I have an application that pushes messages to a WCF endpoint via an MSMQ.
In dev, it works well when using the MSMQ protocol, but in production I need to do a network hop. I need to set this up so the queue pushes to the WCF endpoint over HTTP on a specific port (22200).
I thought this would work with SRMP, but it is not working. My outgoing MSMQ hangs with a message saying "Waiting to connect".
I've checked and I have access to the URL on the correct port.
How do I work out what the issue is?
Below is my client application configuration:
<bindings>
<netMsmqBinding>
<binding name="NetMsmqBinding_IMyProjectReceiverService" exactlyOnce="false" timeToLive="00:01:00" queueTransferProtocol="SrmpSecure">
<security mode="None" />
</binding>
</netMsmqBinding>
</bindings>
<client>
<endpoint
address="net.msmq://exampleuri.com:22200/private/MyProject.Receiver/v1/MyProjectReceiverService.svc"
contract="IMyProjectReceiverService"
binding="netMsmqBinding"
bindingConfiguration="NetMsmqBinding_IMyProjectReceiverService"
name="NetMsmqBinding_IMyProjectReceiverService" />
</client>
Related
My testing environment is:
1* Server :: SharePoint Site with WCF Service (in the ISAPI folder) and we configured the SSL and Cert on it.
1* Client :: Windows 10 with one Console Application to involve the WCF service
Testing (1) :all programs (WCF Service and Console Application) on the SharePoint Server
I created a Console application to invoke the WCF Service in SharePoint. Meantime, the Console application and WCF are on the same server. the outcome is everything works properly. It is successful to upload file into a Document Library.
Testing (2) :to simulate my client environment:
1* SharePoint :WCF Service
1* Windows 10 :Console application
the outcome failed and I got the error message:
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'NTLM'
To be honest, I stuck here for a while. I also list out a portion of my source code for someone of experience to look at. I also posted some sample code and web.config in here.
Updated.
If we enable NTLM authentication, we have to enable the windows authentication.
Then when calling the service, we need to provide windows credential.
//it will use the binding and service endpoint address in the system.servicemode section.
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
//windows account on the server.
client.ClientCredentials.Windows.ClientCredential.UserName = "administrator";
client.ClientCredentials.Windows.ClientCredential.Password = "abcd1234!";
try
{
Console.WriteLine(client.SayHello());
}
catch (Exception)
{
throw;
}
Auto-generated configuration.
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService">
<security mode="Transport">
<transport clientCredentialType="Ntlm" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://vabqia969vm:21011/" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService" contract="ServiceReference1.IService"
name="WSHttpBinding_IService">
<identity>
<userPrincipalName value="VABQIA969VM\Administrator" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Feel free to let me know if the problem still exists.
I am not able to communicate with another computer that is in my local area network over a net.tcp connection unless I turn the security mode off. If I set the security mode to "None", communication works fine. With the service model configuration set up as below on both ends of the wire, I get the error message "The server has rejected the client credentials".
The WCF service is being hosted in a Windows service on the remote computer. From what I have seen in various documentation, my configuration is set up correctly. Any ideas on what I might be doing wrong? Wild suggestions welcomed.
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_ITcpService">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
<!--Communication works if I do this
<security mode="None" />
-->
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://199.198.3.5:8520/TcpService"
binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_ITcpService"
contract="TcpServiceReference.ITcpService"
name="NetTcpBinding_ITcpService">
</endpoint>
</client>
</system.serviceModel>
My asp.net MVC application calls a wcf web service, it works fine on my machine, but when I publish it on our own staging server I get the error:
Inner Exception: No connection could be made because the target
machine actively refused it IPADDRESS:8080
Message: There was no endpoint listening at
http://IPADDRESS:8080/SERVICE.asmx that could accept the
message. This is often caused by an incorrect address or SOAP action.
See InnerException, if present, for more details.
This is the web.config
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SERVICEWebIntegrationSoap" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://IPADDRESS:8080/SERVICEwebintegration.asmx" binding="basicHttpBinding" bindingConfiguration="SERVICEWebIntegrationSoap" contract="SERVICEServiceReference.SERVICEWebIntegrationSoap" name="SERVICEWebIntegrationSoap" />
</client>
</system.serviceModel>
How I said it works on local as well as the service responds well if I use the url http://IPADDRESS:8080/SERVICEwebintegration.asmx in the browser.
Any idea?
I am pretty new to WCF and I was hoping someone could point me in the right direction.
Basically, I am trying to pull information from an existing WCF which was not developed by me.
So, for testing purposes, I created a console application and added the svc as a service reference.
I create a new instance of the client, and whenever I try to execute any of the methods, I get the following error:
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
Does this mean the WCF requires a signed certificate to authenticate the client?
If this is the case, do I need to request/provide anything from/to the WCF's provider?
I´ve looked through several post related to this issue, but all these scenarios are based on the assumption that you have access to the server.
EDIT
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="..." />
<binding name="SecureByTransport">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/Web/ConnectWcf.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ConnectBasic"
contract="ConnectBasic.IConnectBasic" name="BasicHttpBinding_IConnectBasic" />
<endpoint address="https://localhost/Web/ConnectBasicWcf.svc"
binding="basicHttpBinding" bindingConfiguration="SecureByTransport"
contract="ConnectBasic.IConnectBasic" name="SecureByTransport" />
</client>
</system.serviceModel>
</configuration>
I cannot figure out how to enable per-session instances for my WCF service while using HTTPS. (I'm not an ASP.NET expert but don't want to use ASP.NET session state if possible.) I am using .NET Framework 3.0.
I have arrived at the following contradiction and am hoping that someone can tell me where there is a flaw in the logic.
1) The service must be hosted on IIS 6 due to client mandate.
2) The service needs to maintain state between calls, including SqlConnection and SqlTransaction instances (ugly but necessary due to project constraints).
3) Therefore I need to use the wsHttpBinding.
4) The service needs to be able to access user authentication info from HttpContext.Current.User.Identity (e.g. using Windows security in IIS).
5) HTTPS is therefore required.
6) Transport-level security must therefore be configured on the binding.
7) Configuring the service to require sessions means I have to configure the wsHttpBinding to use Reliable Sessions.
8) This requires that message-level security is configured on the binding.
I.e. (6) and (8) are mutually exclusive.
It seems that using WCF sessions requires that I use message-level security, which prevents me from using HTTPS.
What am I missing?
3) True, wsHttpBinding and wsDualHttpBinding are the only HTTP bindings that support sessions
5) False, in order to authenticate the service callers you don't necessarily need to have any transport-level security (such as SSL/HTTPS). The only requirement is to configure IIS to enable Integrated Windows Authentication for a virtual directory. Then in WCF you have three possibilities to enable this scenario:
a) Use transport-level security on the wsHttpBinding with Windows credentials (HTTPS)
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SecurityEnabledWsHttp">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
b) Use message-level security on the wsHttpBinding with Windows credentials (HTTP)
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SecurityEnabledWsHttp">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
c) Run your service under the ASP.NET Compatibility Mode and enable Windows Authentication in ASP.NET (HTTP)
<system.web>
<authentication mode="Windows" />
</system.web>
Note that in a and b you will access the identity of the caller from within a service this way:
OperationContext.Current.ServiceSecurityContext.WindowsIdentity
6) True, transport-level security must be enabled on the wsHttpBinding in order to use HTTPS
7) False, Reliable Sessions is a particular implementation of Reliable Messaging for WCF sessions. Reliable Messaging is a WS-* standard specification designed to guarantee message delivery on an unreliable network. You can use WCF sessions without Reliable Messaging, and viceversa. Sessions are enabled on the service contract with this attribute:
[ServiceContract(SessionMode=SessionMode.Required)]
public interface IMyService {
// ...
}
Also remember that in order to maintain state between service calls you will explicitly have to enable the appropriate instance mode on the service contract implementation:
[ServiceBehavior(InstanceContextMode=InstanceContextMode.PerSession)]
public class MyService : IMyService {
// ...
}
There are two kinds of sessions in WCF: Secure Sessions and Reliable Sessions. The default setting for both wsHttpBinding and netTcpBinding is to use Secure Sessions.For wsHttpBinding this is accomplished with message-level security by using the client's credentials, which is the default setting for the binding.For netTcpBinding instead, the session is established at the tranport level by using the facilities of the TCP protocol.
This means that simply switching to wsHttpBinding or netTcpBinding will enable support for WCF sessions.
The alternative is to use Reliable Sessions. This has to explicitly be enabled in the binding configuration, and removes the requirement of using message security for the wsHttpBinding. So this will work:
<bindings>
<wshttpbinding>
<binding name="ReliableSessionEnabled">
<reliablesession enabled="True" ordered="False" />
<security mode="None" />
</binding>
</wshttpbinding>
</bindings>
8) False, Reliable Sessions are used independently of the security settings of the communication channel.
For a more detailed explanation, have a look at this article.
Following through on Enrico's excellent answer, these are the configs I am using:
Service:
<services>
<service name="Foo.Bar.Service">
<endpoint name="EndpointHttps"
address=""
binding="customBinding" bindingConfiguration="EndpointHttps"
contract="Foo.Bar.IService" />
</service>
</services>
<bindings>
<customBinding>
<binding name="EndpointHttps">
<reliableSession />
<mtomMessageEncoding />
<httpsTransport />
</binding>
</customBinding>
</bindings>
Client:
<client>
<endpoint name="EndpointHttps"
address="https://server/FooBar/service.svc"
binding="customBinding" bindingConfiguration="EndpointHttps"
contract="Foo.Bar.IService" />
</client>
<bindings>
<customBinding>
<binding name="EndpointHttps">
<reliableSession />
<mtomMessageEncoding />
<httpsTransport />
</binding>
</customBinding>
</bindings>
Note: still haven't gotten this to work with Windows authentication though.