We Keep Coding

The remote server returned an error: (413) Request Entity Too Large WCF Application

My Setup:
WCF application hosted in IIS Express
Windows Form Application to test WCF App
This is WCF Web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089">
<section name="ArxivarBridgeService.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="myBasicBinding" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" closeTimeout="01:50:00" openTimeout="01:50:00" sendTimeout="01:50:00" receiveTimeout="01:50:00" >
<readerQuotas maxDepth="128" maxStringContentLength="8388608" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<dataContractSerializer ignoreExtensionDataObject="false" maxItemsInObjectGraph="2147483646" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" minFreeMemoryPercentageToActivateService="0" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
<security>
<requestFiltering>
<fileExtensions allowUnlisted="true">
<remove fileExtension="." />
<add fileExtension="." allowed="true" />
</fileExtensions>
</requestFiltering>
</security>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Microsoft.Practices.EnterpriseLibrary.Validation" publicKeyToken="31bf3856ad364e35" culture="neutral" />
<bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
This is app.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IArxivarBridgeService" />
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ServiceBehaviour">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="address"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IArxivarBridgeService"
contract="ServiceReference1.IArxivarBridgeService" name="BasicHttpBinding_IArxivarBridgeService" />
</client>
</system.serviceModel>
</configuration>
In the test application I recover a 3 MB pdf file, recalling a service method as input data, I have the byte arrey obtained from the pdf, the file name, a Dictionary and 3 strings, the method Returns the error "The remote server returned an error: (413) Request Entity Too Large", did I write the config wrong? Or is some parameter missing?

WCF Error in binding of two End Points

i am getting this
- ERROR: An unhandled exception of type
'System.Configuration.ConfigurationErrorsException' occurred in
System.Configuration.dll Additional information: The binding at
system.serviceModel/bindings/basicHttpBinding does not have a
configured binding named 'BasicHttpBinding_IService1'. This is an
invalid value for bindingConfiguration.
this is my my web.config file
<?xml version="1.0"?>
<configuration>
<configSections>
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" maxBufferSize="1000000000" maxBufferPoolSize="1000000000" maxReceivedMessageSize="100000000">
<readerQuotas maxDepth="32" maxStringContentLength="2097152 "
maxArrayLength="2097152" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration=""
contract="WcfService1.IService1" />
<endpoint address="web" behaviorConfiguration="WebBehaviour" binding="webHttpBinding"
bindingConfiguration="" name="WebEndPoint" contract="WcfService1.IService1" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="WebBehaviour" >
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="DefaultBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment minFreeMemoryPercentageToActivateService="0" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>

How to make a secure WCF Service with AD FS

I'm trying to add claims-based security on a WCF service, using ADFS. I've succesfully done so for a Web Application (Passive federation), but I find myself stuck due to lack of documentation on the subject.
I've been playing with the Web.Config files to make it work... however, I just seem to be going from one problem to the next. Here's the Security Part of the client side web.config:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_IService1">
<security mode="Message">
<message>
<issuer address="https://myIssuer/adfs/services/trust/13/windows" binding="basicHttpsBinding" />
<issuerMetadata address="https://myIssuer/adfs/services/trust/mex" />
<tokenRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
<trust:KeySize xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">256</trust:KeySize>
<trust:KeyWrapAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</trust:KeyWrapAlgorithm>
<trust:EncryptWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptWith>
<trust:SignWith xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2000/09/xmldsig#hmac-sha1</trust:SignWith>
<trust:CanonicalizationAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/10/xml-exc-c14n#</trust:CanonicalizationAlgorithm>
<trust:EncryptionAlgorithm xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://www.w3.org/2001/04/xmlenc#aes256-cbc</trust:EncryptionAlgorithm>
</trust:SecondaryParameters>
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/Services/Service1.svc"
binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_IService1"
contract="ServiceRef.XISecurity.IService1" name="WS2007FederationHttpBinding_IService1" />
</client>
</system.serviceModel>
I'm unsure if I'm using the correct binding type or endpoint here. When I run the following code:
Service1Client obj = new Service1Client();
string str = obj.GetData(5);
I get the following exception:
Addressing Version 'AddressingNone (http://schemas.microsoft.com/ws/2005/05/addressing/none)' is not supported.
Here's my web.config on the server side
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
<add key="ida:FederationMetadataLocation" value="https://myIssuer/FederationMetadata/2007-06/FederationMetadata.xml" />
<add key="ida:ProviderSelection" value="productionSTS" />
</appSettings>
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*" />
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials useIdentityConfiguration="true">
<!--Certificate added by Identity and Access Tool for Visual Studio.-->
<serviceCertificate findValue="CN=localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="ws2007FederationHttpBinding" />
<!--<add binding="basicHttpsBinding" scheme="https" />-->
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<ws2007FederationHttpBinding>
<binding name="">
<security mode="Message">
<message>
<issuerMetadata address="https://myIssuer/adfs/services/trust/mex" />
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
<system.identityModel>
<identityConfiguration>
<audienceUris>
<add value="http://localhost:2017/Service1.svc" />
</audienceUris>
<issuerNameRegistry type="System.IdentityModel.Tokens.ValidatingIssuerNameRegistry, System.IdentityModel.Tokens.ValidatingIssuerNameRegistry">
<authority name="http://myIssuer/adfs/services/trust">
<keys>
<add thumbprint="7502424014D0A1BD87A5DEEF0D1EB13390101F07" />
</keys>
<validIssuers>
<add name="http://myIssuer/adfs/services/trust" />
</validIssuers>
</authority>
</issuerNameRegistry>
<!--certificationValidationMode set to "None" by the the Identity and Access Tool for Visual Studio. For development purposes.-->
<certificateValidation certificateValidationMode="None" />
</identityConfiguration>
</system.identityModel>
</configuration>
My first question is: is there a good, step by step tutorial on how to set up my web.config files for that? Ideally one with .NET 4.5?
Second question: I'm really confused about which binding ADFS endpoint or binding to use. Here's what it's currently set to.
<issuer address="https://myIssuer/adfs/services/trust/13/windows" binding="basicHttpsBinding" />
Any help would be hugely appreciated. Thank you

In answer to your second question you can find some information on endpoints at http://technet.microsoft.com/en-us/library/adfs2-help-endpoints(WS.10).aspx. An endpoint basically specifies an address that you can use to communicate with the ADFS server. The type of endpoint will also tell you some things about its requirements such as whether you need to provide a certificate or a username.
There is also a mapping between endpoints and WIF bindings at http://blogs.msdn.com/b/alikl/archive/2011/10/01/how-to-use-ad-fs-endpoints-when-developing-claims-aware-wcf-services-using-wif.aspx. This has been helpful to me when I have been using code instead of the configuration file to communicate with the endpoint.

WCF REST over HTTPS

I'm developing a REST web service using WCF, C# and .NET Framework 4.0.
I have followed this tutorial to create my own certificate and use IIS Express as development server.
But now, I don't know why, I can't access my web service if I use https instead of http.
This is IIS Express applicationhost.config:
<site name="MyGameWCFService" id="2">
<application path="/" applicationPool="Clr4IntegratedAppPool">
<virtualDirectory path="/" physicalPath="D:\Fuentes\CSharp\Test\MyLib\MyGameWCFService" />
</application>
<bindings>
<binding protocol="http" bindingInformation="*:7342:localhost" />
<binding protocol="https" bindingInformation="*:44300:localhost" />
<binding protocol="https" bindingInformation="*:443:Melnibone" />
</bindings>
</site>
And this is my WCF web.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.4.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="MyGameWCFService.MyGameService"
behaviorConfiguration="MyGameServiceBehaviour">
<endpoint address=""
contract="MyGameWCFService.IMyGameService"
behaviorConfiguration="restfulBehavior"
binding="webHttpBinding"
bindingConfiguration="WebHttpBindingConfig" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="WebHttpBindingConfig">
<security mode="Transport"/>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="restfulBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="MyGameServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.LocalDbConnectionFactory, EntityFramework">
<parameters>
<parameter value="v11.0" />
</parameters>
</defaultConnectionFactory>
</entityFramework>
<connectionStrings>
<add name="MyGameContext"
providerName="System.Data.SqlClient"
connectionString="Server=.\SQLEXPRESS;Database=MyGame;Integrated Security=True;MultipleActiveResultSets=True"/>
</connectionStrings>
</configuration>
I can access web service with this url:
http://localhost:7342/MyGameService.svc/users,
but I can't if I use the other ones:
https://localhost:4430/MyGameService.svc/users and
https://Melnibone:443/MyGameService.svc/users.
I'm testing it on the same computer (I'm testing it on Melnibone).
When I access it from https://localhost:44300/MyGameService.svc/users I get a HTTP 404 Not Found.
Any advice?

To founding this answer I checked all http bindings and spent about half a day. But I have got it!
Make changes to your config, like this:
<services>
<service behaviorConfiguration="Default" name="Service_Name">
<endpoint behaviorConfiguration="webBehavior" binding="webHttpBinding" bindingConfiguration="httpsBinding" contract="Contract.IContract" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="httpsBinding">
<security mode="Transport" />
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="webBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="Default">
<serviceMetadata httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>

Is it possible to use ASP.NET MembershipProvider/RoleProvider in self-hosted WCF services?

I am trying to use custom ASP.NET MembershipProvider and RoleProvider to handle security for my service. The service is self-hosted in a console app, not in IIS.
I use webHttpBinding with Basic Authentication. I configured serviceCredentials and serviceAuthorization to use providers. Providers really get initialized. But WCF seems to ignore my settings and tryes to login user to Windows. I figured that out from Events Log, and proved by sending my windows credentials to the service. Below you can see my configuration and debug screenshots. Why is it using windows for auth? Maybe it is impossible to use ASP.NET auth providers without IIS?
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<roleManager
enabled="true"
defaultProvider="CustomRoleProvider">
<providers>
<clear/>
<add
name="CustomRoleProvider"
type="CustomRoles.CustomRoleProvider, CustomRoles"/>
</providers>
</roleManager>
<membership defaultProvider="CustomMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="CustomMembershipProvider"
type="CustomRoles.CustomMembershipProvider, CustomRoles"/>
</providers>
</membership>
</system.web>
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttp">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Service">
<serviceAuthorization principalPermissionMode="UseAspNetRoles"
roleProviderName="CustomRoleProvider" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="CustomMembershipProvider" />
</serviceCredentials>
<serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="SuccessOrFailure"
messageAuthenticationAuditLevel="SuccessOrFailure" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="Service" name="CustomRoles.Service">
<endpoint address="http://127.0.0.1:8060" binding="webHttpBinding"
bindingConfiguration="webHttp" contract="CustomRoles.IService" />
</service>
</services>
</system.serviceModel>
</configuration>
That's what I see when debug. Why is it using windows for auth?
credentials screen http://img81.imageshack.us/img81/1289/credentials.gif
link to full size screen

I'm trying to do the same thing.
My service is working well, I'm able to trace the call made to the service via the Service Trace Viewer.
The only problem remaining is that I don't receive any answer to the call. My application is freezing and I have a TimoutException on the call. Here's my settings :
<system.web>
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider"
type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
serviceUri="http://localhost:21200/Authentication_JSON_AppService.axd"
credentialsProvider="LacT.Windows.LoginWindow, LacT.Windows" />
<add name="FooMembershipProvider"
type="Foo.Security.Business.Provider.FooTMembershipProvider, LacT.Security.Business"
serviceUri="http://localhost:21200/Authentication_JSON_AppService.axd"
credentialsProvider="Foo.Windows.LoginWindow, Foo.Windows" />
</providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
<providers>
<add name="ClientRoleProvider"
type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
serviceUri="http://localhost:21200/Role_JSON_AppService.axd"
cacheTimeout="86400" />
</providers>
</roleManager>
</system.web>
And the service model...`
<behaviors>
<endpointBehaviors>
<behavior name="WebBehavior">
<webHttp />
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WebBehavior">
<serviceMetadata httpGetEnabled="true" httpGetUrl="" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicHttpMode">
<security mode="None" />
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="webHttpMode">
<security mode="None" />
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WebBehavior"
name="Foo.Security.Business.Manager.Wcf.Host.SecurityManager">
<endpoint address=""
binding="webHttpBinding"
contract="Foo.Security.Business.Contract.ISecurityContract"
behaviorConfiguration="WebBehavior"
bindingConfiguration="webHttpMode" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:21200" />
</baseAddresses>
</host>
</service>
</services>
`
Maybe with this piece of code it can help you to figure out what's going on with yours.
If you find let me know something.

I've done this during the WCF Master Class, so it is definitely possible. Unfortunately I did not use this in practice and it's a year ago now...
However, try this link, and look for the different downloads about ASP.NET membership stuff. It is basically the outcome of the training session.

Yes is possible:
<?xml version="1.0"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
<connectionStrings>
<add name="mySqlConnection" connectionString="Data Source=.\SQLEXPRESS2012;Integrated Security=SSPI;Initial Catalog=aspnetdb;"/>
</connectionStrings>
<system.web>
<compilation debug="true"/>
<!-- Configure the Sql Membership Provider -->
<membership defaultProvider="MySqlMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="MySqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="mySqlConnection" applicationName="UsersManagementNavigationApplication" enablePasswordRetrieval="false" enablePasswordReset="false" requiresQuestionAndAnswer="false" requiresUniqueEmail="true" passwordFormat="Hashed"/>
</providers>
</membership>
<!-- Configure the Sql Role Provider -->
<roleManager enabled="true" defaultProvider="MySqlRoleProvider">
<providers>
<clear/>
<add name="MySqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="mySqlConnection" applicationName="UsersManagementNavigationApplication"/>
</providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding name="basicBindingConfiguration">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="webEndpointBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="webServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceThrottling/>
<serviceDebug/>
</behavior>
<behavior name="myServiceBehavior">
<!-- Configure role based authorization to use the Role Provider -->
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="MySqlRoleProvider">
</serviceAuthorization>
<serviceCredentials>
<!-- Configure user name authentication to use the Membership Provider -->
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="WcfServiceHTTPSelfHosted.MyCustomValidator, WcfServiceHTTPSelfHosted"/>
</serviceCredentials>
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="myServiceBehavior" name="WcfServiceHTTPSelfHosted.WcfServiceHTTPSelfHosted">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicBindingConfiguration"
contract="WcfServiceHTTPSelfHosted.IWcfServiceHTTPSelfHosted" />
<endpoint address="web" behaviorConfiguration="webEndpointBehavior"
binding="webHttpBinding" bindingConfiguration="webBinding"
contract="WcfServiceHTTPSelfHosted.IWcfServiceHTTPSelfHosted" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:50002/WcfServiceHTTPSelfHosted/" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
And uses a custom UserNamePasswordValidator:
public class MyCustomValidator : UserNamePasswordValidator
{
public MyCustomValidator()
{
}
public override void Validate(string userName, string password)
{
if (!Membership.ValidateUser(userName, password))
{
throw new SecurityTokenException("Users validation failed: " + userName);
}
}
}
this works fine!