In one of my projects, I have developed a WCF service and hosted it on Azure. I was required to create the service RESTful and call it from inside a SharePoint online app; for which, I added the required service configuration in the web.config file.

For creating the RESTful service, we need to use WebHttpBinding for specifying service endpoint and define the endpoint behavior. Here’s the configuration that I have added:

<services>

      <service name=”MyRestService.Service1″ behaviorConfiguration=”ServiceBehavior”>

        <endpoint address=”” binding=”webHttpBinding” contract=” MyRestService.I Service1″ behaviorConfiguration=”web”></endpoint>

      </service>

</services>

<endpointBehaviors>

        <behavior name=”web”>

          <webHttp/>

        </behavior>

</endpointBehaviors>

Adding this allows accessing my service using RESTful API calls over HTTP access. But, when I tried calling my service from inside the SharePoint online app, it showed the below error:

“The app… was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint…. The request has been blocked; the content must be served over HTTPS.”

And then I knew that the service should be secure to be accessible over HTTPS. To secure the custom domain name with HTTPS, it requires binding a custom SSL certificate to the custom domain in Azure.

This can also be done through simple configuration changes in the web.config file. To make the RESTful service accessible over HTTPS, I added the following configuration:

First, it is needed to add a WebHttpBinding configuration with security mode set to ‘Transport’ as below:

<services>

      <service name=”MyRestService.Service1″ behaviorConfiguration=”ServiceBehavior”>

        <endpoint address=”” binding=”webHttpBinding” contract=” MyRestService.I Service1″ bindingConfiguration=”webBinding” behaviorConfiguration=”web”></endpoint>

      </service>

</services>

<bindings>

      <webHttpBinding>

        <binding name=”webBinding”>

          <security mode=”Transport”>

          </security>

        </binding>

      </webHttpBinding>

</bindings>

And then, it required assigning this WebHttpBinding configuration to Service Endpoint binding with httpsGetEnabled set to ‘true’

<behaviors>

      <serviceBehaviors>

        <behavior name=”ServiceBehavior”>

          <serviceMetadata httpGetEnabled=”true” httpsGetEnabled=”true”/>         

        </behavior>

      </serviceBehaviors>

      <endpointBehaviors>

        <behavior name=”web”>

          <webHttp/>

        </behavior>

      </endpointBehaviors>

</behaviors>

After adding these configuration settings, I was able to call my service from inside the SharePoint online app using HTTPS access.

With the above configuration, the service will be accessible over HTTP and HTTPS both. If you want to disable HTTP access, and allow the service accessible with HTTPS only, then you can set httpGetEnabled to ‘false’ in the ServicerBehavior settings.

Posted by Advaiya

    Let's connect to make technology work for you.





    Please tick the options most relevant to your business challenges
    Decision makingBusiness productivityCustomer experienceTechnology-led innovationDigital transformation


    [By using this form you agree with the storage and handling of your data by this website.]