Recently encountered a perplexing issue where WCF services hosted on IIS 7.5 work perfectly via HTTP but throw 404 errors when accessing service methods through HTTPS. The service endpoint (.svc) responds normally, but method calls (.svc/CanConnect) fail exclusively under SSL.
Current bindings configuration in IIS:
Type: https
IP: All Unassigned
Port: 443
Host: (blank)
SSL Cert: Valid certificate installedService structure in filesystem:
/Webservices (root)
/Public (subdirectory)
PublicDataService.svc
PublicDataService.svc.cs
web.config (inherited from root)1. Verified SSL certificate validity and binding:
netsh http show sslcert2. Checked handler mappings for both HTTP and HTTPS:
%windir%\system32\inetsrv\appcmd list config -section:system.webServer/handlers3. Compared HTTP vs HTTPS requests using Fiddler:
HTTP 200 OK: GET /Public/PublicDataService.svc/CanConnect
HTTPS 404: GET /Public/PublicDataService.svc/CanConnectThe issue stems from missing httpsGetEnabled in service metadata configuration. While HTTP metadata retrieval works by default, HTTPS requires explicit declaration in web.config:
<serviceMetadata
httpGetEnabled="true"
httpsGetEnabled="true" />Update your service configuration with these critical elements:
<system.serviceModel>
<services>
<service name="YourNamespace.PublicDataService">
<endpoint
address=""
binding="basicHttpBinding"
bindingConfiguration="SecureTransport"
contract="YourNamespace.IPublicDataService"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="SecureTransport">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata
httpGetEnabled="true"
httpsGetEnabled="true"/>
<serviceDebug
includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment
multipleSiteBindingsEnabled="true" />
</system.serviceModel>After implementing the configuration changes:
- Reset IIS:
iisreset /noforce - Verify service metadata:
https://yourserver/Public/PublicDataService.svc?wsdl - Test method invocation:
https://yourserver/Public/PublicDataService.svc/CanConnect
1. Certificate trust chain issues:
Check with: certmgr.msc2. URLACL permissions:
netsh http show urlacl3. Mixed content security settings in web.config:
<httpProtocol>
<customHeaders>
<clear />
</customHeaders>
</httpProtocol>I recently encountered a puzzling scenario where my WCF services hosted on IIS 7.5 responded perfectly to HTTP requests but returned 404 errors when accessed via HTTPS. The behavior was particularly confusing because:
- The .svc endpoint showed the standard WCF page via both HTTP and HTTPS
- Service methods worked fine over HTTP (e.g., /CanConnect returned "true")
- The exact same method URLs returned 404 when accessed via HTTPS
- Other services in the root application worked normally with both protocols
First, I verified the SSL configuration wasn't the root cause:
netsh http show sslcert
The output confirmed the certificate was properly bound to port 443. The site bindings in IIS Manager also showed both HTTP (8088) and HTTPS (443) configured correctly.
After digging through IIS configuration files, I discovered the issue was related to protocol mapping in the applicationHost.config:
%windir%\system32\inetsrv\config\applicationHost.config
The problematic section looked like this:
<location path="Default Web Site/Public">
<system.webServer>
<handlers>
<add name="svc-Integrated"
path="*.svc"
verb="*"
type="System.ServiceModel.Activation.HttpHandler"
resourceType="Unspecified"
preCondition="integratedMode" />
</handlers>
</system.webServer>
</location>
Notice there's no specific HTTPS handler configuration. The solution was to add protocol-specific activation:
I modified the web.config in the Public folder to explicitly enable HTTPS:
<system.serviceModel>
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://127.0.0.1:8088"/>
<add prefix="https://127.0.0.1"/>
</baseAddressPrefixFilters>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
</serviceHostingEnvironment>
</system.serviceModel>
If the above doesn't resolve the issue, consider these additional checks:
- Verify the SSL certificate is valid and not expired
- Check for URL rewrite rules that might interfere
- Ensure the Application Pool identity has proper permissions
- Review the HTTP.SYS configuration for port conflicts
Here's the complete working configuration that resolved my issue:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<handlers>
<add name="svc-Integrated-4.0"
path="*.svc"
verb="*"
type="System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation, Version=4.0.0.0"
resourceType="Unspecified"
preCondition="integratedMode"/>
</handlers>
<security>
<authentication>
<anonymousAuthentication enabled="true"/>
</authentication>
</security>
</system.webServer>
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="secureTransport">
<security mode="Transport"/>
</binding>
</basicHttpsBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>
</system.serviceModel>