5 Additional configuration for WCF web services

Some web services are WCF web services rather than ASP.NET web services. WCF web services can be identified as they contain an .svc file rather than an .asmx file.

These WCF web services need additional configuration within their web.config file to allow for SSL, and for authentication to be configured.

For WCF web services, both the IIS settings in section 4, Configuring authentication in IIS and the web.config settings described in this section must be consistently applied for the type of authentication being configured. If the IIS settings and the web.config settings are inconsistent (for example, IIS is set up for a different authentication type than web.config), then depending on the exact configuration the web service may either not function at all, or may grant unintended access.

Note: Do not make these changes on web services which are not WCF web services.

There are two main types of binding used in WCF web services – basicHttpBinding and webHttpBinding. The example web.config excerpts below show basicHttpBinding. If your web service uses webHttpBinding, a webHttpBinding node will be present instead of a basicHttpBinding node.

Full documentation for configuring the WCF web.config files is supplied by Microsoft:

docs.microsoft.com/en-us/dotnet/framework/configure-apps/file-schema/wcf/

Warning: A patch that updates the WCF web service may overwrite the web.config file. Therefore after editing the web.config file, take a backup of it. After installing a MyID patch that modifies the WCF web service, you may need to restore the web.config file manually to re-enable the SSL/authentication settings.