patterns & practices Developer Center

How to: Host WCF in IIS

Use IIS to host your WCF service, unless you need to use a transport that IIS does not support. IIS provides a large number of features for efficient service management and scalability. By using IIS as your WCF service host, you can take full advantage of IIS features, such as process recycling, idle shutdown, process health monitoring, and message-based activation.

HTTP bindings can be hosted in IIS 6.0 and IIS 7.0. You can host TCP and MSMQ bindings in IIS 7.0 or a Windows service. You can also host in IIS 6.0, but you must first activate the host W3wp process before using the service.

Perform the following high-level steps to host your WCF service in IIS:

  1. Create a virtual directory in IIS.
  2. Create a .svc file for the WCF service.
  3. Deploy the WCF service implementation to the IIS virtual directory.
  4. Configure the WF service.

Additional Resources

How to: Host WCF in a Windows Service

You should use a Windows service when you have to support transports such as TCP, MSMQ, or named pipes. Windows services have advantages over self-hosting in that they give the benefit of automatic startup, the service lifetime is controlled by the operating system, it is easier to run under a least-privileged account, and the Windows service host will restart your service if it fails. Windows services can be managed by using the Service Control Manager in the Microsoft Management Console (MMC).

Perform the following steps to host your WCF service in a Windows service:

  1. Create a Windows Service Project using Visual Studio 2008.
  2. Add service installers to the Windows Service Project.
  3. Override the OnStart and OnStop methods to start and stop the service inside the Windows service, as shown in the following code example:
    using System;
    using System.Collections.Generic;
    using System.ComponentModel;
    using System.Data;
    using System.Diagnostics;
    using System.Linq;
    using System.ServiceProcess;
    using System.Text;
    using System.ServiceModel;
    namespace WindowsService1
        public partial class WCFServiceHost1 : ServiceBase
            internal static ServiceHost myServiceHost = null; 
            public WCFServiceHost1()
            protected override void OnStart(string[] args)
                if (myServiceHost != null)
                myServiceHost = new ServiceHost(typeof(Service1));
            protected override void OnStop()
                if (myServiceHost != null)
                    myServiceHost = null;
  4. Install the Windows service by using the InstallUtil.exe command from the Visual Studio 2008 command prompt.

Additional Resources

How to: Self-host WCF

Self-hosting is best suited for development and debugging scenarios in which you want maximum flexibility and you want to get the service running as quickly as possible. When readying for deployment, you should choose between hosting in a Windows service or in IIS.

Use the following methods to self-host your WCF service in any .NET application:

  1. Create a method to start the service, as shown in the following code example:
    // Host the service within the application.
    public static void Main()
        // Create a ServiceHost for the CalculatorService type.
        using (ServiceHost serviceHost = 
               new ServiceHost(typeof(Service1)))
            // Open the ServiceHost to create listeners         
            // and start listening for messages.
  2. In the self-hosted case, you must specify the base address. The following example shows how to configure the configuration file:
          <add baseAddress="http://localhost:8000/WCFSecuritySamples/service"/>

Additional Resources

How to: Configure a Least-privileged Account to Host Your Service

Use a least-privileged account to host your service in order to reduce your application's overall attack surface and reduce the potential impact of security vulnerabilities in your service. Using a least-privileged account allows you to audit and authorize your services individually. Your service is also protected from changes made to the privileges and permissions within the default account.

Perform the following steps to create a least-privileged account to host your service:

  1. Create a Windows account
  2. Run the following aspnet_regiis.exe command to assign the relevant ASP.NET permissions to the account:
    aspnet_regiis.exe -ga machineName\userName 
    This step is needed if your application needs to run in ASP.NET compatibility mode; otherwise, you can skip the step.

  3. Use the Local Security Policy tool to grant the Windows account the Deny logon locally user right.

    This reduces the privileges of the account and prevents anyone from logging on to Windows locally with this account.

  4. Use the least-privileged account to run your WCF service:
    • If your service is hosted in IIS 6.0, use IIS Manager to create an application pool running as an account identity. Use IIS Manager to assign your WCF service to that application pool.
    • If your service is hosted in Windows service, configure the Windows service to run using the account identity. This would enable the WCF service to run under the security context of account identity.

Additional Resources