I have read some posts here, claiming that WCF can allow http and https on the same endpoint/port, but that sounds a bit wrong to me. I tried to set it up but I cannot figure out how to enable both https and http listening on the same port/ip, programmtically.
I get the following error when I try to add https:
'System.ServiceModel.AddressAlreadyInUseException' in
System.ServiceModel.dll HTTP could not register URL
https://+:10901/Service/. Another application has already
registered this URL with HTTP.SYS.
It works fine if I add just one of them.
Code:
Uri httpsUri = new Uri("https://" + localIp.ToString() + ":" + settings._WebservicePort.ToString() + "/Service/");
Uri httpUri = new Uri("http://" + localIp.ToString() + ":" + settings._WebservicePort.ToString() + "/Service/");
host = new WebServiceHost(typeof(Service), httpUri, httpsUri);
WebHttpBinding whbHttp = new WebHttpBinding
{
CrossDomainScriptAccessEnabled = true,
Security = { Mode = WebHttpSecurityMode.None },
MaxReceivedMessageSize = 10000000
};
WebHttpBinding whbHttps = new WebHttpBinding
{
CrossDomainScriptAccessEnabled = true,
Security = { Mode = WebHttpSecurityMode.Transport },
MaxReceivedMessageSize = 10000000
};
ServiceEndpoint seHttp = host.AddServiceEndpoint(typeof(IService), whbHttp, httpUri);
seHttp.Behaviors.Add(new WebHttpBehavior());
ServiceEndpoint seHttps = host.AddServiceEndpoint(typeof(IService), whbHttps, httpsUri);
seHttps.Behaviors.Add(new WebHttpBehavior());
ServiceDebugBehavior stp = host.Description.Behaviors.Find<ServiceDebugBehavior>();
stp.HttpHelpPageEnabled = true;
host.Open(); // <-- Exception: 'System.ServiceModel.AddressAlreadyInUseException' in System.ServiceModel.dll HTTP could not register URL https://+:10901/Service/. Another application has already registered this URL with HTTP.SYS.
I realize that web http is port 80 and https is normally 443, but why am I then reading that http and https can be hosted on the same port? Am i misreading, and its actually not possible? =)
I'm not sure this is what you want. but i just go ahead and post my answer.
hosting http and https both on single port is impossible. but you can have both http and https binding like this:
<bindings>
<webHttpBinding>
<binding name="RestBinding"/>
<binding name="SecureRestBinding" >
<security mode="Transport"/>
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="YOURPROJECT.YOURSERVICE">
<endpoint address="" behaviorConfiguration="Web" binding="webHttpBinding" bindingConfiguration="RestBinding" name="Rest" contract="YOURPROJECT.IYOURSERVICE"/>
<endpoint address="" behaviorConfiguration="Web" binding="webHttpBinding" bindingConfiguration="SecureRestBinding" name="SecureRest" contract="YOURPROJECT.IYOURSERVICE"/>
</service>
</services>
Related
I'm experiencing a problem with WCF client connections using a self-created certificate.
Certificate created as follows:
Makecert -r -pe -n "CN=MySslSocketCertificate" -b 01/01/2015 -e 01/01/2025 -sk exchange -ss my
Server code:
Public Sub StartWcfServer()
Dim binding As New NetTcpBinding()
binding.Security.Mode = SecurityMode.Transport
binding.Security.Transport.ProtectionLevel = Net.Security.ProtectionLevel.EncryptAndSign
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate
binding.TransferMode = TransferMode.Streamed
Dim baseAddress As New Uri($"net.tcp://192.168.1.1:1234/WcfServer")
_serviceHost = New ServiceHost(GetType(WcfServer), baseAddress)
_serviceHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByIssuerName, "MySslSocketCertificate")
_serviceHost.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck
_serviceHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = ServiceModel.Security.X509CertificateValidationMode.None
_serviceHost.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.CurrentUser
ServicePointManager.ServerCertificateValidationCallback = New RemoteCertificateValidationCallback(AddressOf ValidateServerCertificate)
ServicePointManager.SecurityProtocol = SecurityProtocolType.Ssl3 Or SecurityProtocolType.Tls12
_serviceHost.AddServiceEndpoint(GetType(IWcfServer), binding, baseAddress)
_serviceHost.Open()
End Sub
Private Function ValidateServerCertificate(sender As Object, certificate As X509Certificate, chain As X509Chain, sslPolicyErrors As SslPolicyErrors) As Boolean
Return True
End Function
Client code:
private void InitialiseWcfClient()
{
var binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ProtectionLevel = System.Net.Security.ProtectionLevel.EncryptAndSign;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
binding.TransferMode = TransferMode.Streamed;
var url = $"net.tcp://192.168.1.1:1234/WcfServer";
var address = new EndpointAddress(url);
var channelFactory = new ChannelFactory<IWcfServer>(binding, address);
WcfServer = channelFactory.CreateChannel();
}
// call to server which causes the error
WcfServer.CallMethod();
Client-side error:
System.IdentityModel.Tokens.SecurityTokenValidationException: 'The X.509 certificate CN=MySslSocketCertificate chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Server-side error:
System.Security.Authentication.AuthenticationException: 'The remote certificate is invalid according to the validation procedure.'
Bro,regardless of whether we specify the Authencation mode on the server-side, we should establish the trust relationship between the server and the client when authenticating the client with a certificate.
Namely, we should install the server certificate on the client-side and install the client certificate on the server side. Based on the authentication mode value, the certificate installation place is difference, commonly we should install it in the Local CA. Besides, considering some access permission issues, we had better install the certificate in Local machine store location other than Current User.
Also, when we explicitly specify the security mode to Transport, we should provide a certificate on the server side.
sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "cbc81f77ed01a9784a12483030ccd497f01be71c");
At the same time, the client is supposed to provide a certificate to represent identity.
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "9ee8be61d875bd6e1108c98b590386d0a489a9ca");
I have made a demo, ,wish it is helpful to you.
Server.
class Program
{
static void Main(string[] args)
{
using (ServiceHost sh = new ServiceHost(typeof(MyService)))
{
sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "cbc81f77ed01a9784a12483030ccd497f01be71c");
sh.Open();
Console.WriteLine("serivce is ready....");
Console.ReadLine();
sh.Close();
}
}
}
[ServiceContract]
public interface IService
{
[OperationContract]
string Test();
}
public class MyService : IService
{
public string Test()
{
return DateTime.Now.ToString();
}
}
App.config(Server side)
<system.serviceModel>
<services>
<service name="VM1.MyService">
<endpoint address="" binding="netTcpBinding" contract="VM1.IService" bindingConfiguration="mybinding">
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" ></endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:5566"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="mybinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Client.
class Program
{
static void Main(string[] args)
{
Uri uri = new Uri("net.tcp://vabqia969vm:5566");
NetTcpBinding binding = new NetTcpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
ChannelFactory<IService> factory = new ChannelFactory<IService>(binding, new EndpointAddress(uri));
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "9ee8be61d875bd6e1108c98b590386d0a489a9ca");
IService service = factory.CreateChannel();
try
{
var result = service.Test();
Console.WriteLine(result);
}
catch (Exception)
{
throw;
}
}
}
[ServiceContract]
public interface IService
{
[OperationContract]
string Test();
}
Result.
One more thing must be noted that we should ensure the client certificate have the client authentication Intended purposes.
Feel free to let me know if there is anything I can help with.
I'm trying to call soap service in script task but getting this following error. I've added a serviceReference through wsdl url. I don't have idea about what this error is referring to. However i'm able to get the data in SOAPUI
"The header 'ReliableMessaging' from the namespace 'http://sap.com/xi/XI/Message/30' was not understood by the recipient of this message, causing the message to not be processed. This error typically indicates that the sender of this message has enabled a communication protocol that the receiver cannot process. Please ensure that the configuration of the client's binding is consistent with the service's binding."
below is the code i'm using
EndpointAddress endPointAddress = new EndpointAddress("https://sapnxcci.intel.com:8220/XISOAPAdapter/MessageServlet?senderParty=&senderService=MC4510&receiverParty=&receiverService=&interface=Segments&interfaceNamespace=http://intel.com/xi/Intel-MDM/Project/Segment");
SegmentsClient client = new SegmentsClient(BindingUtility.GetInitiativesBinding(), endPointAddress);
client.ClientCredentials.UserName.UserName = "sys_idwcons";
client.ClientCredentials.UserName.Password = "abdc";
SegmentResponse results = client.ListSegments(new SegmentRequest() { SegmentName = "" });
In GetInitiativesBinding contains the following.
public static BasicHttpBinding GetInitiativesBinding()
{
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
binding.MaxReceivedMessageSize = 2147483647;
binding.MaxBufferSize = 2147483647;
binding.ReceiveTimeout = TimeSpan.FromMinutes(5);
binding.SendTimeout = TimeSpan.FromMinutes(5);
return binding;
}
and my App.Config file looks like this
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SegmentsBinding" />
<binding name="SegmentsBinding1">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://sapnxcci.intel.com:8420/XISOAPAdapter/MessageServlet?senderParty=&senderService=MC4510&receiverParty=&receiverService=&interface=Segments&interfaceNamespace=http%3A%2F%2Fintel.com%2Fxi%2FIntel-MDM%2FProject%2FSegment"
binding="basicHttpBinding" bindingConfiguration="SegmentsBinding"
contract="ServiceReference1.Segments" name="HTTP_Port" />
<endpoint address="https://sapnxcci.intel.com:8220/XISOAPAdapter/MessageServlet?senderParty=&senderService=MC4510&receiverParty=&receiverService=&interface=Segments&interfaceNamespace=http%3A%2F%2Fintel.com%2Fxi%2FIntel-MDM%2FProject%2FSegment"
binding="basicHttpBinding" bindingConfiguration="SegmentsBinding1"
contract="ServiceReference1.Segments" name="HTTPS_Port" />
</client>
</system.serviceModel>
</configuration>
I think it's because the return message from PI contains the tags.
tags are only useful when you have a PI - PI connection.
Reference: https://archive.sap.com/discussions/thread/1839924
I am developing a WCF service using WsHttpBinding and an SSL certificate for security. Works perfectly in my local IIS, but when I publish I get the following error message;
The protocol 'https' is not supported.
Here is my web.config file..
<system.serviceModel>
<services>
<service name="PeopleService.Service.PeopleService">
<host>
<baseAddresses>
<add baseAddress="https://www.mywebsite.com/service/"/>
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="BasicBinding" contract="PeopleService.Service.IPeopleService" name="BasicEndpoint"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="BasicBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
I am using a ServiceHost factory to add my endpoints, so that I can load the SSL certificate from a physical file rather than from the certificate store.
public class PeopleServiceHost : ServiceHost
{
public PeopleServiceHost(params Uri[] addresses) : base(typeof(PeopleService), addresses)
{
}
protected override void InitializeRuntime()
{
Description.Behaviors.Find<ServiceDebugBehavior>().IncludeExceptionDetailInFaults = true;
Description.Behaviors.Find<ServiceDebugBehavior>().HttpsHelpPageUrl = new Uri("https://www.mywebsite.com/service/PeopleService.svc/mex");
ServiceMetadataBehavior metadataBehavior = new ServiceMetadataBehavior();
metadataBehavior.HttpsGetEnabled = true;
metadataBehavior.HttpsGetUrl = new Uri("https://www.mywebsite.com/service/PeopleService.svc/mex");
Description.Behaviors.Add(metadataBehavior);
var serviceCredentials = new ServiceCredentials();
serviceCredentials.ServiceCertificate.Certificate = new X509Certificate2(AppDomain.CurrentDomain.BaseDirectory + "\\mywebsite.pfx", "password123", X509KeyStorageFlags.MachineKeySet);
Description.Behaviors.Remove((typeof(ServiceCredentials)));
Description.Behaviors.Add(serviceCredentials);
base.InitializeRuntime();
}
}
I've been trying to solve this problem for days, but to no avail. I've contacted by host and they have advised me that HTTPS is definitely supported and enabled in IIS.
Any help is really appreciated. Thanks.
I'm busy writing a file server/client tool that basically uses a hosted Service to send and receive data to and from the server. Since this solution will be used by many different people, its not really advisable to have them go and edit the App.Config file for their setup. What I would like to do is change this at runtime so that the user(s) have full control over the settings to use. So, this is my App.Config file:
<system.serviceModel>
<services>
<service name="FI.ProBooks.FileSystem.FileRepositoryService">
<endpoint name="" binding="netTcpBinding"
address="net.tcp://localhost:5000"
contract="FI.ProBooks.FileSystem.IFileRepositoryService"
bindingConfiguration="customTcpBinding" />
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="customTcpBinding" transferMode="Streamed" maxReceivedMessageSize="20480000" />
</netTcpBinding>
</bindings>
</system.serviceModel>
What I would like to do is to change only the address (in this example, net.tcp://localhost:5000) when the application is executed. So I must be able to read the current value and display that to the user, and then take their input and save it back into that field.
The test below may help you. Essentially the steps are
Instantiate an instance of the host that reads the configuration from the .config file;
Create a new instance of EndpointAddress using the same configuration as the old one, but changing the uri and assign it to the Address property of your ServiceEndpoint.
[TestMethod]
public void ChangeEndpointAddressAtRuntime()
{
var host = new ServiceHost(typeof(FileRepositoryService));
var serviceEndpoint = host.Description.Endpoints.First(e => e.Contract.ContractType == typeof (IFileRepositoryService));
var oldAddress = serviceEndpoint.Address;
Console.WriteLine("Curent Address: {0}", oldAddress.Uri);
var newAddress = "net.tcp://localhost:5001";
Console.WriteLine("New Address: {0}", newAddress);
serviceEndpoint.Address = new EndpointAddress(new Uri(newAddress), oldAddress.Identity, oldAddress.Headers);
Task.Factory.StartNew(() => host.Open());
var channelFactory = new ChannelFactory<IFileRepositoryService>(new NetTcpBinding("customTcpBinding"), new EndpointAddress(newAddress));
var channel = channelFactory.CreateChannel();
channel.Method();
(channel as ICommunicationObject).Close();
channelFactory = new ChannelFactory<IFileRepositoryService>(new NetTcpBinding("customTcpBinding"), oldAddress);
channel = channelFactory.CreateChannel();
bool failedWithOldAddress = false;
try
{
channel.Method();
}
catch (Exception e)
{
failedWithOldAddress = true;
}
(channel as ICommunicationObject).Close();
Assert.IsTrue(failedWithOldAddress);
}
you can create the service instance providing a configuration name and endpoint. So you can use;
EndpointAddress endpoint = new EndpointAddress(serviceUri);
var client= new MyServiceClient(endpointConfigurationName,endpoint )
look at msdn article.
WCF Service WebConfig(partial).
<services>
<service name="Bricks99.LicensingServer.LicensingService"
behaviorConfiguration="Bricks99ServiceBehavior">
<!-- use base address specified above, provide one endpoint -->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="Bricks99Binding"
contract="Bricks99.LicensingServer.ILicensingService" />
<!--<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />-->
</service>
</services>
<basicHttpBinding>
<binding name="Bricks99Binding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Bricks99.LicensingServer.CCustomValidatorClass, Bricks99.LicensingServer"/>
</serviceCredentials>
Client is ASP.NET 2.0
LicensingService service = new LicensingService();
//Authentication
CredentialCache credCache = new CredentialCache();
credCache.Add(new Uri(service.Url), "Basic", new NetworkCredential("Test", "1234567"));
service.Credentials = credCache;
service.PreAuthenticate = true;
service.UseDefaultCredentials = false;
result = service.VerifyLicenseKey(licenseKey, string.Empty);
The result is always The request failed with HTTP status 401: Unauthorized. I have also turned off Anonymous Access on the folder. Its still not working.
Any ideas on how to set the credentials correctly?
EDIT: Seems like the overridden method
public override void Validate(string userName, string password)
{
try
{
if(userName != "Test" || password != "1234567")
{
throw new FaultException("The provided credentials are invalid.");
}
}
catch(FaultException ex)
{
LicensingData.Operations.LogError(ex);
}
}
is never getting hit.
Well after hours of research I found out that the hosting provider did not allow basic authentication by default. For custom authentication to work it is necessary that basic authentication be enabled in IIS.