Question 1: Is there a way to make setspn.exe take effects without the need to restart the computer?
Question 2: I did set the SPN and ran my WCF service on the server. The client connected using Kerberos, then I changed the Identity element at client side and tried again. I found it was using NTLM instead of Kerberos but this is fine.
When I did change the SPN in the WCF service configuration file and re-ran the service (without changing the registered SPN), I found it used Kerberos authentication at client side. why changing the identity element of WCF service doesnt make any effect?
How can this be?
NOTE: I am using fiddler to check the authentication.
Server side config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<services>
<service name="WcfServiceLibrary1.Service1">
<host>
<baseAddresses>
<add baseAddress = "https://FQDN:PORT/TESTSVC/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="service_binding" contract="WcfServiceLibrary1.IService1">
<identity>
<servicePrincipalName value="svc1/FQDN:PORT" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="service_binding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Client side config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1">
<security mode="Transport" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://FQDN:PORT/TESTSVC/"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
<identity>
<servicePrincipalName value="ismine/nhdc1.nhandal2.local:8730" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Related
I am trying to increese the BufferSize, so I can get all my data from SQL database. This is my configuration file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<bindings>
<basicHttpBinding>
<binding name="basicHttp" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding>
</bindings>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="NewBinding0" />
</basicHttpBinding>
</bindings>
<services>
<service name="WCF_Services_library.Service1">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/WCF_Services_library/Service1/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address="" binding="basicHttpBinding" contract="WCF_Services_library.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,
set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<connectionStrings>
<add name="ScannerAppEntities" connectionString="metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string="data source=CZMODDT47QYF82\SQLTEST;initial catalog=ScannerApp;integrated security=True;MultipleActiveResultSets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
<parameters>
<parameter value="mssqllocaldb" />
</parameters>
</defaultConnectionFactory>
<providers>
<provider invariantName="System.Data.SqlClient" type="System.Data.Entity.SqlServer.SqlProviderServices, EntityFramework.SqlServer" />
</providers>
</entityFramework>
</configuration>
I am getting the error that there is something wrong with my configuration -bindings on the line 3.
The <bindings> tag cannot go below the <configuration> tag - it's a child of <system.serviceModel> - hence the error you're seeing.
Additionally, as currently defined in your config, the binding you specified (with the larger quotas) will not be used since it is neither a default binding (default bindings omit the name attribute) nor is it assigned to the endpoint via the bindingConfiguration attribute. This means you'll get the default (greatly lower) values for basicHttpBinding.
Two changes to your config file - first, move the <bindings> from below <configuration> to below <system.serviceModel>. Secondly, assign the "basicHttp" binding to the endpoint.
Final note - it looks like this is the app.config from a WCF Service Library project (i.e., a class library). Per the comment in the config file, you'll need to move the <system.serviceModel> section to the config file of the application that is hosting the service, as class libraries do not use config files.
You're <system.serviceModel> should look something like the following:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttp" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WCF_Services_library.Service1">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/WCF_Services_library/Service1/" />
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="basicHttp"
contract="WCF_Services_library.IService1" />
<!-- Metadata Endpoints -->
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Note the <bindings> section is now under <system.serviceModel> and the "basicHttp" binding configuration is assigned to your endpoint via the bindingConfiguration attribute.
<bindings>
<basicHttpBinding>
Those can only be defined once and should be inside of the system.serviceModel node.
you must match your config as below
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="NewBinding0" />
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCF_Services_library.Service1Behavior"
name="WCF_Services_library.Service1">
<endpoint address="http://localhost:8733/Design_Time_Addresses/WCF_Services_library/Service1"
binding="basicHttpBinding" bindingConfiguration="NewBinding0"
contract="WCF_Services_library.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/Design_Time_Addresses/WCF_Services_library/Service1/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCF_Services_library.Service1Behavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
you should put the code between the system.serviceModel tags
Here is the situation, I want many clients to call my web service using username authentication over https. Security is the first priority so I am thinking of using wshttpbinding with message security. I don't know though if my thoughts are correct.
The thing is that I have already something that works but I don't know if it needs changes to achieve better security.
Here is what it's done by now.
<services>
<service name="myService" behaviorConfiguration="myBehavior" >
<endpoint address="" binding="basicHttpBinding" contract="myIService" bindingConfiguration="RequestUserName_BasicHttp" >
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/myService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="RequestUserName_BasicHttp">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="myvalidator, myNamespace"/>
</serviceCredentials>
So, by this way (which works) I don't think that I have best security (at least I need to send requests over https). What can I do to achieve better/best security? I have tried with wshttpbinding and https but I have some problems with certificates.
The development enviroment is Windows XP, VS2010, IIS7.5 express.
And there are a class library describing the Service and a consoleClient app for consuming it...The client has it's own app.config file in which there are the credentials (username and password).
you are already implementing user id and password verification and if you want to perform encryption and decryption of messages you must use Certificates with HttpsBinding or WsHttpBinding. More information about authentication and authorization in wcf please go through this MSDN documentation
Ok, I took into consideration Ramesh Babu answer and I change a little bit my project.
So instead of creating a class library for wcf service I created a WCF Service Application (there is this option in VS2010).Everything else remained unchanged so I made a new Web.config file like this
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="MyBehavior" name="myName">
<endpoint address="myService.svc" binding="wsHttpBinding"
bindingConfiguration="MyBinding"
contract="myService.ImyService" />
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:44400/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebugincludeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="myService.Authentication.CustomValidator, myService" />
<serviceCertificate
findValue="MyCertificate"
x509FindType="FindBySubjectName"
storeLocation="LocalMachine"
storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
<connectionStrings>
<add name="myEntities" connectionString="......" />
</connectionStrings>
</configuration>
so I needed to create a certificate and I used SelfCert to create one and copy it to TrustedPeople (typing mmc in run).
After this I created a console app to consume thw service and app.config file of app was built automatically.
I´m trying to implement a Wcf Duplex Service in my Windows Store Application. In my .NET WPF Application everything works fine. I use a NetTcpBinding.
Here is my Service Config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="myNetTcpBinding" receiveTimeout="00:30:00">
<reliableSession enabled="true" inactivityTimeout="24.20:31:23"/>
</binding>
</netTcpBinding>
</bindings>
<services>
<service name="CnS.Base.Services.MessageHub.MessageHubService">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="myNetTcpBinding" contract="CnS.Base.Services.MessageHub.IMessageHubService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration="" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress = "net.tcp://localhost:8655/MessageHubService" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="False" httpsGetEnabled="False"/>
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
If i call a Method from the WCF Service i get a ActionNotSupportedException.I figured out that if i set
<reliableSession enabled=false"/>
It works fine. But my Problem is now that the Wcf connection is closed to my Windows Store App and i can´t Push Messages to this client.
Does anyone know a workaround for this Problem?
I new to wcf however i'm attempting to use net.tcp binding wcf service to transmit an xml file to the client.
I can get up to creating the xml file and upon attempting to connect to my wcf service fails.
I followed this guide http://msdn.microsoft.com/en-us/library/ff647180.aspx up to creating the windows test app, i'm using a web project for this.
I have added the service reference to project and below is the code i'm attempting to execute:
public string SendXMLDocument(XmlDocument xDoc)
{
var message = Message.CreateMessage(MessageVersion.Soap11, "Request_for_action", new XmlNodeReader(xDoc));
var factory = new ChannelFactory<IActionServiceLibrary>("IMMS.ActionsServiceLibrary.IActionServiceLibrary");
var channel = factory.CreateChannel();
var response = channel.Request(message);
channel.Close();
return response.ToString(); //this should come back okay..
}
my library appconfig looks like:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<client>
<endpoint address="net.tcp://localhost:8080/ActionService/" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IActionServiceLibrary" contract="IMMS.ActionsServiceLibrary.IActionServiceLibrary"
name="IMMS.ActionsServiceLibrary.IActionServiceLibrary">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
<services>
<service name="IMMS.ActionsServiceLibrary.ActionServiceLibrary">
<endpoint address="net.tcp://localhost:8080/ActionService/" binding="netTcpBinding" bindingConfiguration=""
contract="IMMS.ActionsServiceLibrary.IActionServiceLibrary">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8080/ActionService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="Action_Service" sendTimeout="00:01:00" transactionFlow="false"
listenBacklog="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" portSharingEnabled="false">
<reliableSession enabled="false" />
<security mode="None">
<transport clientCredentialType="None" protectionLevel="None" />
<message clientCredentialType="None" />
</security>
</binding>
<binding name="NetTcpBinding_IActionServiceLibrary" />
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
the app config for the service:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<client>
<endpoint address="net.tcp://localhost:8080/ActionService/" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IActionServiceLibrary" contract="IMMS.ActionsServiceLibrary.IActionServiceLibrary"
name="IMMS.ActionsServiceLibrary.IActionServiceLibrary">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
<services>
<service name="IMMS.ActionsServiceLibrary.ActionServiceLibrary">
<endpoint address="net.tcp://localhost:8080/ActionService/" binding="netTcpBinding" bindingConfiguration=""
contract="IMMS.ActionsServiceLibrary.IActionServiceLibrary">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8080/ActionService/" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="Action_Service" sendTimeout="00:01:00" transactionFlow="false"
listenBacklog="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" portSharingEnabled="false">
<reliableSession enabled="false" />
<security mode="None">
<transport clientCredentialType="None" protectionLevel="None" />
<message clientCredentialType="None" />
</security>
</binding>
<binding name="NetTcpBinding_IActionServiceLibrary" />
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
i get a name mismatch on the channel creation.
any help to point me in the right direction for transmitting a xml file through wcf would be great.
I found out that my config file was messed up after fixing the errors it works now.
I'm Hosting WCF Service on the localhost and the client is running in the same host, it works well when running both on the same machine but when i install the client in another machine and trying to connect to the server it fails ... here is the configuration file for the server
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="wsDualBinding">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Metadata">
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="Metadata" name="ChatService.ChatManager">
<endpoint address="duplex" binding="wsDualHttpBinding" bindingConfiguration="wsDualBinding"
contract="ChatService.IChat" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:2525/chat/" />
<!--<add baseAddress="net.tcp://localhost:1717/chat/" />-->
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
the client config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="NewBinding0">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
<client>
<endpoint address="http://192.168.1.10:2525/chat/duplex" binding="wsDualHttpBinding"
bindingConfiguration="NewBinding0" contract="ChatService.IChat" name="mgr" />
</client>
</system.serviceModel>
</configuration>
it gives me that error
The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue
wsDualHttpBinding requires the client to establish an address that the service can connect to in order to provide callbacks. This is done in the config file in the binding element, like this:
<wsDualHttpBinding name="NewBinding0"
clientBaseAddress="http://machine_name:port/Client/">
Since the client is on a different machine than the service, you'll need to specify the client's machine name.
See WSDualHttpBinding Class for more information on this binding.