When switching from no security to Certificate I get a WindowsIdentity in the IAuthorizationPolicy.Evaluate (evaluationContext.Properties.TryGetValue("Identities", out obj)? Is this by design :
From this :
<binding name="NetTcpBinding_IMyAppClientServiceRegular" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
<security mode="None">
<transport clientCredentialType="None"/>
</security>
</binding>
To this :
<binding name="netTcpCertificate" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="1000" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="200" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
<security>
<message clientCredentialType="Certificate"/>
</security>
</binding>
Is there any way to avoid getting the WindowsIdentity in IAuthorizationPolicy.Evaluate? I do only want the WindowsIdentity to be set when using this binding :
<binding name="NetTcpBinding_IMyAppClientServiceWindows" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="infinite" sendTimeout="01:00:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<reliableSession ordered="true" inactivityTimeout="infinite" enabled="false"/>
<security mode="Message">
<message clientCredentialType="Windows"/>
</security>
I noticed you have not set the mode in <security> in your netTcpCertificate config instead of what you probably want: <security mode="Message">. By not setting the mode attribute, WCF will use the default value of Transport instead of Message which is what you likely want for certificate credentials. It's possible that WCF is passing the Windows identity when the mode is set to transport but I haven't tried to verify it.
UPDATE:
Based on the comments below, you should make sure that the client config file endpoint>indentity>dns>value matches the name of server certificate CN= value. This value needs to be MyAppServer based on what you entered.
Related
For the below binding, I am getting an issue:
Unrecognized element : 'binaryMessageEncoding'
<basicHttpBinding>
<binding name="ICCHttpBinding" openTimeout="00:01:00" closeTimeout="00:01:00" sendTimeout="00:30:00" receiveTimeout="00:30:00">
<binaryMessageEncoding compressionFormat="GZip">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binaryMessageEncoding>
<httpsTransport transferMode="Streamed" maxReceivedMessageSize="6000000" maxBufferSize="6000000" maxBufferPoolSize="12000000" />
</binding>
</basicHttpBinding>
If I remove, 'binaryMessageEncoding' and try, it is raising:
Unrecognized element : 'httpsTransport'
If you want to set readquotas and use https, you could try
<basicHttpBinding>
<binding name="BindingConfig" allowCookies="false" maxBufferPoolSize="2147483647" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647" openTimeout="00:10:00"
closeTimeout="00:10:00" sendTimeout="00:15:00" receiveTimeout="00:10:00" >
<readerQuotas maxArrayLength="2147483647" maxNameTableCharCount="2147483647"
maxStringContentLength="2147483647" maxDepth="2147483647"
maxBytesPerRead="2147483647" />
<security mode="Transport" >
</security>
</binding>
</basicHttpBinding>
In the below code i place appconfig when i upload large file it throws no endpoint listening.If the file size is small it works fine.Pls help me to rectify the issue.
<binding name="BasicHttpBinding_IFileTransfer" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
textEncoding="utf-8" useDefaultWebProxy="true" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
I use following code to retrieve domain name from WCF operation context.
WindowsIdentity identity = OperationContext.Current.IncomingMessageProperties.Security.ServiceSecurityContext.WindowsIdentity;
domain = identity.Name.Split('\\')[0];
While its working as expected in my machine when I deploy the resulting domain name always comes as NT AUTHORITY.
Deployment server runs Windows server 2008 R2 and IIS 7. I am using basicHttpBinding and following is the binding configuration. Can any one point out anything that I am doing incorrectly?
<basicHttpBinding>
<binding name="BasicHttpBinding_IIdentityService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Ntlm" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
I have a windows service from which I am trying to call a method under remote webservice but I am getting error that "Could not find default endpoint element that references contract 'MyWebService.BookingCitySoap' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element."
Following is the code for that
.cs File
MyWebService.BookingCitySoapClient ws = new MyWebService.BookingCitySoapClient();
ws.CallBookStatus();
ws.CallCanStatus();
App.config
<bindings>
<basicHttpBinding>
<binding name="BookingCitySoap" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:51317/Web/BookingCity.asmx"
binding="basicHttpBinding" bindingConfiguration="BookingCitySoap"
contract="MyWebService.BookingCitySoap" name="BookingCitySoap" />
</client>
I am getting the following error when trying to use a service reference:
Urgent: wsdoallreceiver incoming message does not contain required security header
My configuration file has the following:
<configuration>
<configSections>
</configSections>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ProjectServiceSOAP11Binding" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="ProjectServiceSOAP12Binding">
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap12" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" decompressionEnabled="true" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="(address here)"
binding="basicHttpBinding" bindingConfiguration="ProjectServiceSOAP11Binding"
contract="ProjectService.ProjectServicePortType" name="ProjectServiceSOAP11port_http" />
<endpoint address="(address here)"
binding="customBinding" bindingConfiguration="ProjectServiceSOAP12Binding"
contract="ProjectService.ProjectServicePortType" name="ProjectServiceSOAP12port_http" />
</client>
</system.serviceModel>
</configuration
I am attempting to authenticate like so:
ProjectServicePortTypeClient myProjectClient = new ProjectServicePortTypeClient("ProjectServiceSOAP11Binding");
myProjectClient.ClientCredentials.SupportInteractive = true;
myProjectClient.ClientCredentials.UserName.UserName = myLogInEmail;
myProjectClient.ClientCredentials.UserName.Password = myPassword;
Is there an obvious mistake I am making?
after doing hours of additional research, i've determined i probably need to do this:
http://msdn.microsoft.com/en-us/library/ms731075.aspx