I have trubble enable https for a simple webservice project. The service i starting but I canĀ“t browse it at all? Its like it is not really published? If I switch to regular http it works fine.
Finddler respondes with this :
fiddler.network.https> HTTPS handshake to localhost failed.
System.IO.IOException Unable to read data from the transport
connection: An existing connection was forcibly closed by the remote
host. < An existing connection was forcibly closed by the remote host
The WCF log says nothing more then that the service is started.
Here is a test projekt : https://onedrive.live.com/redir?resid=DE992A2C8B8C2EC9!7740&authkey=!APkS4Y9ODK-Y-Lk&ithint=file%2czip
You should be able to switch the certificate against any one you already have.
Edit : The certificate Im using are a selfsigned for testing but that should not matter.
I hade to bind the port to the certificate like in this article : https://msdn.microsoft.com/en-us/library/ms733791(v=vs.110).aspx
Related
I have a self-hosted SignalR application in a Windows Service built with VS2015 FW 4.6, SignalR 2.3.0. This has been working fine for more than 2 years using ports 6286 (https) and 6287 (http) and "*" for the IP. I wanted to switch these ports to 80 and 443 respectively and apply a wild-card certificate to 443. Since there are web sites using the certificate on IP 192.168.100.7 I added another IP address (192.168.100.3) to my server applied the certificate with:
netsh http add sslcert ipport=192.168.100.3:443 appid={12345678-db90-4b66-8b01-88f7af2e36bf} certhash=xxxxxxxxxxxxxxxxxxxxxxxxx
I can verify the success with:
netsh http show sslcert ipport=192.168.100.3:443
So I start the WebApps with the following:
SignalR = WebApp.Start("http://192.168.100.3:80/");
SignalRSSL = WebApp.Start("https://192.168.100.3:443/");
They seem to start fine, no errors and if I use http://192.168.100.3/signalr/hubs it works fine. However, https://192.168.100.3:443/signalr/hubs gives the "Unexpectedly closed connection" error.
What have I done wrong, is there something else to set for https?
My error... I was using the internal IP's and corresponding external IP's to test this. What I realized is that the wild-card certificate is not tied to an IP, it's tied to a domain! So, I created an A record for the IP with the wild-card's domain and it worked.
However, I now have a different problem in that it's trying to negotiate with the web server's domain and not the signalR domain to send a message!
https://webserverdomain/signalr/negotiate?clientProtocol=1.5....
I don't know where it's picking the web server's name up but it's different enough that it's probably a topic for another post.
I am working on a 'Smart Device Project' using .Net Framework 3.5. I am trying to connect to some Java SOAP services on a remote server.
In order to do that, I added 'Web References' to my project.
When I try to call my web service I get a WebException 'Unable to connect to the remote server' with the inner exception being 'No connection could be made because the target machine actively refused it'.
I searched quite a lot on the Web and StackOverflow and found a lot of ASP configuration and 'Unavaliable port' answers, but as I have another application using the exact same Service successfully, I can't get why the new one isn't getting through (It did sometimes through my tests so I suppose my client implementation isn't that bad)
I tried to look if there was some connection issue on the port by using some TcpClient:
System.Net.Sockets.TcpClient client = new System.Net.Sockets.TcpClient();
try
{
client.Connect("myServerName", 8087);
MessageBox.Show("Success");
} catch (Exception ex)
{
MessageBox.Show("Failure");
}
finally
{
client.Close();
}
This connection succeed.
Here is a sample on how I call my WebService:
WSServiceExtended srv = new WSServiceExtended();
srv.Proxy = new System.Net.WebProxy();
ServeurWSI wsi = new ServeurWSI();
srv.Url = "http://myServerName:8087/myServerApp/services/myService";
wsr = srv.login(wsi);
The service is called 'Extended' because I overrided the auto-generated one in order to add Cookie managment since I am using the Compact Framework. Following the sample in this thread:
https://social.msdn.microsoft.com/Forums/en-US/34d88228-0b68-4fda-a8cd-58efe6b47958/no-cookies-sessionstate-in-compact-framework?forum=vssmartdevicesvbcs
EDIT:
I made some new tests with the Web references and got it to work.
When I add the Web Reference, I have to put some Url to the Web Service. When I set it with the actual hostname instead of the 'localhost' everything is fine.
But then, since I set it manually to the real address just before the call, it shouldn't matter
srv.Url = "http://myServerName:8087/myServerApp/services/myService";
EDIT2:
I might have forgotten some specifics about my environnement.
The Web Services are exposed on my computer on some Tomcat Server.
The application I am working on is also developped on this computer (That's why I can add Web References by putting 'localhost' in the address)
The application is then deployed on a distant device (Windows CE) that will make calls the Web Services through WIFI (There, localhost wouldn't work then)
I tried calling the Web services from other computers successfully.
I'm beginning to think that there might be some differential between the called Url and the one that is set, otherwise, how would I have a difference in behaviour such as the one described in the first edit?
EDIT3:
Well..Seems like it's not a network issue but a .Net compact framework (usage?) issue...
The Url property of the Web Service implementation is simply ignored and the one in the Reference.cs is used in place.
If someone had some idea on how I could troubleshot this, I would really appreciate it.
That error means that you reached a server and the server said "no way". So you're either hitting the wrong server or the wrong port.
I find the telnet client is useful for testing stuff like this. From the command line, you can do:
telnet [servername] [port]
So something like:
telnet myServerName 8087
If it goes to a blank screen, then it connected successfully. If it does not connect, it'll tell you.
The telnet client is no longer installed by default in Windows 7+, so you'll have to install it. See here for instructions: https://technet.microsoft.com/en-ca/library/cc771275
If the connection does open, you could paste in an actual HTTP request to see what happens. A simple GET would look something like this:
GET /myServerApp/services/myService HTTP/1.1
Host: myServerName:8087
One reason for this error can be that the service binds to only a certain IP address. It could well be that the service only listens on the IP that is assigned to the host name, but not on the localhost IP (127.0.0.1).
For example:
If the host myServerName has the public IP 192.168.0.1, your service can choose to listen on all IPs assigned to the host (sometimes specifying 0.0.0.0), or it can specifically listen on 192.168.0.1 only. In that case you will not be able to connect through 127.0.0.1, because the service simply doesn't listen on that IP.
You can "use" this inverse of this feature to make a service accessible only to local clients, not on the public IP-Address, by listening on 127.0.0.1 only, but not on the public IP. This is sometimes used on Linux for example to make MySQL only accessible on the host itself.
I was starting to forget this post but I finally found the problem that was messing things up and it has nothing to do with programmation.
I was doing the calls while the device was connected to the computer via the 'Windows Mobile Device Center' allowing to access the device from Windows.
While connected, the host provided is ignored and all calls on the specified port are handled by the connected computer.
Disconnecting the device allows to communicate properly...
I have a really strange issue when Visual Studio resolves the server SSL certificate.
The API I am using requires me to send a certificate along with the request to 'verify who I am'. Initially I referred to this certificate within my UnitTest using X509Certificate2 and then importing it as a byte[]. What I didn't want to do, is have this laying around in my code referring to a specific location on my local disk (I want to run the unit tests automatically on my build server) so opted to install the certificate within the certificate store (which I could later install on the build server). And when I tested this Uri within the browser (IE) it asked for the certificate I wanted to use and rather stupidly I clicked OK without really reading what it was asking me to do.
Problem is, since doing this I am unable to run my unit test (I am making an HttpWebRequest) - as soon as it hits the following line it throws a WebException.
using (var response = request.GetResponse())
{
// Removed content ...
}
The exception response is null , here is the exception
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host
The only reason I can see for this error is that Visual Studio is using the wrong SSL certificate for the server connection (as I am using the test API Uri, I can verify this is sort of the case by using the live API Uri which works fine)
I have tried the following:
Removing the certificate from the store
Adding the certificate back to the store
Clearing all browser cache
Restoring IE back to 'factory settings'
Clearing the SSL cache within IE
Tried setting Keepalive to true and then false
This issue was affecting all browsers but I have managed to get it working. I have tried to use Fiddler to identify if the server is doing something crazy (including decrypting SSL connections) and I can see this is actually responding with a 403 error.
Has anyone else got any ideas?
Edit
Just tried to run this on the build server, still get the same error so I will check with the API provider to see if a/ my certificate has expired b/ their service is actually up!
System.Net.WebException: The underlying connection was closed: An
unexpected error occurred on a receive. ---> System.IO.IOException:
Unable to read data from the transport connection: An existing
connection was forcibly closed by the remote host. --->
System.Net.Sockets.SocketException: An existing connection was
forcibly closed by the remote host
Issue was with the API provider.
I need your help one more time.
I can't get how to successfully establish a StreamSocket connection from Metro application to untrusted root certificate host.
I'm connecting like this:
await socket.ConnectAsync(new HostName("_UNTRUSTED_HOST_IP_ADDRESS_"), "_SSL_PORT_", SocketProtectionLevel.Ssl);
And it fails :(
I can't establish a plain HTTP connection because of the host restriction.
Some say that I need to make a proxy server that will forward SSL queries to that untrusted host and which will mark this connection as trusted.
But how to do it? I didn't get it for now :(
I'm using Squid on my CentOS web-server and did this to squid.conf:
acl TrustedHosts url_regex _UNTRUSTED_HOST_IP_ADDRESS_
sslproxy_cert_error allow TrustedHosts
sslproxy_cert_error deny all
I need StreamSocket, because I must read to and write from the socket to make some valuable actions.
If anyone can help me with this...
I did it by modifying the Control of the StreamSocket that way :
_streamSocket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.Untrusted);
_streamSocket.Control.IgnorableServerCertificateErrors.Add(ChainValidationResult.InvalidName);
ChainValidationResult contains multiple options, choose the one best suited for you.
I have been provided with a wcf service url, private and public certificate to consume it.
My url is https:/xxxx.com/xxxx/xxxx.svc
my private certificate is xxx.pfx
my public certificate is xxxx.cer
When I try to add service reference from my client application it throws the following error.
There was an error downloading
'https://xxxx.com/xxxx/xxxx.svc'.
The underlying connection was closed:
An unexpected error occurred on a receive.
Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Metadata contains a reference that cannot be resolved:
'https://xxxx.com/xxxx/xxxx.svc'.
An error occurred while receiving the HTTP response to
https://xxxx.com/xxxx/xxxx.svc.
This could be due to the service endpoint binding not using the HTTP protocol.
This could also be due to an HTTP request context being aborted by the server
(possibly due to the service shutting down).
See server logs for more details.
The underlying connection was closed: An unexpected error occurred on a receive.
Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
If the service is defined in the current solution,
try building the solution and adding the service reference again.
I have the certificates installed under personal, trusted people, trusted publishers folder. I don't have access to the server to check the server configuration. But I have been told that this is working for different client. I am sure I am messing the installation of certificates. It would be great if someone can point me into the right direction.
Thanks,
Esen
You got to enable tracing to see whats going on at the server. The error message you posted is more generic.
http://msdn.microsoft.com/en-us/library/ff648360.aspx
http://msdn.microsoft.com/en-us/library/ms733025.aspx
First just try to remove service reference from the project, remove system.ServiceModel section from web.config and add service reference again. This will force VS to completly rebuild system.ServiceModel section. If this does not help additional wcf client configuration is required.
Here is great sample how to properly configure wcf client to use certificate:
http://www.codeproject.com/Articles/28248/Securing-WCF-Services-with-Certificates
If you are still experiencing problems after this you could be missing some custom endpointBehavior. In this case you should contact wcf service provider.