I have been developing a WCF REST service using webHttpBinding Session mode as required.But I am getting this error always "Contract requires Session, but Binding 'WebHttpBinding' doesn't support it or isn't configured properly to support it." Can any one tell what would be the reason for this ?
Quote from the MSDN forums:
You cannot use WebHttpBinding for session based communication as it
doesn't support the concept of sessions. I talked at length about
sessions here -
http://www.dotnetconsult.co.uk/weblog2/PermaLink,guid,af6e6325-2e30-42e3-acb9-57e1363fa51e.aspx.
WebHttpBinding doesn't support session for the same reason
BasicHttpBinding doesn't. If you really must have sessions then you
will have to use a binding that supports it. However, PerSession
activation is only one way to maintain per client state. Can you not
use another mechanism, say passing a session id to the service that
you use to wire up your own concept of session?
Related
I have a WCF web service using NetHttpBinding. I know I can control which protocols are available/used by using:
System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls|SecurityProtocolType.Tls11 |SecurityProtocolType.Tls12;
But is it possible to determine which protocol was actually used after make a service call?
I could explicitly set it to one protocol, then loop and make a call to see if it is successful, and repeat but that seems really clunky/slow. Any better ideas for doing this?
So I create NetTcpBinding on both sever and client side (in a runtime), but how will connection behave in case of configuration conflicts? E.g. if on server I have
binding.ReliableSession.Enabled = true;
and I forget to put same lines on client side, would the reliable session actually be working?
Edit: to rephrase, in case of any binding and any binding property, if they differ on server and client, which one will be used in work?
NetTcpBinding does not enable a reliable session by default. So although your endpoint supports a reliable session, it will not use a reliable session if it is not used/enabled by the client.
This feature needs to be configured in the configuration files for the client and service if a reliable session is required.
I'm working on a client-server project implemented using WCF. The clients are deployed on different machines and communicate with services through the internet. I'm relatively new to WCF, and am a bit confused on choosing the appropriate binding for my Web services. The clients need to be authorized to perform operations, however, I'm implementing my own authentication algorithm and trying to avoid Windows authentication for various reasons, but I still need to make sure the message transferred in the channel is encrypted.
Right now I'm using wsHttpBinding with security mode set to Message. Full configuration looks like this:
I've set the authentication type in IIS to Anonymous Authentication to make sure the requests are passed through, and was expecting a service call to fail since MessageClientCredentialType in my binding is explicitly set to Windows. However, when I run the code, the service successfully gets called and returns the expected values. I have a feeling that I'm missing something - why is the call authorized? Can I make sure the message is still encrypted even though authentication type is set to Anonymous? Any help is appreciated.
Edit
To clarify on this, I tested the service with a client deployed to a machine outside the network on a different domain.
This MSDN article kind of sums up a lot of security issues relevant to WCF
http://msdn.microsoft.com/en-us/library/ms733836.aspx
regarding your specific situation,
the negotiateServiceCredential="true" means that you streamline certificate distribution to your clients for message encryption.
This option will only work with windows clients and has some performance problems.
read more here http://msdn.microsoft.com/en-us/library/ff647344.aspx
search the topic "streamline certificate distribution" in this page.
Which account do you use to make the call to the service? Allowing anonymous in IIS lets your request pass through to the service and service should authenticate if your caller has credentials that windows understands (Active directory/NTLM).
In your case, I think you are testing it in your own environment so service responds. Once you deploy it over internet, I doubt your service will allow anybody outside of your domain if you keep clientcredentialtype to windows.
Check these link for securing services on the Internet -
http://msdn.microsoft.com/en-us/library/ms734769.aspx
http://msdn.microsoft.com/en-us/library/ms732391.aspx
We have a windows application and it consumes WCF sevice and we use Network Load balancing.Sometimes clients could not connect to wcf service(server).
we use NetTcpBinding binding. Can anyone give me an idea to solve this issue.
Can you post your bindings here?
I would turn on tracing in your web service config to check that traffic is indeed reaching all your intended endpoints. NetTcpBinding pools TCP connections by default, so it could be that the client connection has associated itself to a specific server which is now not available. This would then mean that connections would start to fail. It is recommended that you tweak the default binding settings for NetTcpBinding when used in a load balanced scenario to reduce the lease timeout so that requests are load balanced better. http://msdn.microsoft.com/en-us/library/ms730128.aspx
I want to create a WCF service that may be accessed only on localhost.
I couldn't find any reference for that, is that possible?
All the posts I had found talked about this scenario as a bug, well I'd like it as a feature.
Any ideas?
If you're flexible on protocols, you could use a netNamedPipeBinding hosted in a Windows service.
You can configure the binding for the web site it is attached to and change it to localhost, rather than *. If you are hosting other services that need external access you can always create a new web site on a different port, such as localhost:8000.
A WCF service should be agnostic about how it's hosted or accessed.
Whatever's hosting the service, on the other hand, determines how the service can be accessed.
As Mike Goodwin suggested, having your host only allow netNamedPipeBinding will restrict the service to only be accessible via the machine that the host is running on.
Here's an article on the various transport protocols, including named pipes.
Here's a pretty in depth article on hosting WCF services.