I have a self hosted WCF service using a NetTcp binding and TransportWithMessageCredential security with a wildcard cert (*.company.com) as the service certificate.
The client address of the server is (ServerName.company.com) I get the following error when a service call is made:
Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'ServerName.company.com' but the remote endpoint provided DNS claim '*.company.com'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity '*.company.com' as the Identity property of EndpointAddress when creating channel proxy.
Is this actually possible? Any help is appreciated.
Related
I have a Webservice running.
I have t0 access it with ip like "https://192.168.0.1:port/webservice" because the clients possibly have no DNS Server configured and i must not edit hosts File.
The Certificate is signed for the Webservice Hostname.
Its working fine, but certificate validator rejects hostname.
With Validationcallback it works normally.
Unfortuanally there is on Environement were I guess a paranoid Firewall or a Windowssetting which rejects the Certificate before my Callback can handle it.
With (testwise) Hosts Entry on Client Side it works.
Is there a way to 'fake' the ip by bypassing System DNS resolver and give an own IP for the endpoint but keep the requested URL like "https://webservice.mydomain.com:port/anything"?
I created a website on IIS at 192.168.0.163, and published a wcf service application on it, I can get wsdl of service through hostname hostname:port/Service.svc?wsdl and ip address 192.168.0.163:port/Service.svc?wsdl, but hostname.domain.com:port/Service.svc?wsdl not work, on another computer in same domain.
At the end of wsdl, I found the service address is ws://hostname.domain.com:port/Service.svc.
In client, I added service reference by vs2015, in app.config the service address also is ws://hostname.domain.com:port/Service.svc, and I can only connect to service from local computer which IIS stays, calling from another computer will cause a exception:
The remote endpoint requested an address for acknowledgements that is
not the same as the address for application messages. The channel
could not be opened because this is not supported. Ensure the endpoint
address used to create the channel is identical to the one the remote
endpoint was set up with.
If I change address to hostname:port/Service.svc or 192.168.0.163:port/Service.svc, then I faulted to access the service from both computers with same error.
Close firewall can't solve the problem.
How to make this work?
Solved after add hostname in IIS bindings.
I have a WCF web service and listening https with a SSL cert (not self-signed). It uses WsHttpBinding. On developer machine, app is working, but when I publish app, on client machine it doesn't work. There is an error when connecting to WCF.
I think client machine has to install SSL cert to trusted publishers. Or another thing else?
We want to add fail over ability to our WCF clients at the client side . The clients are communicating to a WCF service that is implemented over NetTcpBinding with TransportWithMessageCredential security mode and the credential type is certificate.
Is it possible to use .Net 4.0 RoutingService without changing the real service security at all ?
The desired functionality from the router is just to pass the messages from the client to a backup service if the primary service is unavailable.
i have a WCF web service with basic http bindings. i am using https but the SSL is handled by load balancer so the end traffic will be http when it gets to wcf services. but my endpoint would be the virtual ip of the load balancer.
The question i have is when i try to add this reference to call this service i add it as https:///service.svc?wsdl but it comes back saying the wsdl is invalid. do i need to change my endpoint in web.config to be loadbalancer ip? or there is more than that?
I would try changing the endpoint to the ip of the load balancer.
I had to Enable both Http and Https to get it to work the dsco file kept trying to download as http.