I have a WCF Rest Service that I'm building. The service is hosted in IIS under an SSL. And I have the site in IIS setup to use Windows authentication with Anonymous authentication disabled.
However, when I attempt to navigate to service.svc file in the browser to test the windows authentication I am prompted from my credentials as expected. However, after entering my credentials it continuous to prompt me over and over. And I don't know why or what I'm missing.
If I re-enable Anonymous authentication and navigate to the service.svc file then the wsdl data loads..but from my understanding is no longer using windows authentication at that point.
I have tested this in IE and Firefox and both of them do the same thing.
Here is my web.config
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="WebHttpBindingConfig">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="Windows"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="httpEnabled">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceCredentials>
<windowsAuthentication allowAnonymousLogons="False" includeWindowsGroups="True"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="EndpBehavior">
<webHttp helpEnabled="true"/>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="myService" behaviorConfiguration="httpEnabled">
<endpoint address="" binding="webHttpBinding" contract="myContract" behaviorConfiguration="EndpBehavior" bindingConfiguration="WebHttpBindingConfig" />
</service>
</services>
Any help figuring this out would be great. If you need any other information please let me know. Thank you.
Problem: Continuous prompt for creds when attempting to view Service.svc in browser.
Expected result: Upon entering valid creds they Service.svc page should load
EDIT:
I was going to post images of the Auth Settings and an example of what it was dong to give a visual, but I don't have enough reputation yet. Sorry.
I figured it out. It ended up being a server configuration issue. I discovered I could load the Service.svc file from a remote machine with valid creds. So after I did some searching I found the following article:
http://warnajith.blogspot.com/2011/06/iis-75-401-unauthorized-access-error.html
The issue was I needed to DisableLoopbackCheck. So after I followed the steps on that page to update the registry it loaded correctly
Note: If you're on a windows 2012 server you do not need to do step 1 in the link provided.
Hope this helps someone else in the future.
Related
I'm building an ASP.NET website - it's a solution with a few projects, a data base and a web service. Everything worked fine, but last time I tried to run the project, I got the following error:
There was no endpoint listening at http://localhost:[number]/BooksWS.svc that could accept the
message. This is often caused by an incorrect address or SOAP action. See InnerException,
if present, for more details.
The inner exception says:
Unable to connect to the remote server
This error sort of came out of the blue, so I'm not sure what additional information I should provide. Does anyone have any idea why this could happen?
I suppose even a general answer could help, the only info I found about this error in the web concerned WCF.
go to webconfig page of your site, look for the tag endpoint, and check the port in the address attribute, maybe there was a change in the port number
Another case I just had - when the request size is bigger than the request size set in IIS as a limit, then you can get that error too.
Check the IIS request limit and increase it if it's lower than you need.
Here is how you can check and change the IIS request limit:
Open the IIS
Click your site and/or your mapped application
Click on Feature view and click Request Filtering
Click - Edit Feature Settings.
I just found also another thread in stack
IIS 7.5 hosted WCF service throws EndpointNotFoundException with 404 only for large requests
An another possible case is make sure that you have installed WCF Activation feature.
Go to Server Manager > Features > Add Features
I had this problem when I was trying to call a WCF service hosted in a new server from a windows application from my local. I was getting same error message and at end had this "No connection could be made because the target machine actively refused it 127.0.0.1:8888". I donot know whether I am wrong or correct but I feel whenever the server was getting request from my windows application it is routing to something else. So I did some reading and added below in Web.config of service host project. After that everything worked like a magic.
<system.net>
<defaultProxy enabled="false">
</defaultProxy>
</system.net>
Short answer but did you have Skype open? This interferes specifically with ASP.NET by default (and localhosts in general) using port:80.
In Windows: Go to Tools -> Options -> Advanced -> Connection and uncheck the box "use port 80 and 443 as alternatives for incoming connections".
Try this:
Delete the service instance.
Create a new instance of the service.
Sometimes the port is changed and generated error.
I tried a bunch of these ideas to get HTTPS working, but the key for me was adding the protocol mapping. Here's what my server config file looks like, this works for both HTTP and HTTPS client connections:
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="wsHttpBinding" bindingConfiguration="TransportSecurityBinding" />
</protocolMapping>
<services>
<service name="FeatureService" behaviorConfiguration="HttpsBehavior">
<endpoint address="soap" binding="wsHttpBinding" contract="MyServices.IFeature" bindingConfiguration="TransportSecurityBinding" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="HttpsBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurityBinding" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
If you are using custom binding, please make sure that you are putting the same name for both custom binding (Server and Client)in config files
<bindings>
<customBinding>
<binding name="BufferedHttpServerNoAuth" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<gzipMessageEncoding innerMessageEncoding="textMessageEncoding" MaxArrayLength="10485760" MaxBytesPerRead="31457280" MaxStringContentLength="102400000" />
<httpsTransport hostNameComparisonMode="StrongWildcard" manualAddressing="False" maxReceivedMessageSize="31457280" authenticationScheme="Anonymous" bypassProxyOnLocal="True" realm="" useDefaultWebProxy="False" />
</binding>
</customBinding>
</bindings>
the binding name "BufferedHttpServerNoAuth" should be same in both.
Hope this would help someone
This is ancient history but I just ran into this issue and the fix for me was recycling the application pool of the website in IIS. Easy fix, for once.
I changed my website and app bindings to a new port and it worked for me. This error might occur because the port the website uses is not available. Hence sometimes the problem is solved by simply restarting the machine
-Edit-
Alternative (and easier) solution:reference
Get PID of process which is using the port
CMD command-
netstat -aon | findstr 0.0:80
Use the PID to get process name -
tasklist /FI "PID eq "
Open task manager, find this process and stop it.
(Note- Make sure you do not stop Net.tcp services)
I solved it by passing the binding with endpoint.
"http://abcd.net/SampleFileService.svc/basicHttpWSSecurity"
Click on Service which you have created right click on it then select update references after this rebuild the application it will work
I have working WCF service on IIS with configured net.tcp endpoint. After disable page on IIS I'm still able to run request to my service o.O.
Disabling application pool works as expected (service is no longer available).
<system.serviceModel>
<services>
<service name="xyz.Service.Authentication.Implementation.AuthenticationService">
<endpoint binding="netTcpBinding"
bindingConfiguration="NetTcpBinding"
contract="xyz.Service.Authentication.Model.IAuthenticationService"/>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding" sendTimeout="00:00:30"
transactionFlow="false"
portSharingEnabled="false"
maxReceivedMessageSize="18000">
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="Sign"/>
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceAuthorization principalPermissionMode="UseWindowsGroups"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Is it a bug or a feature ?
I had similar problem and I found out that:
Stopping Web Site does not stop the net.tcp service
Disable App Pool disables service but does not free the port, port is still used by SMSvcHost.exe
Restarting after does not helps too.
The only way to free port ( to be used by something else ) was to delete net.tcp binding in IIS.
I spent time on this, because received wrong answers from net.tcp service. It took me while, to find out - it's not from my service, but from old disabled one. This could save time to someone else.
I was haivng a project in which earlier I was hosting only single WCF service. Everything used to work fine. Later, as part of enhancements we have added two more WCF services to the same project with different Interfaces and different SVC files. All three services share same web.config which define the three end points (corresponding to each service).
WCF services for my project are hosted as separate website with its own App Pool and port number. All three of my services share the same App pool.
With this setup when I am deploying application to test servers many times I am getting sporadic error as below and service stops working. Of the three service, one or two at a time gives this error other keeps on working.
System.ServiceModel.ServiceHostingEnvironment+HostingManager/4032828
System.ServiceModel.ServiceActivationException: The service '...svc' cannot be activated due to an exception during compilation. The exception message is: An error occurred while accessing the IIS Metabase.. --->
System.Runtime.InteropServices.COMException: An error occurred while accessing the IIS Metabase.
at System.ServiceModel.Activation.MetabaseReader..ctor
I enabled svclogs for the webservice and there I am seeing things like
......
AppDomain unloading
To: construct ServiceHost 'myservice1'
From: construct ServiceHost 'myservice1'
To: Open ServiceHost 'myservice1'
From: ServiceHost 'myservice1'
ASP.NET hosted service activated
**Wrote To Eventlog** << Exception at this point for myservice2.
I have tried This options but it doesn't help. I have also searched on net but not finding any other solution that can help.
I am having IIS6 on the test servers.
Any help would be greatly appreciated.
UPDATE:
I have observed a pattern. After Idle time, whichever service is hit first gets activated properly, other ones fails. Also, to add to Port part, we are specifically mentioning port on which this service would be running. for my application say the port number is 25000, then no other application on this server is sharing this port number, only my application. So if there are multiple Services, then they are sharing the port, but again the same setup is there for other projects having multiple SVC services and none has ever experienced this issue (as far as I know).
UPDATE 2: Below is the config file. I have typed in the config file but have tried to keep this as accurate as possible. (please ignore case-sensitive things)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="Basic" realm="prod.xxx.net" />
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviours>
<serviceBehaviours>
<behaviour name="firstServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
</serviceCredentials>
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behaviour>
<behaviours>
<serviceBehaviours>
<behaviour name="secondServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
</serviceCredentials>
</behaviour>
<behaviours>
<serviceBehaviours>
<behaviour name="thirdServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
</serviceCredentials>
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behaviour>
<services>
<service behaviourConfiguration="firstServiceBehaviour" name="...">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" name="firstServiceEndPoint" contract="IfirstServiceContract" />
</service>
<service behaviourConfiguration="secondServiceBehaviour" name="...">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" name="secondServiceEndPoint" contract="IsecondServiceContract" />
</service>
<service behaviourConfiguration="thirdServiceBehaviour" name="...">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding"
name="thirdServiceEndPoint" contract="IthirdServiceContract" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</System.ServiceModel>
I won't say this as complete answer, but this somewhat helped solve our problem. I still want to know reason / solution to actual cause of the problem. I am mentioning this work around as this might help somebody Temporarily resolve their issues as well who might face similar problem.
As I mentioned the issue was coming only when application was idle for some time. In that case IIS was shutting down (unloading) the application's AppDomain (This is from SVC Logs).
So we created a simple console app that was hitting all the services of our application every 5-10 minutes and was not letting AppDomain to shut down. There is an alternative way for achiving this - Setting IIS configuration to not to unload AppDomain (this was less feisible for us provided the shared infrastructure). This helped us to complete testing.
Then as we moved to load-balanced environments (Testing environments close to production), we suddenly stopped getting the issue and with some analysis we found that the Load-Balancer itself was pinging these services so as to make sure that they are up, and because of this App Domain of these services was never unloading.
So, for now we can say that we are not getting this issue in a load balanced environment, but the question still remains why was it even happening (for non load Balanced environments).
IIS 7.0 on Windows 2008
WCF Web Service, .NET 4 from VS 2010
Web service is installed via publishing and I have full admin rights on the server. There are several complicated methods, but there is a simple one that returns the build version. If we can get this one working, I can fix them all - here is my interface:
namespace MyNameSpace
{
[ServiceContract]
public interface WebInterface
{
[OperationContract]
[WebGet]
string GetVersion();
Attempt to connect via HTTP:// and everything works fine!
Attempt to conenct via HTTPS:// I get a 404 file not found.
I can reach the generic "You have created a web service..." page, including full web service path and the C# generic sample code when browsing to the exact same URL's both on HTTP and HTTPS.
In C#, I have read that the certificate can cause trouble, and I have already implemented the delegate overload to approve our server certificate.
I suspect missing one or more entries in the Web.config file, but I don't have a clue where to start. I have tried Google searching and Stack Overflow searching, but I haven't found the correct combination of search terms to help with this particular issue.
Web Config:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="HttpGetMetadata">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="LinkService" behaviorConfiguration="HttpGetMetadata">
<endpoint address="" contract="WebInterface" binding="basicHttpBinding" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Help Please.
You're using the defaults for basicHttpBinding, and the default security mode for that binding is None. You need to define the binding and set the security mode to Transport in your config. Add a Bindings section to your ServiceModel section, like this:
<serviceModel>
<Bindings>
<basicHttpBinding name="secureBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</basicHttpBinding>
</Bindings>
</serviceModel>
Then you need to assign this binding to your endpoint via the bindingConfiguration attribute, like this:
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureBinding"
contract="WebInterface" />
You'll probably want to enable httpsGetEnabled as well:
<serviceMetadata httpGetEnabled="true"
httpsGetEnabled="true" />
See BasicBinding with Transport Security (which is what the sample code is based on).
You can also google with terms like "BasicHttpBinding WCF SSL" and stuff like that - lots of examples and information on the web, it's just a matter of using the right words :)
Also, I'm not 100% confident that the transportClientCredential setting is correct for your scenario (it might need to be Certificate), but I've done very little with SSL for WCF.
There may be other issues as well (like how IIS is set up on your machine), but the above is what's needed for the config.
I have an 3rd party SOAP web service. I need to make a call to one of its methods. The request needs to be signed. How can I sign the request?
I assume by signing you mean that you sign the message using a certificate that is installed on the client side.
Doing this is relatively easy in WCF. Assuming you are using the wsHttpBinding in the security element you have to set the mode to SecurityMode.Message. You also have to set the clientCredentialType of the message element to MessageCredentialType.Certificate.
Then, you would have to set up a endpoint behavior and configure the clientCertificate element (which is a child of the clientCredentials element) to indicate where the client certificate is stored.
Even if you aren't using the wsHttpBinding, the configuration is pretty much the same for most of the other bindings when you want to use a client certificate to provide message-level security.
If you are making the call over HTTPS, then note that you will have to set the mode attribute on the security element to Mode.TransportWithMessageCredential.
The following is a question that was asked about using WCF to use the Amazon SOAP service which requires signing. I think the answer gives a great example, which might help with your situation.
How to sign an Amazon web service request in .NET with SOAP and without WSE
Edit: There was evidently some confusion about the link to this other StackOverflow question. I would like to point out the highest voted chosen answer. It is most definitely a WCF solution. You will notice the class SigningMessageInspector which inherits from IClientMessageInspector (a WCF interface). I think this section might help you.
Building on the very helpful answer from #casperOne I ended up with the following config:
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.2" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding>
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<!-- specifies the endpoint to use when calling the service -->
<endpoint address="https://SomeEndPointUrl/v1"
binding="wsHttpBinding"
behaviorConfiguration="SigningCallback"
contract="ServiceReference1.EboxMessagePortType" name="MyBindingConfig">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="SigningCallback">
<clientCredentials>
<clientCertificate findValue="*somecertsubjectname*"
storeLocation="LocalMachine"
storeName="TrustedPublisher"
x509FindType="FindBySubjectName"
/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
This for a soap client over https