasons:
In many IT environments, IT pros manage and administer applications from virtual directories and from an application view. They usually are unfamiliar with the implementation of the technologies that are used to build the application. Therefore, it is difficult for IT pros to rationalize the configuration of the host and of the application.
Even if IT pros are familiar with the implementation of the technologies, IT pros must handle a complex administrative task. In addition to configuring the host, the IT pro must also change the configuration of the service.
In many organizations, IT pros are usually discouraged from changing application configuration files in a production environment.