I really need help here.
I'm trying to deploy a .NET WCF Application I have been working on for the past month for the first time.
I'm using IIS 7 as my WCF host, and working with wsHTTPBinding because I need to use Session object to store credentials. My client is a WPF App that use MVVM pattern with Caliburn.Micro.
So far, I manage (I think) to succesfully create the service on IIS.
If I browse "http://localhost/Ohmio/OhmioService.svc" i see the "You create a service" message. But when I run my client and try to connect to it, my App close with an error "the application has stoped working..." bla bla bla.
This is my server Web.Config:
<?xml version="1.0"?>
<configuration>
<appSettings/>
<system.web>
<compilation targetFramework="4.0"/>
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.webServer>
<directoryBrowse enabled="true"/>
</system.webServer>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="myBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="200" maxStringContentLength="8388608" maxArrayLength="16384" maxBytesPerRead="2147483647" maxNameTableCharCount="16384" />
<security mode="None" />
<reliableSession enabled="true" />
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService1.Service1Behavior" name="WcfService1.OhmioSVC">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="myBinding" contract="WcfService1.IOhmioSVC" >
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
And this is the Client App.Config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IOhmioSVC" maxReceivedMessageSize="20000000"/>
<security mode="None" />
<reliableSession enabled="true" />
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/Ohmio/OhmioService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IOhmioSVC" contract="OhmioSVC.IOhmioSVC" name="WSHttpBinding_IOhmioSVC">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
Of couse my application works fine on my develope machine.
Please Help! I don't even know where to start looking for the cause.
Thanks!
EDIT
Ok. I put the Try catch as suggested and the error goes:
Exception: Cannot open secure cannel due to security negotiation with remote endpoint.
The inner exception:
This endpoint do not admit the action ... and only proccess WSReliableMessaging
I believe this is a duplicate of this one:
How to configure WCF Service with wsHttpBinding hosted on IIS and consumable over Web?
But I do not have the reputation to mark it as such.
I think the problem is something to do with reliable sessions (not 100% sure but my nerve is telling me). I found some article that might help you with regards to the implementation of reliable session.
Hope this would helped you :)
Related
Here is the situation, I want many clients to call my web service using username authentication over https. Security is the first priority so I am thinking of using wshttpbinding with message security. I don't know though if my thoughts are correct.
The thing is that I have already something that works but I don't know if it needs changes to achieve better security.
Here is what it's done by now.
<services>
<service name="myService" behaviorConfiguration="myBehavior" >
<endpoint address="" binding="basicHttpBinding" contract="myIService" bindingConfiguration="RequestUserName_BasicHttp" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/myService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="RequestUserName_BasicHttp">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="myvalidator, myNamespace"/>
</serviceCredentials>
So, by this way (which works) I don't think that I have best security (at least I need to send requests over https). What can I do to achieve better/best security? I have tried with wshttpbinding and https but I have some problems with certificates.
The development enviroment is Windows XP, VS2010, IIS7.5 express.
And there are a class library describing the Service and a consoleClient app for consuming it...The client has it's own app.config file in which there are the credentials (username and password).
you are already implementing user id and password verification and if you want to perform encryption and decryption of messages you must use Certificates with HttpsBinding or WsHttpBinding. More information about authentication and authorization in wcf please go through this MSDN documentation
Ok, I took into consideration Ramesh Babu answer and I change a little bit my project.
So instead of creating a class library for wcf service I created a WCF Service Application (there is this option in VS2010).Everything else remained unchanged so I made a new Web.config file like this
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="MyBehavior" name="myName">
<endpoint address="myService.svc" binding="wsHttpBinding"
bindingConfiguration="MyBinding"
contract="myService.ImyService" />
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:44400/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebugincludeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="myService.Authentication.CustomValidator, myService" />
<serviceCertificate
findValue="MyCertificate"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"
storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
<connectionStrings>
<add name="myEntities" connectionString="......" />
</connectionStrings>
</configuration>
so I needed to create a certificate and I used SelfCert to create one and copy it to TrustedPeople (typing mmc in run).
After this I created a console app to consume thw service and app.config file of app was built automatically.
Question 1: Is there a way to make setspn.exe take effects without the need to restart the computer?
Question 2: I did set the SPN and ran my WCF service on the server. The client connected using Kerberos, then I changed the Identity element at client side and tried again. I found it was using NTLM instead of Kerberos but this is fine.
When I did change the SPN in the WCF service configuration file and re-ran the service (without changing the registered SPN), I found it used Kerberos authentication at client side. why changing the identity element of WCF service doesnt make any effect?
How can this be?
NOTE: I am using fiddler to check the authentication.
Server side config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<services>
<service name="WcfServiceLibrary1.Service1">
<host>
<baseAddresses>
<add baseAddress = "https://FQDN:PORT/TESTSVC/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="service_binding" contract="WcfServiceLibrary1.IService1">
<identity>
<servicePrincipalName value="svc1/FQDN:PORT" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="service_binding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Client side config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1">
<security mode="Transport" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://FQDN:PORT/TESTSVC/"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
<identity>
<servicePrincipalName value="ismine/nhdc1.nhandal2.local:8730" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
I'm Hosting WCF Service on the localhost and the client is running in the same host, it works well when running both on the same machine but when i install the client in another machine and trying to connect to the server it fails ... here is the configuration file for the server
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="wsDualBinding">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Metadata">
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="Metadata" name="ChatService.ChatManager">
<endpoint address="duplex" binding="wsDualHttpBinding" bindingConfiguration="wsDualBinding"
contract="ChatService.IChat" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:2525/chat/" />
<!--<add baseAddress="net.tcp://localhost:1717/chat/" />-->
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
the client config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="NewBinding0">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
<client>
<endpoint address="http://192.168.1.10:2525/chat/duplex" binding="wsDualHttpBinding"
bindingConfiguration="NewBinding0" contract="ChatService.IChat" name="mgr" />
</client>
</system.serviceModel>
</configuration>
it gives me that error
The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue
wsDualHttpBinding requires the client to establish an address that the service can connect to in order to provide callbacks. This is done in the config file in the binding element, like this:
<wsDualHttpBinding name="NewBinding0"
clientBaseAddress="http://machine_name:port/Client/">
Since the client is on a different machine than the service, you'll need to specify the client's machine name.
See WSDualHttpBinding Class for more information on this binding.
I have gotten my config to work correctly now, there was a mismatch between the actual file structure and the project structure in visual studio. Stupid silly mistake :)
However, now I have the issue of transitioning from basicHttpBinding to WsHttpBinding. This is the webconfig. As you can see I have changed the first endpoint to be of the type wsHttpBinding.
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<connectionStrings>
<add name="RENTIT05ConnectionString" connectionString="Data Source=rentit.itu.dk;Initial Catalog=RENTIT05;Persist Security Info=True;User ID=Rentit05db;Password=omitted" providerName="System.Data.SqlClient" />
<add name="RENTIT05Entities" connectionString="metadata=res://*/RentIt.csdl|res://*/RentIt.ssdl|res://*/RentIt.msl;provider=System.Data.SqlClient;provider connection string="Data Source=rentit.itu.dk;Initial Catalog=RENTIT05;Persist Security Info=True;User ID=Rentit05db;Password=omitted;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />
</connectionStrings>
<system.web>
<httpRuntime executionTimeout="3600" maxRequestLength="10000000"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
<customErrors mode="Off" />
</system.web>
<system.serviceModel>
<services>
<service name="RentIt05.Services.Service" behaviorConfiguration="ServiceBehavior">
<endpoint address="RentIt05.Services.AgeRatingService" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding" contract="RentIt05.Interfaces.IAgeRatingService"></endpoint>
<endpoint address="RentIt05.Services.CommentService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.ICommentService"></endpoint>
<endpoint address="RentIt05.Services.ItemService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IItemService"></endpoint>
<endpoint address="RentIt05.Services.ItemTypeService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IItemTypeService"></endpoint>
<endpoint address="RentIt05.Services.LabelService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.ILabelService"></endpoint>
<endpoint address="RentIt05.Services.LoginService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.ILoginService"></endpoint>
<endpoint address="RentIt05.Services.RatingService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IRatingService"></endpoint>
<endpoint address="RentIt05.Services.SectionService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.ISectionService"></endpoint>
<endpoint address="RentIt05.Services.StateLogService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IStateLogService"></endpoint>
<endpoint address="RentIt05.Services.StateService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IStateService"></endpoint>
<endpoint address="RentIt05.Services.UserGroupService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IUserGroupService"></endpoint>
<endpoint address="RentIt05.Services.UserService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.IUserService"></endpoint>
<endpoint address="RentIt05.Services.TransferService" binding="basicHttpBinding" bindingConfiguration="RentItBinding" contract="RentIt05.Interfaces.ITransferService"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceThrottling maxConcurrentCalls="1000" maxConcurrentSessions="1000" maxConcurrentInstances="1000"/>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="RentItBinding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" transferMode="StreamedRequest">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="wsHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>
When I try to run this locally on localhost, I get the following error message:
Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http]..
I have found some artiles talking about IIS resolving multiple base addresses, but this is locally, so I don't know why it is not working.
Is there something I'm missing here? The config file works fine as long as I only use basicHttpBindings.
Any help will be greatly appreciated, tyvm!
Do you need security enabled? You have transport security enabled on the wsHttpBinding which will look for ssl. Your basicHttpBinding isn't using any. The error will go away if you set
<binding name="wsHttpBinding">
<security mode="None">
</security>
</binding>
Another option is to set up ssl on IIS.
I actually have two different problems depending on the way that I try to run the service that look related but show themselves in different ways. Note that the code that I am running is an EXACT duplicate of the code used in Microsofts guide with the exception of different namespaces and slightly different class names.
When I tried to run the service using this method the windows service started successfully but when it did the WCF Service Host box would pop up and it gave an error message that said there is already a listener on IP endpoint localhost:. Here is my config file when I ran this way:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<services>
<service behaviorConfiguration="CfmaWcfEphemerisLibrary.ServiceBehavior"
name="CfmaWcfEphemerisLibrary.Service1">
<endpoint address="" binding="netTcpBinding" bindingConfiguration=""
contract="CfmaWcfEphemerisLibrary.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8529/Service1" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CfmaWcfEphemerisLibrary.ServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
After fighting for a while I found a suggestion that said enabling port sharing on the tcp connection might help. I tried that but when I try to start the service it fails and in the Windows Events Logs under "Application" i get an error that says:
Service cannot be started. System.ServiceModel.AddressAlreadyInUseException: There is already a listener on IP endpoint 0.0.0.0:8529. Make sure that you are not trying to use this endpoint multiple times in your application and that there are no other applications listening on this endpoint. ---> System.Net.Sockets.SocketException: Only one usage of each socket address (protocol/network address/port) is normally permitted
at System.Net.Sockets.Socket.DoBind(EndPoint endPointSnapshot, SocketAddress socketAddress)
at System.Net.Sockets.Socket.Bind(EndPoint localEP)
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.SocketConnectionListener.Listen()
at System.ServiceModel.Channels.BufferedConnectionListener.Listen()
at System.ServiceModel.Channels.ExclusiveTcpTransportManager.OnOpen()
at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
at System.ServiceModel.Channels....
I can't figure out why I'm getting a port in use exception on a port that has sharing enabled. Here is my App.config file when I try to run the service with port sharing enabled.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<services>
<service behaviorConfiguration="CfmaWcfEphemerisLibrary.ServiceBehavior"
name="CfmaWcfEphemerisLibrary.Service1">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="tcpBinding"
contract="CfmaWcfEphemerisLibrary.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8529/Service1" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CfmaWcfEphemerisLibrary.ServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding portSharingEnabled="true" name="tcpBinding" closeTimeout="00:10:00" openTimeout="00:10:00" sendTimeout="00:10:00" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security>
<transport>
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
It may be the problem with using the same port for metadata exchange:
http://msdn.microsoft.com/en-us/library/aa702636.aspx
see "Sharing a port between a service endpoint and a mex endpoint using the NetTcpBinding" section.
In two words, this fixes the problem:
<endpoint address="net.tcp://localhost:8530/mex" ...>