We Keep Coding

Set WCF Service endpoints at server side web config for https

I am stuck in very odd situation and do not know how to solve this issue.
I have very simple WCF service working very fine with http BUT now I want to move it to https.
The issue is Server where it needs to be hosted. Server IIS have an alias name "server-test.local" (not "localhost") with http. Its is accessible locally with this alias name. And its mapped to a Domain name with https (example, https://rmt.XXXXXXX.com).
When I deploy my WCF to that server and check WSDL file, it has mapping of the local alias name instead of public domain name.
it is showing http://server-test.local/WCFService/Service.svc (WRONG)
I want mapping like https://rmt.XXXXXXXX.com/WCFService/Service.svc (CORRECT)
Service web.config
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<pages controlRenderingCompatibilityVersion="4.0"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2000000" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer> <modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
When I add service reference to app. It adds following endpoint which is not conrrect.
Client App.config (endpoint)
<endpoint address="http://server-test.local/WCFService/Service.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IProcessing"
contract="WCFService.IService" name="BasicHttpBinding_IProcessing" />
I am able to access the url and WSDL file through browser but not able to consume any Service methods. I am getting error "There is no endpoint which can accept the message."
I think I am missing something obvious here. Please suggest me changes.

You can try to change some simple steps in the web.config file, you can refer to this post for details.
1.Enable transport level security in the web.config file of the service:
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
2.Use the bindingConfiguration tag to specify the binding name and the behaviorConfiguration tag to configure the behavior, and then specify the address of the managed service. The code is as follows:
<service name="***" behaviorConfiguration="***">
<endpoint address= https://rmt.XXXXXXXX.com/WCFService/Service.svc
binding="basicHttpBinding"
bindingConfiguration="???"
contract="WCFService.IService"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>

Unable to access the WCF Service metadata when custom validator is introduced

I have a web service(using wsHttpBinding and SSL) developed in Visual Studio 2017. Whenever i introduce the following line, the Web Service just fails and it goes into the "faulted" state.
<authentication certificateValidationMode="Custom" customCertificateValidatorType="SampleProject.SampleService.AuthenticationCertificateValidator, SampleProject.SampleService"/>
The error message when attempting to "Add Service Reference" on the client side i recieve the following error:
There was an error downloading 'https://localhost/SampleService/service'.
The request failed with HTTP status 404: Not Found.
Metadata contains a reference that cannot be resolved:
'https://localhost/SampleService/service'.
There was no endpoint listening at https://localhost/SampleService/service
that could accept the message. This is often caused by an incorrect address
or SOAP action. See InnerException, if present, for more details.
The remote server returned an error: (404) Not Found.
If the service is defined in the current solution, try building the
solution and adding the service reference again.
Here is the code relating to the validator.
public class AuthenticationCertificateValidator : X509CertificateValidator
{
string allowedIssuerName;
public AuthenticationCertificateValidator(string allowedIssuerName)
{
if (allowedIssuerName == null)
{
throw new ArgumentNullException("allowedIssuerName");
}
this.allowedIssuerName = allowedIssuerName;
}
public override void Validate(X509Certificate2 certificate)
{
// Check that there is a certificate.
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
// Check that the certificate issuer matches the configured issuer.
if (allowedIssuerName != certificate.IssuerName.Name)
{
throw new SecurityTokenValidationException
("Certificate was not issued by a trusted issuer");
}
}
}
However the service works fine when i only have the "ChainTrust" line enabled as shown below:
<!--certificateValidationMode="Custom"
customCertificateValidatorType
="SampleProject.SampleService.AuthenticationCertificateValidator,
SampleProject.SampleService"/>-->
<authentication certificateValidationMode="ChainTrust" />
Ideally i want my service and client to use ChainTrust and also use the custom validator class if that's possible?
Therefore what am i doing wrong regarding configuration? Am i missing something from the config file?
Here is the full Service config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="SampleProject.SampleService.SampleService"
behaviorConfiguration="SampleService_Behavior">
<endpoint
address="https://localhost/SampleService/service"
binding="wsHttpBinding"
bindingConfiguration="SampleService_Binding"
contract="SampleProject.SampleService.ISampleService" />
<endpoint
address="https://localhost/SampleService/service/mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="SampleService_Binding"
maxReceivedMessageSize="2147483647"
maxBufferPoolSize="2147483647" >
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483646"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SampleService_Behavior">
<!--Service metadata is needed for when you have an mex endpoint exposed-->
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost/SampleService/service/mex"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
<!--The serviceCredentials behavior defines a service certificate
which is used by the service to authenticate itself to its
clients and to provide message protection. -->
<serviceCredentials>
<serviceCertificate
findValue="SampleServer"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<clientCertificate>
<!--<authentication certificateValidationMode="ChainTrust" />-->
<authentication
certificateValidationMode="Custom"
customCertificateValidatorType
="SampleProject.SampleService.AuthenticationCertificateValidator,
SampleProject.SampleService"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webBehaviour">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
if someone could assist me that would be much appreciated.

WCF Service - 404.13 error - though maxAllowedContentLength and maxRequestLength are set

I'm quite new to WCF services, and I just ran into this known issue, when the uploaded file is too big to upload. My situation is strange because I set both maxAllowedContentLength and maxRequestLength to a high number, so it should have no problems with uploading 300 MB files... With small files it works perfectly, so for me it seems like it just forgets about my settings. I tried so many ideas to solve this problem, so maybe I messed up things in my config file, there may be some unnecessary parts, but still I couldn't find the solution.
I'm working with IIS 10 and .Net 4.5.
My WCF Service configuration:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" maxRequestLength="4048576" requestLengthDiskThreshold="4048576" executionTimeout="3600" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="TileServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="FileUploadServiceBehavior">
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ITileService" sendTimeout="01:00:00" maxBufferSize="5000000" />
<binding name="HttpBinding_MTOM"
messageEncoding="Text"
transferMode="Streamed"
maxReceivedMessageSize="4294967294"
maxBufferSize="65536"
maxBufferPoolSize="65536" />
<binding name="BasicHttpBinding_ITileServiceUpload"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536"
maxBufferPoolSize="524288"
maxReceivedMessageSize="4294967294"
messageEncoding="Text"
textEncoding="utf-8"
transferMode="Streamed"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/AEGIS.TileService/TileService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ITileServiceUpload" contract="AEGIS.TileService.ITileService" name="BasicHttpBinding_ITileServiceUpload" />
</client>
<services>
<service behaviorConfiguration="FileUploadServiceBehavior" name="AEGIS.TileService.TileService">
<endpoint address="winceStream" binding="basicHttpBinding" bindingConfiguration="HttpBinding_MTOM" contract="AEGIS.TileService.ITileService" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="4294967295" maxUrl="4294967295" maxQueryString="4294967295" />
</requestFiltering>
</security>
The web.config file from my ASP.NET web app, where the service is referenced.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ITileService"/>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/AEGIS.TileService/TileService.svc/winceStream" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ITileService" contract="TileService.ITileService" name="BasicHttpBinding_ITileService"/>
</client>
My upload method is implemented like this:
public void UploadFile(FileUploadMessage request)
{
string basePath = AppDomain.CurrentDomain.BaseDirectory + #"\Images\";
string serverFileName = Path.Combine(basePath, request.Filename);
using (FileStream outfile = new FileStream(serverFileName, FileMode.Create))
{
const int bufferSize = 65536; // 64K
Byte[] buffer = new Byte[bufferSize];
int bytesRead = request.FileByteStream.Read(buffer, 0, bufferSize);
while (bytesRead > 0)
{
outfile.Write(buffer, 0, bytesRead);
bytesRead = request.FileByteStream.Read(buffer, 0, bufferSize);
}
}
}
Where FileUploadMessage is like this:
[MessageContract]
public class FileUploadMessage
{
[MessageHeader(MustUnderstand = true)]
public string Filename;
[MessageBodyMember(Order = 1)]
public Stream FileByteStream;
}
EDIT 1:
http://ipswitchft.force.com/kb/articles/FAQ/Unable-to-transfer-files-over-30MB-with-the-Web-Transfer-Module-or-Ad-Hoc-Transfer-Module-1307565986108
I found this article about this issue. Maybe my problem is not with the WCF service or config, but with IIS?
I set the requestLimits of the Default App Pool also to 1000000000. The error still appears.
Also in Option 3 the article writes about changing the ApplicationHost.config. The strange thing is that I don't have anything in that file about requestLimits. Maybe that's the main problem?

Your are probably dealing with multiple "issues".
Remember to configure your Server AND Client accordingly!
First, i would configure my .NET runtime (WCF) and IIS behavior
https://stackoverflow.com/a/6472631/1498669
NOTE: maxRequestLength is in KILOBYTES whereas maxAllowedContentLength is in BYTES
I would:
set the default IIS parameter for your specific application (not for the whole machine!) using web.config in your base webfolder to a 'relatively' high value
<system.webServer>
<security>
<requestFiltering>
<!-- maxAllowedContentLength defaults to 30000000 BYTES = 30MB -->
<!-- i use 100MB (100 *1024*1024)-->
<requestLimits maxAllowedContentLength="104857600" />
</requestFiltering>
</security>
</system.webServer>
https://support.microsoft.com/en-us/kb/944981
https://msdn.microsoft.com/en-us/library/ms689462.aspx
set the .NET Framework parameter to my expected 'max' value (at least a bit lower than the iis value) in KB to be able to catch the exception before iis presents me a error website (note: also raise the timeout for big data to transfer).
<system.web>
<!-- maxRequestLength defaults to 4096 KILOBYTES = 4MB -->
<!-- i use 80MB (80 *1024) -->
<!-- please notes that if you use base64 encoded messages -->
<!-- you have to calculate the overhead with CEIL(nBytes/3)*4 -->
<!-- executionTimeout defaults to 110 SECONDS, i use 5 minutes -->
<httpRuntime maxRequestLength="81920" executionTimeout="600" />
</system.web>
https://support.microsoft.com/en-us/kb/295626
https://msdn.microsoft.com/en-us/library/system.web.configuration.httpruntimesection.maxrequestlength.aspx
https://msdn.microsoft.com/en-us/library/e1f13641(v=vs.100).aspx
after that, i configure my endpoints and their bindings
https://msdn.microsoft.com/en-us/library/ms733865.aspx
Also see https://stackoverflow.com/a/36931852/1498669 for the different attributes and their meaning.
As reference, the machine web.configs are located in (depending if you are using 2.0/4.0 and 32/64bits):
32bit / net2.0-3.5
C:\Windows\Microsoft.NET\Framework\v2.0.50727\Config\web.config
32bit / net4.x
C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\web.config
64bit / net2.0-3.5
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config\web.config
64bit / net4.x - this mostly gets used in Server2008R2 and higher
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config\web.config
in these directories there are also:
web.config.default - you can copy that over web.config to reset your machine config, if you unintentionally altered the machine config!
web.config.comments - for a specific explanation of the attrs/elements
If you want to get in touch to all available elements/attributes - consult your visual studio installation directory, e.g:
C:\Program Files (x86)\Microsoft Visual Studio 14.0\Xml\Schemas\DotNetConfig45.xsd
Offtopic: as additional info to your security settings, see https://msdn.microsoft.com/en-us/library/ff648505.aspx

You need to make similar changes to Web config as well.
You are using "BasicHttpBinding_ITileService" in the web. Therefore in the WCF config and Web config file needs to have similar configuration.
<binding name="BasicHttpBinding_ITileService"
maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</binding>

HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.(For basic Authentication)

I want to enable "Basic" Authentication to my service. Disabled anonymous and windows Auth. And enabled "basicAuthentication" in applicationhost.config, but im not able access the service. Getting below error.
HTTP Error 401.2 - Unauthorized You are not authorized to view this page due to invalid authentication headers.
I am using IIS Express 10. Here is my applicationhost.config
<authentication>
<anonymousAuthentication enabled="false" userName="" />
<basicAuthentication enabled="true" />
<clientCertificateMappingAuthentication enabled="false" />
<digestAuthentication enabled="false" />
<iisClientCertificateMappingAuthentication enabled="false">
</iisClientCertificateMappingAuthentication>
<windowsAuthentication enabled="false">
<providers>
<add value="Negotiate" />
<add value="NTLM" />
</providers>
</windowsAuthentication>
</authentication>
And here is my Web.config
<?xml version="1.0"?>
<!--
For more information on how to configure your ASP.NET application, please visit
http://go.microsoft.com/fwlink/?LinkId=169433
-->
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5.2">
<assemblies>
<add assembly="System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
</assemblies>
</compilation>
<httpRuntime targetFramework="4.5.2"/>
</system.web>
<!--Enable directory browsing in the Server-->
<system.webServer>
<directoryBrowse enabled="true"/>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpTransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="MyWCFServices.DemoREST" behaviorConfiguration="DemoREST">
<!--Define base https base address-->
<host>
<baseAddresses>
<add baseAddress="https://localhost:44300/HelloWorldService.svc/"/>
</baseAddresses>
</host>
<!--webHttpBinding allows exposing service methods in a RESTful manner-->
<endpoint name="rest" address="" binding="webHttpBinding"
contract="MyWCFServices.IDemoREST" bindingConfiguration="webHttpTransportSecurity"
behaviorConfiguration="DemoREST"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DemoREST">
<!-- To avoid disclosing metadata information, set the value below to
false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true.
Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<!--Using custom username and Password-->
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyWCFServices.CustomUserNameValidator, HelloWorldService" />
</serviceCredentials>
<serviceAuthenticationManager authenticationSchemes="Basic"/>
</behavior>
</serviceBehaviors>
<!--Required default endpoint behavior when using webHttpBinding-->
<endpointBehaviors>
<behavior name="DemoREST">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And Custom validator class:
namespace MyWCFServices
{
class CustomUserNameValidator : UserNamePasswordValidator
{
// This method validates users. It allows in two users, user1 and user2
// This code is for illustration purposes only and
// must not be used in a production environment because it is not secure.
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException("You must provide both the username and password to access this service");
}
if (!(userName == "user1" && password == "test") && !(userName == "user2" && password == "test"))
{
// This throws an informative fault to the client.
throw new FaultException("Unknown Username or Incorrect Password");
// When you do not want to throw an informative fault to the client,
// throw the following exception.
// throw new SecurityTokenException("Unknown Username or Incorrect Password");
}
}
}
}
Please guide me if I am wrong anywhere.

Credentials passed from client to WCF do not make it there

Im trying to pass windows credentials into WCF service that requires windows authentication but it seems like my credentials are not making it into the service. My service does not throw any errors but when I check either of the 2 below they are empty.
var user = WindowsIdentity.GetCurrent().User;
var callerUserName = ServiceSecurityContext.Current.WindowsIdentity.User;
Here is my client side code
ServiceReference1.DispatchServiceClient service = new DispatchServiceClient();
service.ClientCredentials.Windows.ClientCredential = ServiceCredentialsManager.GetNetworkCredentials();
service.ClientCredentials.UserName.UserName= ServiceCredentialsManager.GetNetworkCredentials().UserName;
service.ClientCredentials.UserName.Password = ServiceCredentialsManager.GetNetworkCredentials().Password;
Client config -
<basicHttpBinding>
<binding name="BasicHttpsBinding_IDispatchService">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
<basicHttpsBinding>
<binding name="basicHttpsBindingMax" maxBufferSize="999999999"
maxReceivedMessageSize="999999999">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpsBinding>
</bindings>
Service config -
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpsBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Please note that in order to use Windows Authentication both service and the client application has to be run in the same Windows domain.
Please also make sure that that in the client the values You assign are not empty. Usually, the password isn't accessible from code when Windows authentication is used.
If the service client is authenticated using Windows Authentication, You probably shouldn't manually pass the credentials to the service. The authentication process should be handled automatically by the WCF and doesn't rely simply on sending the credentials, but for example it can use Kerberos ticket instead.
Please take a look here for some description and code samples for client and service:
https://msdn.microsoft.com/en-us/library/ms734673%28v=vs.110%29.aspx
https://msdn.microsoft.com/en-us/library/ms733089%28v=vs.110%29.aspx
Update
After some research I've found several sources suggesting that setting credentials appropriately in the client code may enable WCF to authenticate from outside the domain:
https://devdump.wordpress.com/2009/04/29/wcf-windows-authentication-and-external-users/
http://subbusspace.blogspot.com/2009/10/accessing-wshttp-wcf-service-from.html
The code samples suggested in those articles are similar, but slightly different to the one You've posted in the question. I haven't tested those methods and they may not work in all scenarios.