What happens if I set HttpGetEnabled = false

You're adding a service reference, which generates a proxy based on Metadata Exchange (mex). The httpGetEnabled configuration lets you set an http endpoint that would allow a non-mex proxy to be generated using WSDL, such as a legacy .NET webservice proxy. They are different protocols, controlled by different settings. I believe if you were to have <serviceMetadata httpGetEnabled="true" httpGetUrl="http://localhost:8080/SampleService?wsdl"/> you could add a web service reference from .NET 2.0, which you would be unable to do using the configuration <serviceMetadata httpGetEnabled="false"/>.


MEX and WSDL are two different schemes to tell potential clients about the structure of your service. So you can choose to either make your service contracts public as "metadata exchance format" (MEX) or in the "web service description language" (WSDL) -- the latter being accessible via HTTP(s).

Thus in order to generate proxies, you need meta data information. When you remove the serviceMetadata-line you say you are not providing meta data in WSDL format.

But the line before, publishing your metadata in MEX, is still active, thus you can generate a proxy from those metadata.

From those follows naturally that when you provide neither WSDL nor MEX formatted information, you cannot generate a proxy.

As Joel C correctly pointed out, the bindings are a(n almost) orthogonal concept. Whether you allow clients to talk to you via basic HTTP, ws HTTP, net named pipes or crystal balls is quite not dependent on how you publish your services.

The WCF security guidance project and / or MS "practises and patterns" for WCF security might provide deeper insight.