I have a SOAP WCF service hosted in IIS and it is consumed by another company SAP system and everything was working fine for couple of years until our security team implemented Header validation in request and it stopped working all of sudden since the client SAP system request doesn't contain header CallingType. So then they added CallingType and pushed request to our system and F5 server allowed access and request entered to our system where WCF hosted. But WCF did not logged request and no data we got. So i would like to know how i can troubleshoot and provide fix. My network team is telling request is validated and passed by F5 server and pushed to our server. But why WCF is not logging anything??Do i need to add any custom header in webconfig of WCF service, or our IIS is preventing something? How can i see IIS is blocking the request.
Related
I have a question about enabling cross-domain calls.
I have a WCF Rest service that is hosted in xyz domain. I am able to test these REST APIs from Advanced Rest Client, Postman and Fiddler. I also have a WPF application that actively calls these API which is hosted in a different domain (say abc domain) which works fine in getting responses.
However, when I created a new Angular web application and a Windows Service (deployed on abc domain), and tried calling the APIs from these two components, I am getting a 405 error.
Can someone explain:
How REST clients always are able to successfully establish a connection?
How does my WPF successfully connects to the WCF service even though
its on a different domain?
Why is my Windows Service/Web App not able to talk to WCF?
I assume that the issue here is caused by the preflight request. The browser issues this OPTIONS verb request to ask the server if the origin is allowed to call the API in a non-safe manner.
If your WCF REST service does not deal with this request, the WCF runtime will try to dispatch the request to your service implementation.
However, if the runtime does not find a method to call for this verb, it will return a 405 Method Not Allowed response.
I've dealt with this in the past by using an IOperationInvoker implementation, installed via an IOperationBehavior. This article describes a slightly different way of doing basically the same.
I am experiencing a strange issue in my browser hosted silverlight application. Call are made to a WCF routing service hosted in on IIS 7. The routing service then switches the protocol to nettcp and routes the request to another WCF service on our application server. This second service is hosted in a windows service. What I am noticing is that when a client on one machine invokes a long running request other users on the network cannot even get smaller requests serviced till the long running request returns. Has anyone experienced this or does anyone know what can be causing this?
I need to host a WCF service that will give its clients access to internal business systems on a public facing web server. Obviously I must secure this so that no one from the outside world even knows the service exists, let alone be able to call methods and access the data it exposes.
The overall idea is that the public facing website hosted on the same machine will call the WCF service and then the WCF service will provide it with the required data...
Public Facing Web Site <-> WCF Service <-> Business Systems / Databases
So I need to understand how to secure the service so it can only be accessed via the public facing website.
Ideas I had..
IIS filtering so that the IIS Site hosting the WCF service will only accept requests from a certain IP address.
Obscure port that will not be allowed through the public facing firewall.
Protocol such as NetTCP or NamedPipes
But what about the actual WCF security set up? As both the Public Facing Site and the service are on the same machine is Windows Authentication as option? Questions I have regarding this are...
Should the service client and the service simply use Windows Authentication?
Do I need specific user accounts as opposed to Network Service? If the website runs under network service would this then automatically authenticate to the service?
My objective is that someone in the outside world should not know of the services existance or be able to make access to it.
Thanks in advance.
Technical environment is: IIS7, .Net 4 and WCF 4.
I would suggest you create a http handler '.ashx' and use that as the endpoint for client requests.
If your using asp.net you can secure it by using simple forms authentication and retrieving username and password from the request headers to authenticate the request.
Then execute any requests to your business webservices which is also secured by your forms authentication.
Cheers
I have created and tested a WCF REST service that is protected with SSL and Windows Authentication through IIS 7. I have also created and tested a pure html/javascript web client that is hosted in IIS 7 that is protected with SSL and Windows Authentication -- same server, different "site" within IIS. The REST service is not public, but the web client is.
Without security, everything works beautifully, but now we are ready for field testing and security must be implemented.
My end goal is to have the user visit mywebclient.com and authenticate using their Active Directory accounts. Initially I thought it would be safe to leave the service calls from the client to the REST service unprotected (since the traffic from the web client to the web service would be internal), but this does not protect us from an internal attacker. Also, in the future, the REST services will be available to handhelds through native applications.
I've tried to gain as much information on this subject as possible, but every piece of Microsoft documentation contains client examples written in .NET.
How can I share the security context between these sites without converting the web client to a .NET-based application? Could this be accomplished by combining the web client and service into one IIS "site"?
Edit: If the client and service exist in the same app pool, does that mean they could share authentication information between client and server processes?
Question:
Are there known issues making calls to a service that calls another service from Silverlight?
Scenario:
I have the following 3 projects:
SilverlightClient - Silverlight project with a Button
SilverlightClient.Web - A web application that hosts the SilverlightClient.xap.
BackEnd - A different web application that hosts the FOO Service which does some special backend processing.
I have created a Silverlight WCF-Enabled web service in both SilverlightClient.Web and Backend. These are respectively SilverlightClientService and BackEndService.
From SilverlightClient.Web I add a service reference to BackEndService. I have a test ASPX page that I've written code that calls BackEndService successfully.
From SilverlightClient I add a service reference to SilverlightClient.Web's SilverlightClientService. If my SilverlightClientService returns plain data, such as a string, it works quite well.
The moment, however, that I change SilverlightClientService to call BackEndService, I get the following exception:
HTTP 415 - "The request failed with HTTP status 415: Unsupported Media Type."
I had an issue with 2 services not communicating. We finally figured out that using Cassini (the built in Visual Studio IIS) to host the ListenerService 'BackEnd' was causing the problem. Switching the project to start in a virtual directory of IIS allowed the two to communicate.
I was seeing : An error occurred while receiving the HTTP response to http://localhost:1484/MainListenerService.cs. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. and this error:
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
Are you using basicHttpBinding? Silverlight only supports basicHttpBinding but the default when you create a WCF service is wsHttpBinding. You should change that on your web.config before adding the reference on your Silverlight project. Check out this video from Tim Heuer: http://silverlight.net/learn/videos/all/how-to-consume-wcf-and-aspnet-web-services-in-silverlight/