I have been in the process of converting a http application to https and ssl with a self signed certificate.
for some reason i have to go in the browser to localhost:##### to start the service.
Once the service is started, i test it with the following call in the visual studio 2012 comman prompt:
svcutil.exe https://localhost:10201/?wsdl
and it comes back with
Error: Cannot obtain Metadata from https://localhost:10201/?wsdl
If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.
WS-Metadata Exchange Error
URI: https://localhost:10201/?wsdl
Metadata contains a reference that cannot be resolved: 'https://localhost:10201/?wsdl'.
Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost:10201'.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
HTTP GET Error
URI: https://localhost:10201/?wsdl
There was an error downloading 'https://localhost:10201/?wsdl'.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
If you would like more help, type "svcutil /?"
Is this detremental to my sucess with HTTPS?
My config looks as such:
<system.serviceModel>
<!--SERVICES-->
<services>
<service name="DuplexService.DuplexService"
behaviorConfiguration="sb">
<endpoint
address="basic"
binding="customBinding"
bindingConfiguration="customDuplexBinding"
contract="DuplexService.Interface.IDuplexServiceContract">
</endpoint>
<endpoint
address=""
binding="webHttpBinding"
behaviorConfiguration="webHttpEndpointBehavior"
bindingConfiguration="webHttpsBinding"
contract="Interface.IPolicyRetriever">
</endpoint>
<endpoint
address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="https://localhost:10201" />
</baseAddresses>
</host>
</service>
</services>
<!--BEHAVIOURS-->
<behaviors>
<!--Policy-->
<endpointBehaviors>
<!-- For Policy Service -->
<behavior name="webHttpEndpointBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<!--behaviour for all of the enpoints -->
<serviceBehaviors>
<behavior name="sb">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost:10201"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<!-- This will solve a bug that happens if too many items are sent at once from the gateway to the client -->
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceThrottling
maxConcurrentCalls="200"
maxConcurrentSessions="200"
maxConcurrentInstances="200" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- BINDINGS-->
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
<customBinding>
<binding name="customDuplexBinding">
<pollingDuplex duplexMode="MultipleMessagesPerPoll"
maxOutputDelay="00:00:01"
serverPollTimeout="00:01:00"
inactivityTimeout="02:00:00"
maxPendingMessagesPerSession="2147483647"
maxPendingSessions="2147483647" />
<binaryMessageEncoding>
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</binaryMessageEncoding>
<httpsTransport
maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647"
transferMode="StreamedResponse" />
</binding>
</customBinding>
</bindings>
<!-- Register the binding extension from the SDK. -->
<extensions>
<bindingElementExtensions>
<add name="pollingDuplex"
type="System.ServiceModel.Configuration.PollingDuplexElement, System.ServiceModel.PollingDuplex" />
</bindingElementExtensions>
</extensions>
</system.serviceModel>
How can i get rid of it? and make the metadata work and the GET work?
I can think of 4 ways to deal with this.
Install the self signed cert as a trusted root auth. MMC -> Certificates
Use a browser to navigate to the wsdl (click past the cert error), save it off, and generate off the wsdl directly.
Put the url of the wsdl in your browser and click past the certificate warning so that you can see the actual wsdl
Save the wsdl to your computer. In chrome you can right click, save as.
In Visual Studio
Right click on the project and select "Add Service Reference"
In the Address box, enter the physical path (C:\directory...) of the downloaded wsdl.
Hit Go
Fire up fiddler and tell it to decrypt https which will install a cert and give you an option to ignore remote cert errors. Described here. http://proq.blogspot.com/2012/02/svcutil-and-https.html
Use a cert signed by a trusted root.
I didn't see a svcutil option to ignore cert errors.
I had the same issue. For me I noticed that the https is using another Certificate which was invalid in terms of expiration date. Not sure why it happened. I changed the Https port number and a new self signed cert. WCFtestClinet could connect to the server via HTTPS!
Related
I'm working on a WCF application that must make calls to a web-service. The program works fine when testing with http. When https is used, I'm getting the exception "Specified X509 certificate with find type ... was not found in X509 store ....". The program works fine with https when run on Windows and .Net, but throws the exception when run in a Linux/Mono setup. I have added the certificates on the Linux system using the certmgr.exe utility, and can list them using that same utility, so they seem to be saved in the stores ok. The application gets its configuration info from its app.config file. I've attempted to find the certificate using various different x509FindTypes and findValues (FindBySubjectName, FindBySerialNumber, FindByThumbprint), and tried adding the certificate to both the machine and personal stores, but keep getting the same exception, referencing whichever find type, location, and store I setup. The relevant part of the app.config is below:
<system.serviceModel>
<client>
<endpoint address="https://webserviceaddress"
binding="basicHttpBinding"
bindingConfiguration="secureBasicHttpBinding"
behaviorConfiguration="secureClientBehavior"
contract="IWebServiceContract">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="secureClientBehavior" >
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" storeName="My" x509FindType="FindBySerialNumber" findValue="AFCB6CC0417B2D459BB1F859CE070661" />
<serviceCertificate>
<authentication revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="secureBasicHttpBinding"
receiveTimeout="00:10:00" sendTimeout="00:10:00"
maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
If anyone can offer any help on getting the certificates to be found in the stores, it would be much appreciated.
Thanks in advance for any replies.
I have WCF Service hosted on my computer (not on IIS). This service works fine, when I call it funnction from VS 2010. But if I want to call some method from Windows Mobile device i receive following error: There was no endpoint listening at....
My config of services is:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="DataSource" value="CMP\DATABASE" />
<add key="DataName" value="DAT" />
</appSettings>
<system.web>
<compilation debug="true"/>
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<bindings>
<mexHttpBinding>
<binding name="MexBinding"/>
</mexHttpBinding>
<basicHttpBinding>
<binding name="Binding" maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<!-- UsernameToken over Transport Security -->
<!--<security mode="Transport">
<message clientCredentialType="Certificate" />
</security>-->
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Test.Service" behaviorConfiguration="Test.ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://10.0.0.2:1918/Myservice/Service/"/>
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<!--<endpoint address="" binding="wsHttpBinding" contract="WcfServiceLibrary.IService">
-->
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<!--
<identity>
<dns value="localhost" />
</identity>
</endpoint>-->
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint address="ServiceA" binding="basicHttpBinding" bindingConfiguration="Binding" name="Service" bindingName="Binding" contract="Test.IService"/>
</service>
</services>
<!--<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>-->
<behaviors>
<serviceBehaviors>
<behavior name="Test.ServiceBehavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<!--<serviceAuthorization principalPermissionMode="None" />-->
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<!--<serviceDebug includeExceptionDetailInFaults="False" />-->
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I don't have set proxy on my mobile device.
You're using HttpBinding so some type of webserver is running on your box allowing the WCF hosting to work locally. So that's Cassini or IIS Express. Neither allows for remote connections without a bit of tweaking. Here's link of how to do that for IIS Express http://johan.driessen.se/posts/Accessing-an-IIS-Express-site-from-a-remote-computer but it's a bit tedious though possible. I don't know if it's possible to allow Cassini to have remote connections.
I am having a WCF ServiceLibrary which runs successfully on WCF Test Client.
Now I am trying to build a Website to Host this web service. I am using nettcp binding. My web.config file looks like this
<system.web>
<compilation debug="false" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="tcp_Unsecured" portSharingEnabled="true">
<security mode="None"/>
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="tcpServiceBehavior" name="MarketFeedServiceLibrary.Service1">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="tcp_Unsecured"
name="data" contract="MarketFeedServiceLibrary.IService1" />
<endpoint address="mextcp" binding="mexTcpBinding" name="metadata"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8080/MarketFeedSite/MarketFeedService.svc" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="tcpServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
I am try to view in browser directly from Solution Explorer
But I get error as shown below
Could not find a base address that matches scheme net.tcp for the endpoint with binding NetTcpBinding. Registered base address schemes are [http].
I have tried all the solutions available on SO, youtube etc but no luck,
I tried:
Under IIS I have enabled http,net.tcp protocols
I have also gone through: How to: Install and Configure WCF Activation Components
N.B. I am a WPF App Developer, hence WCF and ASP.NET Website are new to me.
Thank You.
Edit: Testing Under WCF Client gives following error
Cannot obtain Metadata from net.tcp://localhost:8080/MarketFeedSite/MarketFeedService.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. WS-Metadata Exchange Error URI: net.tcp://localhost:8080/MarketFeedSite/MarketFeedService.svc Metadata contains a reference that cannot be resolved: 'net.tcp://localhost:8080/MarketFeedSite/MarketFeedService.svc'. Could not connect to net.tcp://localhost:8080/MarketFeedSite/MarketFeedService.svc. The connection attempt lasted for a time span of 00:00:01.9968000. TCP error code 10061: No connection could be made because the target machine actively refused it 127.0.0.1:8080. No connection could be made because the target machine actively refused it 127.0.0.1:8080
I'm developing a WCF Service with a custom UserNamePasswordValidatorwith a basicHttpBinding. This configuration, however, works only on HTTPS binding. Since Visual Studio 2010's built in web server does not support https, how can I test my custom validator? I keep getting Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]. error and, if I set the clientCredentialType to none, the error is gone, but the validator does not get called.
Below is my configuration.
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="ServiceErrorHandler" type="company.application.appserver.implementation.ServiceErrorHandlerBehaviorExtensionElement, AppSoftAppServer, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</behaviorExtensions>
</extensions>
<bindings>
<basicHttpBinding>
<binding name="SimpleBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="DefaultBehavior" name="company.application.appserver.implementation.AppSoftUpdate">
<endpoint address="udt" binding="basicHttpBinding" bindingConfiguration="SimpleBinding"
name="AppSoftUpdate" bindingNamespace="http://company.application/update/2011/04"
contract="company.application.appserver.interfaces.IAppSoftUpdate" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
name="AppSoftUpdateMex" bindingNamespace="http://company.application/update/2011/04"
contract="IMetadataExchange" />
</service>
<service behaviorConfiguration="DefaultBehavior" name="company.application.appserver.implementation.AppSoftTransaction">
<endpoint address="udt" binding="basicHttpBinding" bindingConfiguration="SimpleBinding"
name="AppSoftTransacao" bindingNamespace="http://company.application/transaction/2011/04"
contract="company.application.appserver.interfaces.IAppSoftTransacao" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
name="AppSoftTransacaoMex" bindingNamespace="http://company.application/transaction/2011/04"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true" httpGetBinding="webHttpBinding"
httpGetBindingConfiguration="" />
<serviceDebug includeExceptionDetailInFaults="true" />
<ServiceErrorHandler />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType=" company.application.appserver.implementation.AppSoftValidacaoLogin, AppSoftAppServer" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Use IIS for this testing.
Open your project properties, go to the Web tab, hit Use local IIS radio button. This manual is valid for VS2010 too: Using Visual Studio 2008 with IIS 7
If IIS is not installed yet, install it first: How to install IIS.
You need to have Windows edition higher than Windows Home.
You will also need to create a self-signed certificate for your web site. This is easy to do in IIS 7: Self-Signed Certificates on IIS 7 – the Easy Way and the Most Effective Way
You cannot test such WCF service in Cassine (built-in web server in VS 2010). You must use local IIS or install VS 2010 SP1 and download IIS Express which is lightweight web server for development (can replace Cassini in VS and supports HTTPS with self signed certificates). IIS Express doesn't need any specific Windows edition and it works on all versions since Windows XP but it provides same features as IIS 7.5.
I've written created a WCF service inside a Windows service, and for some reason I can't figure out, I deployed the service on a bunch of systems (all nearly identical in OS and configuration), and it works on all but one server. The configuration for all deployments is identical except for the service's base address.
When the service is started, I get no exception when I open the ServiceHost, and when using netstat -anp I can see the socket has been opened by the service's process. I've set up Windows firewall logging for dropped packets, but the log file remains empty.
If I try accessing the WCF service from WCF Test Client, I get the following message:
Error: Cannot obtain Metadata from net.tcp://myhostname:9001/SysMonitorAgent
If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.
WS-Metadata Exchange Error
URI: net.tcp://myhostname:9001/SysMonitorAgent
Metadata contains a reference that cannot be resolved: 'net.tcp://myhostname:9001/SysMonitorAgent'.
There was no endpoint listening at net.tcp://myhostname:9001/SysMonitorAgent that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
I've tried WCF logging, but the log file does not even get created.
The config for the service is as follows:
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<netTcpBinding>
<binding name="InterfaceServiceNetTcpBinding">
<security mode="None">
<transport clientCredentialType="None" protectionLevel="None" />
<message clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="InterfaceServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug httpHelpPageEnabled="false" httpsHelpPageEnabled="false" includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="SysMonitor.Agent.Interface.InterfaceService" behaviorConfiguration="InterfaceServiceBehavior">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="InterfaceServiceNetTcpBinding" contract="SysMonitor.Agent.Interface.IInterfaceService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://myhostname:9001/SysMonitorAgent" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
I'm kinda lost, because there is NO indication whatsoever as to why it's not working. Any help would be appreciated.
On the server you are deploying too is something running on port 9100?
It seems like it can not find the service. Have you tried changing the base address?
Typical if you deploy it on serval systems and it doesn't work on one it is configuration of the machine. I would check
.NET Versions
Make sure no Firewalls are set up on this machine preventing the binding
Check the port you are binding is open in this case 9100
Make sure any 3rd party .dll are included in the GAC or folder if needed.
Verify all the .dll and your code is up to date.
I see the error message says "net.tcp://myhostname:9001/SysMonitorAgent "
Did you try to replace it with the machine IP Address rather than using the host name?
In addition to David's points, check that the windows service is running.
Any errors in the Event log?