I wrote a huge application which uses WCF services to do things like read from databases and also to be able to use integrated security.
Atm I use the following code to get the current logged on user name:
string userName = HttpContext.Current.User.Identity.Name;
However I want to be able to get the active directory groups the user is in, because this would make it a lot easier instead of always adding new users. Anyone know how to do this in a clean and simple way?
Don't know if this is relevant, but my endpoint is configured as:
<service behaviorConfiguration="ZNA.Integratie.KopMon.Web.LoginServiceBehavior"
name="ZNA.Integratie.KopMon.Web.LoginService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="Security" contract="ZNA.Integratie.KopMon.Web.LoginService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<behavior name="ZNA.Integratie.KopMon.Web.LoginServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<binding name="Security">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
Try this:
bool hasAccess = HttpContext.Current.User.IsInRole("Administrators");
Related
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp />
</behavior>
<behavior name="webHttpBehavior">
<webHttp />
</behavior></endpointBehaviors>
</behaviors>
<services>
<service name="Implementation.Service" behaviorConfiguration="serviceBehavior">
<endpoint address="" binding="basicHttpBinding" contract="Contract.IService" behaviorConfiguration="web" bindingConfiguration="basicHttpBinding"></endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="CodeItSoap" closeTimeout="00:01:00">
<security mode="Transport">
<transport clientCredentialType="Basic" proxyCredentialType ="Basic" realm =" "/>
<message clientCredentialType= "username" algorithm ="default">
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://******.****-***/*****_*****?SOAP"
binding="basicHttpBinding" bindingConfiguration="CodeItSoap"
contract="Service.CodeItSoap" name="CodeItSoap" />
</client>
</system.serviceModel>
</configuration>
This is just a sample of my web.config file. When I run the service in the local host it runs fine and with the help of wcf test client I am getting the required output.
But when I put the dlls & web.config in the server where I have to host the service it's throwing an error
"Could not find a base address that matches scheme HTTP for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https]"
Could any one tell me what the reason for the above error is?
General Flow of my web service
Application -> Server hosting(calc.svc) -> https://******.****-*/*****_*****?SOAP(authenticated)
when i add the service reference app.config got generated and by default basichttpbinding got added to app.config file.
As per my understanding web.config file is used to host the service in iis & i think my web.config is wrong.
In the client end point what should be the end point to calc.svc or https://*?soap?
Is the basichttpbinding ok for the https://prd36/calc.svc url?
do i need to specify one more binding for the application too?
Please help me understand i am heavily confused as the web.config which i have edited is a existing one which is still running the old service reference.
<serviceMetadata httpsGetEnabled="true"/>
<endpoint address="json" binding="webHttpBinding" contract="Contract.IService" behaviorConfiguration="web"></endpoint>
<endpoint address="mex" binding="mexHttpsinding" contract="IMetadataExchange"/>
above changes i did and the service url is running in web browser.
Use http:// instead of https:// in your endpoint address.
OR
User BasicHttpsBinding instead of BasicHttpBinding in your endpoint.
follow this link if the problem still exist.
I'm currently developing a WCF service self hosted in a Windows service with the Self-Hosted SL Svc template.
The template works as it should be and I'm able to make calls from my Silverlight application, but when I tried to modify the project to use Impersonation:
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public string GetData(int value)
{
return string.Format("You entered: {0}", value);
}
It throws me an exception during host.Open();:
System.InvalidOperationException was
unhandled Message=The contract
operation 'GetData' requires Windows
identity for automatic impersonation.
A Windows identity that represents the
caller is not provided by binding
('CustomBinding','http://tempuri.org/')
for contract
('IService1','http://tempuri.org/'.
This is my configuration:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="binaryHttpBinding">
<binaryMessageEncoding/>
<httpTransport/>
</binding>
</customBinding>
</bindings>
<services>
<service name="SLServiceLibrary.Service1" behaviorConfiguration="SLServiceLibrary.ServiceBehavior">
<endpoint address="Service1" binding="customBinding" contract="SLServiceLibrary.IService1" bindingConfiguration="binaryHttpBinding"/>
<endpoint address="" binding="webHttpBinding" contract="SLServiceLibrary.IClientAccessPolicy" behaviorConfiguration="webHttpEnablingBehavior"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8733/"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="SLServiceLibrary.ServiceBehavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webHttpEnablingBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
What do I have to change to make this work? do I need to add some configuration to my Silverlight client too?
Thanks in advance :)
I haven't used custom bindings (yet), but this blog entry may give you some help: http://geekswithblogs.net/robz/archive/2007/10/03/wcf-impersonation---specifying-windows-authentication-credentials-on-the-service.aspx
Well after a long search, I've come up with two solutions, one I found at MSDN:
<bindings>
<customBinding>
<binding name="binaryHttpBinding">
<binaryMessageEncoding/>
<httpTransport authenticationScheme="Ntlm"/>
</binding>
</customBinding>
</bindings>
The other one was at the Silverlight forums:
<bindings>
<customBinding>
<binding name="binaryHttpBinding">
<binaryMessageEncoding/>
<httpTransport authenticationScheme="Negotiate"/>
</binding>
</customBinding>
</bindings>
Don't know what is the major difference between these two, I've managed to open the service and call it from Silverlight successfully. If someone call elaborate on the difference, I would appreciate it.
I have a WCF service:
https://myservice/service.svc
https://myservice/service.svc?wsdl
Given below are the related section of my WCF Application's web.config (let me know if you need more):
<bindings>
<basicHttpBinding>
<binding name="basicHttp">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyService.ServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider"/>
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"></serviceThrottling>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="MyService.ServiceBehavior" name="MyService.Service">
<endpoint address="/ClientA" binding="basicHttpBinding" bindingConfiguration="basicHttp" name="basicHttpEndpoint" contract="MyService.IService"></endpoint>
<endpoint address="/ClientB" binding="basicHttpBinding" bindingConfiguration="basicHttp" name="basicHttpEndpoint" contract="MyService.IService"></endpoint>
<endpoint address="/ClientC" binding="basicHttpBinding" bindingConfiguration="basicHttp" name="basicHttpEndpoint" contract="MyService.IService"></endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
I want my clients be able to access the service through the following links, but the links don't work: (or may be my syntax is wrong for the links below, let me know if that is the case)
https://myservice/service.svc/ClientA
https://myservice/service.svc/ClientB
https://myservice/service.svc/ClientC
following links work, but i don't think this is due to my configuration, as if i write anything after the last forward slash it still works ....
https://myservice/service.svc?wsdl/ClientA
https://myservice/service.svc?wsdl/ClientB
https://myservice/service.svc?wsdl/ClientC
https://myservice/service.svc?wsdl/asfgvafgfgf ... (this works too !!!)
Please let me know how to achieve this. I don't want to create separate service for all clients.
if this works, i want to use different contract="MyService.IService" in the endpoint definition for all clients, as the methods for each clients exposed in service would differ.
i also want to ask, would i be able to specify which connection string to use, depending on via which endpoint client is accessing the service?
And lastly: I Dont want:
https://myservice/service.svc
https://myservice/service.svc?wsdl
links to be accessible, i want the clients to use only their specified links ...
is that at all possible, or should i create separate services for each client ... ?
Thanks.
I think it require some setting in config file.
See this link,
http://keyvan.io/host-wcf-service-and-asp-net-application-on-same-virtual-directory
THis might help you.
While updating a service reference of my WCF client (simply by clicking Update Service Reference in Visual Studio 2008), following error occurs:
System.ServiceModel.FaultException:
The message with Action
'http://schemas.xmlsoap.org/ws/2004/09/transfer/Get'
cannot be processed at the receiver,
due to a ContractFilter mismatch at
the EndpointDispatcher. This may be
because of either a contract mismatch
(mismatched Actions between sender and
receiver) or a binding/security
mismatch between the sender and the
receiver. Check that sender and
receiver have the same contract and
the same binding (including security
requirements, e.g. Message, Transport,
None). at
System.ServiceModel.Dispatcher.ErrorBehavior.ThrowAndCatch(Exception
e, Message message)
Background:
I've created ErrorServiceBehaviour class. Because such a behavior is created for error handling, IErrorHandler implementation must be applied to each ChannelDispatcher.
public class ErrorServiceBehaviour : Attribute, IServiceBehavior
{
...
public Type FaultType
{
get { return _faultType; }
set { _faultType = value; }
}
public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase)
{
foreach (ChannelDispatcher dispatcher in serviceHostBase.ChannelDispatchers)
{
dispatcher.ErrorHandlers.Add(new ErrorHandler(_faultType));
}
}
}
public class ErrorHandler : IErrorHandler
{
public ErrorHandler(Type faultType)
{
_faultType = faultType;
}
...
}
Later, I've used that behaviour by applying ErrorServiceBehavior attribute to my service class:
[ErrorServiceBehavior(FaultType = typeof(MyServiceFault))]
public class MyService : IMyService
{
...
}
The thing is, when I comment out the foreach loop inside ApplyDispatchBehavior method, I get no error at all, but that is not the way out (because I want my errors to be handled).
Below there is my service config:
<system.serviceModel>
<services>
<service behaviorConfiguration="DefaultBehavior" name="MyService">
<endpoint address="" binding="wsHttpBinding" contract="IMyService" bindingConfiguration="NoSecurityBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="NoSecurityBinding" >
<security mode="None">
<transport clientCredentialType="None"/>
<message establishSecurityContext="false"/>
</security>
</binding>
<binding name="DefaultBinding" />
</wsHttpBinding>
</bindings>
</system.serviceModel>
Can someone help me?
UPDATE
The code shown earlier:
foreach (ChannelDispatcher dispatcher in serviceHostBase.ChannelDispatchers)
{
dispatcher.ErrorHandlers.Add(new ErrorHandler(_faultType));
}
adds custom error handling for all endpoints - including the metadata one. But actually this is not the source of the problem - even when I disable adding error handling for metadata endpoint, the issue still occurs.
The other notice is, when I change the bindingConfiguration of the first endpoint to DefaultBinding, I have no error at all:
<services>
<service behaviorConfiguration="DefaultBehavior" name="MyService">
<endpoint address="" binding="wsHttpBinding" contract="IMyService" bindingConfiguration="DefaultBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
Such an option in also not what I want - I still need problematic NoSecurityBinding to work.
Thanks in advance.
Look into the IExtensibleDataObject, it is used to handle different versions of a web service still being able to communicate with each other. This way the contracts don't need to match exactly. Hope this helps.
To begin with, I notice your try to bind a mexHttpBinding to an endpoint although it was never defined inside your "Bindings" tag. This should rise an exception, and I would expect such an exception to look like the one that's bothering you.
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
...
<bindings>
<mexHttpBinding>
THIS TAG WAS MISSING (add security features as needed)
</mexHttpBinding>
<basicHttpBinding>
<binding name="NoSecurityBinding" >
<security mode="None" />
</binding>
<binding name="DefaultBinding" />
</basicHttpBinding>
</bindings>
Also, since you apparently dont need any security feature, you might want to favor basicHttpBinding. As this very thorough answer states, wsHttpBinding really is useful when you want security features.
Your configuration would end up being almost the same, changing "ws" for "basic".
<system.serviceModel>
<services>
<service behaviorConfiguration="DefaultBehavior" name="MyService">
<endpoint address="" binding="basicHttpBinding" contract="IMyService" bindingConfiguration="NoSecurityBinding"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="NoSecurityBinding" >
<security mode="None" />
</binding>
<binding name="DefaultBinding" />
</basicHttpBinding>
</bindings>
Check the App.Config and verify that it is pointing to your deployed Windows service host or set it to point to localhost.
On what you say it seems that your new WCF service do require security and in your NoSecurityBinding you turn it off.
One way to check that is to get WSDL file locally an see if it has: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd or http://schemas.xmlsoap.org/ws/2004/09/policy or something like that in imports. I'm pretty sure that your updated WCF service has security enabled
Update 1
To get a better vision of your problem you could use WCF Tracing. Here you could see how to turn it on and how to read that traces: "How to turn on WCF tracing"
I don't think you are turning the security completely off. Try this:
<bindings>
<wsHttpBinding>
<binding name="NoSecurityBinding" >
<security mode="None">
<transport clientCredentialType="None"/>
<message clientCredentialType="None"/>
</security>
</binding>
<binding name="DefaultBinding" />
</wsHttpBinding>
</bindings>
Existing web.config setting can create a problem as they are for previous version.
Better to remove existing reference from your WCF client application and Add the reference again.
<services>
<service behaviorConfiguration="ServiceBehaviour" name="Service">
<endpoint address="" behaviorConfiguration="web" binding="webHttpBinding" contract="IService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
I am trying to configure my WCF Service to be HTTPS. I have configured the behaviors and the services with the relevant addresses but I cannot understand why the address which is supplied to the service host is still http.
The behavior I am using is here:
<behavior name="RequestProcessorBehavior">
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ServiceAuthentication,Services"/>
</serviceCredentials>
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceThrottling maxConcurrentCalls="500" maxConcurrentInstances="500"/>
</behavior>
The service element is here
<service name="MyNamespace.WcfRequestProcessor" behaviorConfiguration="RequestProcessorBehavior">
<host>
<baseAddresses>
<add baseAddress="https://xxxxxxxxxxxxxx/Services/"/>
</baseAddresses>
</host>
<!--
Use the listenUri attribute if this causes a problem with the load balancer.
The url of the listenUri should be that of the load balancer
-->
<endpoint address=""
bindingNamespace="https://xxxxxxxxxxxxxx/Services/"
contract="MyNamespace.IWcfRequestProcessor"
binding="basicHttpBinding"
bindingConfiguration="RequestProcessorBinding">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="wsHttpBinding"
bindingNamespace="https://xxxxxxxxxxxxxx/Services/"
contract="MyNamespace.IWcfRequestProcessor"
binding="wsHttpBinding"
bindingConfiguration="wsBinding">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
When I add a breakpoint onto the constructor of the ServiceHost I can see that the baseAddresses parameter contains only one address and that is http and not https. When i try to visit the svc page I get the following error and I can see why it would show that but I cannot see what I can change to make the baseAddress which gets passed to the ServiceHost constructor https and not http.
Could not find a base address that
matches scheme https for the endpoint
with binding BasicHttpBinding.
Registered base address schemes are
[http].
Any help would be greatly appreciated.
UPDATE #1
The binding configuration section which I left out of the original question:
<bindings>
<basicHttpBinding>
<binding name="RequestProcessorBinding" maxReceivedMessageSize="2147483647" receiveTimeout="00:30:00" sendTimeout="00:30:00">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647"/>
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
This is currently inside a development environment and in IIS6. This is inside the Default Website.
Are you running on IIS or self hosted? If it's IIS, you need to have IIS configured correctly for SSL. Also, you don't mention what your binding configuration looks like, but it needs to be set to enable transport security as well.