I have a wcf service that run on a server. I have two clients that connecs to the service. We use username and password to authenticate the client.But I recreated the certificate in the same location as previous using PluralSight Software
But after configuring the client to connect to the service I have got following error.
The identity check failed for the outgoing message. The expected identity is 'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint)' for the target endpoint
I got the above error when I tried to login to the service. I have shared my configuration details here.. any help would be appreciated.
CLIENT APP.CONFIG VIA WCF CONFIGURATION EDITOR
SERVICE WEB.CONFIG VIA WCF CONFIGURATION EDITOR
I found the answer. This happens because if you create a new certificate on server which wcf service host then you need to update the service reference in client application. so it will update the app.config file of the client application with latest identity value.
Related
[Sorry SO not allowing me to post inline images as I am a new user, Please click on the link for images.]
I am getting IDX10205: Issuer Validation failed error when I try to retrieve authorization details from the identity service by passing a authentication token. Here is what I do.
Flow Diagram
My Identity service is running in my local machine and listening on the port 5008. For some reasons I am unable to run the identity service in docker containers.
With postman I request for an authentication token from this Identity Service with the base URL https://localhost:5008
I have a .net core API running from a docker container under the port 5041. I set the authentication endpoint to https://host.docker.internal:5008
I make a call from my API to the identity service by passing the authentication token. But I am getting the below failure message at the Identity Server end.
Error Message:
I think that this issue is because of the difference in the domain names (localhost vs host.docker.internal). Could you please help me with how to make it work locally in my machine with this setup?
Note: I have also added this to the Startup.cs class but it is still failing.
enter image description here
I'm trying to make a call to a wcf service from an Azure function hosted in Azure. The wcf service requires a certificate.
I'm able to call to wcf service when I do debug in local machine (I import successfully the cert) but in Azure I got the error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
I believe this is due to missing certificate in Azure side.
I try to upload the .cer to Public Key Certificates (.cer) but still doesn't work. My Function app still returns the same error "The HTTP request was forbidden with client authentication scheme 'Anonymous'."
Please let me know how to make my request accept in wcf service?
It would be nice if we have solution in Azure Portal rather than doing PowerShell.
Note: I use the same certification and source code when I do debug in local machine and when I publish to Azure Function.
Thank you.
thank you for your time.
The issue has been resolved in WCF side. The WCF guy adds the Azure Function IP address to the white list and it works. It's nothing to do with Azure Function.
Looks like the same issue with this one.
I've written a simple WebAPI Service (hosted with OWIN in a Windows Service) and put the [Authorize] attribute on the POST-method. As I understand, only "known" users can now access the service (don't worry, I know, all known users is not really safe yet).
My test client works fine so far when the host and the client are located on the same machine (f.ex. my workstation). However when I deploy the service on a server machine, and try again to call the service, I get a HTTP 400 failure when using the System.Net.Http.HttpClient and set httpClientHandler.UseDefaultCredentials=true, or a HTTP 401 when I use System.Net.WebClient and set webClient.UseDefaultCredentials=True.
So it seems the authentication mechanism acts different depending if the service is hosted local or remote.
For test reason I've also tried to set the credential explicit with user and password, but with exactly the same result.
However, what do I miss here? Any suggestions?
Thank you in advance!
verify the machine keys.
If the authorization server and the resource server are not on the same computer, the OAuth middleware will use the different machine keys to encrypt and decrypt bearer access token. In order to share the same private key between both projects, we add the same machinekey setting in both web.config files.
https://learn.microsoft.com/en-us/aspnet/aspnet/overview/owin-and-katana/owin-oauth-20-authorization-server
Created a Basic Azure Service Fabric , Stateful Service, using reliable service framework using .NET core.
Created a values controller with get operation returning string collection
created endpoint configuration in service manifest with protocol of http
Created DNS service name in the application manifest for the service
Created Azure service fabric Cluster from portal
Configured the nodes with ReverseProxy and Enable DNS
Configured the LB rules 8081,80,19080,19000
Have healthprobe at 19000,19080,8081
Published my azure fabric application from Visual studio, and I can open the fabric explorer, it shows my services are deployed correctly
but not able to access the service from outside of cluster
http://domain.eastus2.cloudapp.azure.com:19080/MyCalculatorApplication/AgeCalculatorService/api/values throws exception as {"Error":{"Code":"E_INVALIDARG","Message":"Invalid argument"}}
When you are trying to use the naming service of service fabric, first you should resolve the endpoint using this url:
http://domain.eastus2.cloudapp.azure.com:19080/Services/MyCalculatorApplication/AgeCalculatorService/$/ResolvePartition?api-version=3.0&PartitionKeyType=1&timeout=60
Then you can use one of the endpoints
I'm not sure that this is the correct endpoint.
Your url should be something like this:
http://domain.eastus2.cloudapp.azure.com:SERVICEPORT/api/values
We have an existing web service (SOAP/XML) which is windows authenticated. We are adding a new WCF service which has anonymous authentication. When calling a function from the existing web service from the WCF service I get the following error
The request failed with HTTP status 401: Unauthorized.
We do have other console and web applications calling the existing service with no issues.
I tried setting the UseDefautlCredentials to True and does not make a difference (WS.UseDefaultCredentials = True).
Also tried adding the existing service as a service reference as opposed to a web reference and I get a different error
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
I really do not want to change the authentication to anonymous on the existing web service since it is AD authenticated.
Would really appreciate any kind of help. Thanks a lot.
Your problem it's something called double hop.
You have some options, use kerberos, pass in your code a valid credentials when your are calling a soap service or impersonate your wcf service, but you have to test it.
<serviceAuthorization impersonateCallerForAllOperations="true" />