i have a WCF web service with basic http bindings. i am using https but the SSL is handled by load balancer so the end traffic will be http when it gets to wcf services. but my endpoint would be the virtual ip of the load balancer.
The question i have is when i try to add this reference to call this service i add it as https:///service.svc?wsdl but it comes back saying the wsdl is invalid. do i need to change my endpoint in web.config to be loadbalancer ip? or there is more than that?
I would try changing the endpoint to the ip of the load balancer.
I had to Enable both Http and Https to get it to work the dsco file kept trying to download as http.
Related
I have a WCF Service hosted as a Windows Service in the server.
The endpoint is net.tcp endpoint. We are accessing the endpoints from a Silverlight application.
Problem is when we are trying to access the service from the web app while browsing the Silverlight application using HTTP it works fine. But when we try to do so removing HTTP binding from the Silverlight app from IIS and browse the app using HTTPS the service endpoints are unavailable and gets access permission error from Sockets. I am attaching the error screenshot below:
Could not connect to service. The connection attempt lasted for a time span of 00:00:01.0865926. TCP error code 10061: No connection could be made because the target machine actively refused it. This could be due to attempting to access a service in a cross-domain way while the service is not configured for cross-domain access. You may need to contact the owner of the service to expose a sockets cross-domain policy over HTTP and host the service in the allowed sockets port range.
I have a WCF service which works fine when accessed internally. The WCF link is
.
I requested the network team at our organization to expose this WCF to outside world since public websites will access this WCF. I gave the network team DNS as somewebsite.com and IP address of the server on which WCF is hosted.
After getting the confirmation from Network team (they use Juniper network ) that they have made the required settings to make the WCF available to outside world I tested it as an external user.
If I type in http://somewebsite.com/LookUp.svc on address bar I get http 404 page not found error. However if I replace http with httpS as then I see the WCF information. To further test it , I added a simple html file to the root of the website and opened as
http://somewebsite.com/test.html. The Test.html does not open when http is used. However it I use httpS as then Test.html page is displayed to outside users.
The WCF is hosted to windows 2008 R2 and is communicating over port 80 and I have also added the site binding as somewebsite.com with Type as Http and port as 80.
Any idea why WCF caanot be accseed over http ?. I want it to be accessed over http only ?. The WCF uses basicHttpBinding
Is the setting wrong on server on which WCF is hosted ?
Any suggestion is greatly appreciated..
If the service worked before over http before your network guys opened the firewalls I would suggest that they have only enabled the firewall for https traffic.
Sounds like a firewall/routing problem to me...
HTH
I've been looking all over the site and on stack overflow and I just can solve my issue.
Network Setup
The way my network on my staging world is that I have clients looking at my web app on a 443 port - https, but the underlying structure is listening on 80 port - http. So when my apps talk to each other its on port 80, but when the clients visit the site its port 443. So for example, my svc called from silverlight would be on port 80.
I should also point out that on my staging and test domains: I have a web server acting as a portal to my app server; but this shouldn't really matter since I was able to get this working on test. It's just that staging has the HTTP forwarding to HTTPS.
Application
I have a silverlight xap file that is on the same domain as my hosted web application using IIS 6.
Now since my silverlight xap file and my web application are on the same domain, I have no problems running this on dev and test, but when I try to deploy to staging I'm getting a weird cross domain reference problem:
"System.ServiceModel.CommunicationException: An error occurred while trying to make a request to URI . This could be due to attempting to access a service in a cross-domain way without a proper cross-domain policy in place, or a policy that is unsuitable for Soap services."
Digging around, I realize that my app thinks that my xap (or the service I'm calling) and my web app are on a different domain, and looks for the crossdomain.xml and clientaccesspolicy.xml files automatically, I can't really stop it. However, in my application, this is not the case. They both reside on the same domain. I have used fiddler and I didn't see anything about another domain or even a subdomain for that matter.
Browser Issues
Another weird thing that I found out is an issue with chrome vs ie:
On chrome it finds the crossdomain.xml and clientaccesspolicy.xml telling me its insecure, then it does another fetch from the https side, signalling a 404 error. However, on IE I'm getting a 302 redirect. On microsoft's doc about clientaccesspolicy.xml you aren't supposed to do any redirects from the xml file; this is mentioned here: http://msdn.microsoft.com/en-us/library/cc838250(v=vs.95).aspx
So my question is, if my app and xap are on the same domain, why are those xmls trying to get fetched? Is it because I'm using a DNS instead of an IP address? I also stumbled upon this site: http://msdn.microsoft.com/en-us/library/ff921170(v=pandp.20).aspx
It states: To avoid cross-domain call issues, the remote modules' XAP files should be located on the same domain as the main application; when deployed like this, the Ref property on the ModuleCatalog should be a Uniform Resource Identifier (URI) relative to the main XAP file location on the Web server.
What does that even mean??
EDIT
Okay so I changed the services to point to https instead of http. However new error comes out: The provided URI scheme 'https' is invalid; expected http.
The good thing is, it doesn't even check crossdomain.xml or clientaccesspolicy.xml; so it now realizes it's on the same domain. But now it's expecting a service on port 80, but the name has to follow as https:// in order for it to work.
I think the only solution I have now is to break it off as being a virtual directory, make it a root node of its own website, and make the whole thing as 443. Save myself the headache.
It sounds like you're working in an environment where there is a load balancer offloading the SSL traffic. In this situation, your client(Silverlight) needs to be configured for HTTPS and your server must be configured for HTTP. This is because a device between the two parties is decrypting the SSL data.
In situations like this, aside from the normal client and server side configurations, your server side code needs to be a bit more forgiving about the address of the request.
You likely also need to add an attribute to your service implementation to allow your client to call over HTTPS, but have your service listening on HTTP.
Add this to your service:
[ServiceBehavior(AddressFilterMode = AddressFilterMode.Any)]
This allows your client to call https://my.domain.com/service.svc and have your server live at http://my.domain.com/service.svc.
Here are some links that might help as well:
http://social.msdn.microsoft.com/Forums/vstudio/en-US/b5ae495b-f5fb-4eed-ae21-2b2280d4fec3/address-filter-mismatch-wcf-addressing
http://www.i-m-code.com/blog/blog/2011/11/30/hosting-silverlight-over-http-under-f5-big-ip/
http://www.i-m-code.com/blog/blog/2011/08/18/hosting-silverlight-under-https/
In my project I have one WCF Service which is hosted in a Windows Service. I hosted the WCF Service in Windows Service over netTCPBinding and Installed Windows Service. To access WCF service in my silverlight project I have added service reference of wcf.
But, when I am calling a method in WCF Service am getting the following error :
Could not connect to
net.tcp://localhost:8732/WCFHost/.
The connection attempt lasted for a time
span of 00:00:03.2951885.
TCP error code 10013: An attempt was made to
access a socket in a way forbidden by
its access permissions..
This could be
due to attempting to access a service
in a cross-domain way while the
service is not configured for
cross-domain access. You may need to
contact the owner of the service to
expose a sockets cross-domain policy
over HTTP and host the service in the
allowed sockets port range 4502-4534.
Please help me out.
For same-machine connections rather make use of Named Pipe bindings.
It might help if you showed us your service and client side endpoint configurations.
EDIT: After reading up a bit on the error you're getting (here among other sites), try changing the port number from 8732 to something between 4502-4534 as the error message suggests.
Keep same protocols at both the server and client end. May be your are calling the service with different protocols. Also check if your are using nettcp, your are having access to the machine where service is hosted.
use basicHttpBinding instead of netTCPBinding
I've got a WCF service running on a LAN IIS which is accessible from the internet as well.
The client that consumes the service is an application that runs on the LAN and remotely through the internet. There is no forwarding of anything on the DNS server redirecting http://www.corporate.com/Service to http://serverName/Service so I'm figuring I'll need 2 endpoints on the client.
How do you setup multiple endpoints in the client (is it as simple as copying the existing enpoint generated in the app.config but changing the address?) and how do you configure the client to use a particular endpoint?
You may store endpoint addresses either at app.config, or at resource strings. Then using any condition you pass needed endpoint address to service constructor.
var endpoint = ApplicationSettings.IsRemote ? Resources.RemoteEndPoint: Resources.LocalEndPoint;
var service = new MyWCFService(new BasicHttpBinding(), new Endpoint(endpoint));
The app.config (or web.config) for each copy of the application should have the endpoint for the service set based on the one it needs. For LAN installations, use the LAN-visible endpoint; for all others, use the Internet one.
It may save you a trip to the router, but why not just use the internet endpoint everywhere? If your LAN computers have a gateway to the Net, they can see the externally-visible address.
It is as simple as changing the address and using the endpoint generated in the app config. You may have to change security modes depending on what is supported on either server, or whether they are both running HTTPS or not. We have an application where we build the target endpoint based on relative path to the current URL in a Silverlight application. We also dynamically change the security mode based on HTTPS being present and it works great.