I'm running into a configuration problem with my WCF service when trying to support both https and https. Ideally what I'd like is to run http on my dev machine and then publish to azure running https.
I followed these posts to try and run the configuration:
http://jayakrishnagudla.blogspot.com/2009/12/configuring-wcf-services-to-work-with.html
How to configure a single WCF Service to have multiple HTTP and HTTPS endpoints?
My Web.Config is as follows:
<system.serviceModel>
<services>
<service name="Backend.Services.UserService.UserService" behaviorConfiguration="">
<endpoint address=""
binding="webHttpBinding"
contract="Backend.Services.UserService.IUserService"
bindingConfiguration="HttpsBinding"
behaviorConfiguration="Web">
</endpoint>
<endpoint address=""
binding="webHttpBinding"
contract="Backend.Services.UserService.IUserService"
bindingConfiguration="HttpBinding"
behaviorConfiguration="Web"
>
</endpoint>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name ="HttpBinding">
<security mode="None">
<transport clientCredentialType="None"/>
</security>
</binding>
<binding name="HttpsBinding">
<security mode="Transport"/>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="Web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
As far as I can tell, this configuration should be correct according to the above links. However, when I build and run this service locally via http I get the following error:
Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http].
I'm not quite sure where the problem is and assume its a misconfiguration. Any help would be appreciated.
I've been trying to do this for days (years actually, but just restarted a few days ago), and the post above pointed me in the right direction with protocolMapping, but you need to specify the bindingConfiguration in the protocolMapping section to make it choose the <security mode=None> or <security mode=Transport>:
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" bindingConfiguration="ServiceBinding"/>
<add scheme="https" binding="basicHttpBinding" bindingConfiguration="ServiceBindingSSL"/>
</protocolMapping>
Leave the bindingConfiguration attribute off of the endpoint - it will be set automatically based on the protocol. Then set up the second binding configuration in your bindings section:
<basicHttpBinding>
<binding name="ServiceBinding" ...>
<security mode="None">
</security>
</binding>
<binding name="ServiceBindingSSL" ... >
<security mode="Transport">
</security>
</binding>
</basicHttpBinding>
This technique worked for me. Hope it helps you!
i finally got it working for HTTP & HTTPS, based on Rick Moss' answer. except that i did not leave away the bindingConfiguration off the endpoint, because it caused a no endpoint listening error:
<configuration>
...
<system.serviceModel>
<services>
<service name="WcfService1.Service1">
<endpoint address="" name="ep1" binding="webHttpBinding" bindingConfiguration="ServiceBinding" contract="WcfService1.IService1" behaviorConfiguration="WebBehavior" />
<endpoint address="" name="ep1" binding="webHttpBinding" bindingConfiguration="ServiceBindingSSL" contract="WcfService1.IService1" behaviorConfiguration="WebBehavior" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="ServiceBinding" ...>
<security mode="None">
</security>
</binding>
<binding name="ServiceBindingSSL" ...>
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="WebBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
...
</behaviors>
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" bindingConfiguration="ServiceBinding"/>
<add scheme="https" binding="basicHttpBinding" bindingConfiguration="ServiceBindingSSL"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
...
</configuration>
EDIT: this only seems to work with Anonymous authentication in IIS. Enabling Windows Authentication in a different web service under the same website in IIS caused:
Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http].
i hate Web.config files. they're too tightly coupled to IIS
Have you looked at the protocol mapping wcf configuration section?
<protocolMapping>
<add scheme="http" binding="wsHttpBinding"/>
<add scheme="https" binding="wsHttpBinding"/>
</protocolMapping>
Edit : I am not sure why you have configured an "https" binding under the webHttpBinding type. Shouldn't you have both http webHttpBinding and wsHttpBinding defined and assigned to your endpoint?
<webHttpBinding>
<binding name ="HttpBinding">
<security mode="None">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
Related
From Azure it is giving, when I try to post to: https://wcf/service.svc/json/DoAction it comes back with an empty response.
Below is the webconfig
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service name="SampleService" behaviorConfiguration="ChallengeBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="ChallengeMessageEncoding" contract="IService123" behaviorConfiguration="SoapServiceBehavior" />
<endpoint address="/json" binding="webHttpBinding" bindingConfigu**strong text**ration="RestServiceMessageEncoding" contract="ISampleService" behaviorConfiguration="RestServiceBehavior" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="RestServiceBehavior">
<webHttp defaultOutgoingResponseFormat="Json" automaticFormatSelectionEnabled="true" />
</behavior>
<behavior name="SoapServiceBehavior">
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="RestServiceMessageEncoding">
<security mode="None">
</security>
</binding>
</webHttpBinding>
<wsHttpBinding>
<binding name="ChallengeMessageEncoding">
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" />
<message clientCredentialType="None" establishSecurityContext="false" negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
Enable the features of WCF in Add or remove programs in your local or in VM of Azure.
I'm trying to configure WCF authentication with UserName but without success, I have tried a a lot of solution that I found already, but nothing seem to work for me.
The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'Negotiate,NTLM,Basic realm="localhost"'.
Server setting
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="basicHttpBindingConfiguration">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" negotiateServiceCredential="false" />
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="Namespace.Service" behaviorConfiguration="wsHttpBehavior">
<endpoint binding="wsHttpBinding" bindingConfiguration="basicHttpBindingConfiguration" name="Soap" bindingNamespace="/WebServices" contract="Namespace.IService">
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" name="mex" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="wsHttpBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="UserNamePasswordValidator, WebApplication" />
<!--<serviceCertificate findValue="ServiceModelSamples-HTTPS-Server" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />-->
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
On the client side
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="Soap">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost:85/WebServices/Service.svc"
binding="wsHttpBinding" bindingConfiguration="Soap" contract="ServiceReference1.IService"
name="Soap" />
</client>
</system.serviceModel>
Here is my IIS config
Most of solution that I found use Windows Transport, I need Authentication only through Username.
I check this :
https://blog.sandervanlooveren.be/posts/securing-a-wcf-service-with-username-and-password/
https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/ws-transport-with-message-credential
I have tried security mode="Message" and security mode="TransportWithMessageCredential" without success
My client code look like :
// Instantiate the proxy
var proxy = new ServiceClient();
proxy.ClientCredentials.UserName.UserName = "username";
proxy.ClientCredentials.UserName.Password = "password";
Please can anyone check my config and tell what I'm setting wrong ?
Edit:
This is a Service inside an ASP.Net MVC5 App, Can this also be a problem ?
There might be something amiss with the customUserNamePasswordValidatorType property string.It is usually in the following form
customUserNamePasswordValidatorType="Namespace.MyCustUserNamePasswordVal,Namespace"
Can you access the WSDL of hosting service? Also, turning on the anonymous authentication is enough, unnecessary to enable others authentication.
Here is my configuration, I used simplified configuration which be supported in WCF4.5, wish it is useful to you.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication customUserNamePasswordValidatorType="WcfService1.CustUserNamePasswordVal,WcfService1" userNamePasswordValidationMode="Custom"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<add binding="wsHttpBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Feel free to let me know If there is anything I can help with.
I've created my custom Certificate Authority (CA) using openssl. Then I've created certificated using the previous one and the request from IIS. So now I have chain of certificates. Then I've bound the second one to my WCF service and every thing is fine. Then on client I've installed my CA certificate in Trusted Root Certification Authority to make it able to recognize my custom certificate.
My WCF service currently run on simple http connection.
Server side:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="SyncWcfServices.MainServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
<security mode="None">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
<endpoint address="/syncService.svc" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Client side:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IMainService" maxReceivedMessageSize="2147483647" sendTimeout="00:10:00">
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/SyncService/SyncService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMainService"
contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService" />
</client>
</system.serviceModel>
So, I need to change this settings to support SSL connection. I've read a lot of post how to do it but there always using 2-way certification check that mean server must check client certificate and client must check server certificate. But I only want client to check server certificate using CA that I installed. And server will check with ordinary credentials (username, password) as it was before. I think that I have to change the security mode to Transport in both sides and server mex endpoint to mexHttpsBinding but what should I do next? Please help to resolve it.
Thanks you all!
Finally I found the correct way! So server side:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="SyncWcfServices.MainServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate
findValue = "*.mydomain.com"
storeLocation = "LocalMachine"
storeName = "My"
x509FindType = "FindBySubjectName"
/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="SyncWcfServices.MainService" behaviorConfiguration="SyncWcfServices.MainServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize" contract="SyncWcfServices.IMainService"></endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8095/Design_Time_Addresses/SyncWcfServices/MainService/" />
</baseAddresses>
</host>
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Client Side:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name = "ServiceCertificate">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode = "ChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="ExtendedMaxSize" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/SyncService/SyncService.svc"
binding="wsHttpBinding" bindingConfiguration="ExtendedMaxSize"
behaviorConfiguration = "ServiceCertificate"
contract="SyncServiceReference.IMainService" name="WSHttpBinding_IMainService">
</endpoint>
</client>
</system.serviceModel>
Hope it will help someone!
Also please look at "Programming WCF Services" (4th edition) book by Juval Lowy & Michael Montgomery. It's a great book!
This question already has answers here:
(413) Request Entity Too Large | uploadReadAheadSize
(15 answers)
Closed 8 years ago.
I have a wcf service
there is a method which gets base64 string to upload a file my file's size 100kb it may be larger in time
i got the error message: The remote server returned an error: (413) Request Entity Too Large
while try to get HttpWebResponse
this is my wcf service web.config
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpTransportSecurity" allowCookies="false" maxReceivedMessageSize="104857600">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="FHServices.FHSmartService" behaviorConfiguration="ServiceBehaviour">
<endpoint address="" binding="webHttpBinding" contract="FieldHoundServices.IFHSmartService" behaviorConfiguration="web">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost/FHServices/FHSmartService.svc/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
what is my mistake?
solved
i found my mistake
i remove these codes
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
i think transport mode for https and we have no ssl so we dont need transport mode. anyway after i remove it, everything seems ok now
You don't assign a defined WebHttpBinding configuration to your endpoint, so the endpoint uses the default values for the binding.
You can tell the endpoint to use your binding congfiguration by specifying it in the bindingConfiguration attribute on the <endpoint> element, like this:
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="webHttpTransportSecurity"
contract="FieldHoundServices.IFHSmartService"
behaviorConfiguration="web">
</endpoint>
I have a self hosted WCF service which works fine when called with wsHttpBinding or basicHttpBinding over HTTP. The clients will include Windows Phone -devices over the Internet and because they can't utilize wsHttpBinding and we definitely need more security than basicHttpBinding offers I've tried to use TransportWithMessageCredential. When using HTTP everything works great but if I switch the client to HTTPS I get these in VS: "There was no endpoint listening at https://..." and "The remote server returned an error: NotFound."
I enabled service trace and it says that it opened the HTTPS-port without any problems and when I check netstat -an it confirms that the port really is open. HTTP and wsHttpBinding calls to the service work great and they generate events to the log but these HTTPS -calls don't show up there at all. I also can't get the metadata via HTTPS although it is enabled.
The client and server are on the same machine and certificate is self-signed but it works with wsHttpBinding.
Here is the service config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service behaviorConfiguration="xyzSecuredBehavior" name="x.x.xService">
<endpoint address="/basic" binding="basicHttpBinding" bindingConfiguration="xyzBasicBinding"
contract="x.x.IxService" />
<endpoint address="/secure" binding="basicHttpBinding" bindingConfiguration="xyzBasicBindingSecure"
contract="x.x.IxService" />
<host>
<baseAddresses>
<add baseAddress="https://10.10.0.188:3003/xService" />
<add baseAddress="http://10.10.0.188:3001/xService" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="customAuthenticationBinding" maxReceivedMessageSize="1000000" closeTimeout="23:59:59" openTimeout="23:59:59" receiveTimeout="23:59:59" sendTimeout="23:59:59">
<readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" />
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="xyzBasicBinding" maxBufferSize="1000000" maxBufferPoolSize="1000000" maxReceivedMessageSize="1000000">
<readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" />
<security mode="None">
<message clientCredentialType="UserName" />
</security>
</binding>
<binding name="xyzBasicBindingSecure" maxBufferSize="1000000" maxBufferPoolSize="1000000" maxReceivedMessageSize="1000000">
<readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000" />
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="xyzSecuredBehavior">
<serviceCredentials>
<serviceCertificate findValue="xyzTestCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="z.z.AuthenticationManager, z.zz" />
<windowsAuthentication allowAnonymousLogons="false"/>
</serviceCredentials>
<serviceAuthorization serviceAuthorizationManagerType="z.z.AuthorizationManager, z.zz" />
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="1000000000" />
</behavior>
<behavior name="xyzBasicBehavior" >
<serviceAuthorization serviceAuthorizationManagerType="z.z.AuthorizationManager, z.zz" />
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="1000000000" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
And this is the client config:
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IxService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="None" />
</binding>
<binding name="BasicHttpBinding_IxService1" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://10.10.0.188:3001/xService/basic"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IxService"
contract="ServiceReference1.IxService" name="BasicHttpBinding_IxService" />
<endpoint address="https://10.10.0.188:3003/xService/secure"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IxService1"
contract="ServiceReference1.IxService" name="BasicHttpBinding_IxService1_secure" />
</client>
</system.serviceModel>
Any help is appreciated as I have already wasted a good day or two on this and googling and fiddling with the settings has led to nothing.
this is already answerd so , i am not answering it here, instead giving you the link
http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
I found the solution to this problem. Because the service is self hosted I needed to manually apply the certificate to the application. It wasn't enough that it was specified in the server config.
Detailed instructions can be found here:
http://allen-conway-dotnet.blogspot.fi/2012/02/applying-and-using-ssl-certificate-with.html