Juri Strumpflohner Follow Juri is a full stack developer and tech lead with a special passion for the web and frontend development. He creates online videos for Egghead.io, writes articles on his blog and for tech magazines, speaks at conferences and holds training workshops. Juri is also a recognized Google Developer Expert in Web Technologies

HowTo: Using VS2010 Web.config Transformations to Bypass SSL Authentication Locally

Dec 6, 2010 2 min read

Most often when you create WCF webservices you'll want to run them in a secure channel, for instance by using SSL encryption on the transport level. This makes it however cumbersome during development, when you want to host the service on your local development server.

Consequently, when testing locally you'd set the transport mode to "None" while during deploy you'd change it to "Transport" security (or one of the desired alternatives). You need to remember to change the service's configuration in the web.config however and we all know that it is easy to forget these things, not to mention our laziness ;).

Visual Studio 2010 has now a new feature called "Web.config Transformations". It allows you to manipulate your default web.config settings similar as in XSL transformations. The available transformations are limited to the assembly compilation options, "Debug" and "Release" mode.

This comes in really handy when trying to automate the above mentioned scenario. The default web.config settings should fit those for local development.

<system.serviceModel>
  <bindings>
    <basicHttpBinding>
      <binding name="MyService_v1_0_SOAP11Binding">
        <security mode="None">
          <transport clientCredentialType="Windows"/>
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
  <services>
    <service behaviorConfiguration="myService_v1Behavior" name="MyCompany.MyProject.WSService.MyService">
      <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyService_v1_0_SOAP11Binding" contract="MyCompany.MyProject.WSService.MyService_v1_0">
      </endpoint>
      <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
    </service>
  </services>
  <behaviors>
    <serviceBehaviors>
      <behavior name="myService_v1Behavior">
        <serviceMetadata httpGetEnabled="true" externalMetadataLocation="../wsdl/MyService_v1.wsdl"/>
        <serviceDebug includeExceptionDetailInFaults="true"/>
      </behavior>
    </serviceBehaviors>
  </behaviors>
</system.serviceModel>

When publishing using release compilation, the following transformations would be applied

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
  <system.web>
    <compilation xdt:Transform="RemoveAttributes(debug)" />
  </system.web>
  <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="MyService_v1_0_SOAP11Binding" xdt:Transform="Replace">
          <security mode="Transport">
            <transport clientCredentialType="Windows"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <services>
       <!-- snip snip -->
    </services>
    <behaviors>
       <!-- snip snip -->
    </behaviors>
  </system.serviceModel>
</configuration>

As can be seen, the security mode part is being replaced, activating Transport security.

Now obviously, this is a very dummy file I just copy&pasted from a project, taking out irrelevant parts. But if you get the idea, you see how powerful these transformations can be.

Questions? Thoughts? Hit me up on Twitter