I got a task to setup WCF in IIS and need control access to different endpoint with different set of users. I am able to setup https. While I try to set permission with tag <location> in IIS, it seems not working.
I have two usernames, one is xxx.luo and another is xxx.luo2. I like Service1.csv only accessible by xxx.luo and Service2.svc for xxx.luo2. But in following config, I can only get xxx.luo to have access to both endpoint.
For xxx.luo2, I always get following error message:
"The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Negotiate,NTLM'. The remote server returned an error: (401) Unauthorized."
Will you have any suggestions? Is it possible to control permission in this way?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="WcfService1.IService1" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
<service name="WcfService1.Service2">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="WcfService1.IService2" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true"/>
</authentication>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="xxx.luo"/>
</authorization>
</security>
</system.webServer>
<location path="Default Web Site/Service2.svc" allowOverride="false" inheritInChildApplications="false">
<system.webServer>
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true"/>
</authentication>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" roles="xxx.luo2"/>
</authorization>
</security>
</system.webServer>
</location>
</configuration>
With the help of a colleague who already have lots stackoverflow reputation, I(he) figure out the solution.
I need set both my username xxx.luo and xxx.luo2 has access to both pages in tag <system.webServer>
In tag <location> for page Service1.svc, I remove access of xxx.luo2
In tag <location> for page Service2.svc, I remove access of xxx.luo
The web.config as following:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="WcfService1.IService1" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
<service name="WcfService1.Service2">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="WcfService1.IService2" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<security>
<authentication>
<anonymousAuthentication enabled="false" />
<windowsAuthentication enabled="true"/>
</authentication>
<authorization>
<remove users="*" roles="" verbs="" />
<add accessType="Allow" users="xxx.luo"/>
<add accessType="Allow" users="xxx.luo2"/>
</authorization>
</security>
</system.webServer>
<location path="Service1.svc" >
<system.web>
<authorization>
<deny users="companydomain\xxx.luo" />
</authorization>
</system.web>
</location>
<location path="Service2.svc" >
<system.web>
<authorization>
<deny users="companydomain\xxx.luo2" />
</authorization>
</system.web>
</location>
</configuration>
Related
I am trying to create a self-hosted service that listens to amessage queue, and sends an email when a message is put in the queue. However, I am getting the rather well known error
Could not find a base address that matches scheme net.msmq for the
endpoint with binding NetMsmqBinding. Registered base address schemes
are [http].
I have removed all the http stuff in the config file, an I know for a fact that MSMQ is working on my computer, as I have another MSMQ running just fine. The MailNotificationAgentQueue is also created.
Here is my config:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<netMsmqBinding>
<binding exactlyOnce="false" deadLetterQueue="None" durable="True" maxRetryCycles="10" receiveRetryCount="10" useActiveDirectory="True" receiveErrorHandling="Fault">
<security mode="Transport">
<transport msmqAuthenticationMode="WindowsDomain" />
</security>
</binding>
</netMsmqBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MailNotificationAgentEndpointBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="netMsmqBinding" scheme="net.msmq" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="MailNotificationAgent.MailNotificationAgentService" behaviorConfiguration="MailNotificationAgentEndpointBehavior">
<endpoint address="" binding="netMsmqBinding" name="MsmqEndpoint" contract="MailNotificationAgent.IMailNotificationAgentService" />
<host>
<baseAddresses>
<add baseAddress="net.msmq://<MyComputerName>/private/MailNotificationAgentQueue" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
Thanks in advance!
i am getting this
- ERROR: An unhandled exception of type
'System.Configuration.ConfigurationErrorsException' occurred in
System.Configuration.dll Additional information: The binding at
system.serviceModel/bindings/basicHttpBinding does not have a
configured binding named 'BasicHttpBinding_IService1'. This is an
invalid value for bindingConfiguration.
this is my my web.config file
<?xml version="1.0"?>
<configuration>
<configSections>
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" maxBufferSize="1000000000" maxBufferPoolSize="1000000000" maxReceivedMessageSize="100000000">
<readerQuotas maxDepth="32" maxStringContentLength="2097152 "
maxArrayLength="2097152" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration=""
contract="WcfService1.IService1" />
<endpoint address="web" behaviorConfiguration="WebBehaviour" binding="webHttpBinding"
bindingConfiguration="" name="WebEndPoint" contract="WcfService1.IService1" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="WebBehaviour" >
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="DefaultBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment minFreeMemoryPercentageToActivateService="0" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
I've got wcf service with ssl communication, wsHttpBinding and Transport security, but when I try to change it to:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName"/>
</security>
I'm getting error:
An unsecured or incorrectly secured fault was received from the other party. See the
inner FaultException for the fault code and detail.
I change security mode on client side and server side and I have up to date contract.
I can't find any solution to this problem.
Will you help me?
Client.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IDatabaseService">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://dbservice:3915/DatabaseService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDatabaseService"
contract="DBService.IDatabaseService" name="WSHttpBinding_IDatabaseService">
<identity>
<dns value="dbservice" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Server.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<!-- For more information on Entity Framework configuration, visit http://go.microsoft.com/fwlink/?LinkID=237468 -->
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=5.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
<!--<roleManager defaultProvider="CustomRoleProvider" enabled="true">
<providers>
<clear />
<add name="CustomRoleProvider" type="CustomRoleProvider" />
</providers>
</roleManager>-->
<!--<membership defaultProvider="CustomMembershipProvider">
<providers>
<clear />
<add name="CustomMembershipProvider" type="CustomMembershipProvider" />
</providers>
</membership>-->
</system.web>
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
<listeners>
<add name="sdt" type="System.Diagnostics.XmlWriterTraceListener" initializeData="SdrConfigExample.e2e" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.serviceModel>
<services>
<service name="DBService.DatabaseService" behaviorConfiguration="ServiceBehavior">
<endpoint address="https://dbservice:3915/DatabaseService.svc" binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDatabaseService" contract="DBService.IDatabaseService">
<identity>
<dns value="dbservice" />
</identity>
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<!--<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="CustomRoleProvider" />-->
<serviceCredentials>
<!--<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="CustomMembershipProvider" />-->
<serviceCertificate findValue="dbservice" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IDatabaseService">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<add binding="wsHttpBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
</entityFramework>
<connectionStrings>
<add name="WypozyczalniaDataContext" connectionString="metadata=res://*/Wypozyczalnia.csdl|res://*/Wypozyczalnia.ssdl|res://*/Wypozyczalnia.msl;provider=System.Data.SqlServerCe.4.0;provider connection string="data source=C:\Users\Wojciech\Desktop\Wypozyczalnia\Wypozyczalnia.sdf"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
After 8 hours, finally I've found the problem. I've been editing DBSerivce.config, but I've forgotten, that there is separate App.config for my self-hosting application...
Be aware of that or you'll lose half a day :P.
I have added the maxClockScrew to my WCF service config file because it gives me an error when I try to call it over the internet but when I changed the my client time zone to server time zone it works fine(when both in UTC +10.00 it works that means no time difference) or if I set both time to be sync from internet then it works fine.
This is my service config file,
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="Data Source" value="WIN-HDG2"/>
<add key="Initial Catalog" value="DEV"/>
<add key="User ID" value="sa"/>
<add key="Password" value="ssa"/>
<add key="Major version" value="1"/>
<add key="Minor Build" value="1"/>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="ABService.ServiceBehavior"
name="ABService.Service">
<endpoint address="" binding="wsHttpBinding" name="ValidatorEndpoint" bindingConfiguration="ABService.ServiceBehavior"
contract="ABService.IService">
<identity>
<dns value="localhost" />
</identity >
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ABService.ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="AB548"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ABService.Validator.UserNamePassValidator,ABService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="ABService.ServiceBehavior" >
<readerQuotas maxDepth="320" maxStringContentLength="8192000" maxArrayLength="16384000" maxBytesPerRead="999930473" maxNameTableCharCount="16384000"/>
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
<customBinding>
<binding name="ABService.ServiceBehavior">
<textMessageEncoding />
<security authenticationMode="Kerberos">
<localClientSettings maxClockSkew="00:07:00" />
<localServiceSettings maxClockSkew="00:07:00" />
<secureConversationBootstrap>
<localClientSettings maxClockSkew="00:30:00" />
<localServiceSettings maxClockSkew="00:30:00" />
</secureConversationBootstrap>
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
please some one help me with this issue....
I am trying to set the binding setting maxRetryCount="Integer" but it states "The maxRetryCount attribute is not allowed".
I see it being referenced/used in many examples.
What am I doing wrong?
Want to set this attribute(setting)to see if it stops an error I am getting: The maximum retry count has been exceeded with no response from the remote endpoint. The reliable session was faulted. This is often an indication that the remote endpoint is no longer available.
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<services>
<service name="dedicated_servers.dedicated_servers.DedicatedServerApi">
<endpoint address="User" binding="wsHttpBinding" contract="dedicated_servers.dedicated_servers.IDedicatedServerApiUser" bindingConfiguration="NoSecurityConfig">
</endpoint>
<endpoint address="Server" binding="wsHttpBinding" contract="dedicated_servers.dedicated_servers.IDedicatedServerApiServer" bindingConfiguration="NoSecurityConfig">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="NoSecurityConfig" openTimeout="00:05:00" closeTimeout="00:05:00" sendTimeout="00:05:00"
receiveTimeout="00:05:00">
<security mode="None">
<transport clientCredentialType="None" />
<message establishSecurityContext="false" />
</security>
<reliableSession enabled="true" inactivityTimeout="00:10:00" maxRetryCount="8" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
See this answer. To paraphrase, you can't set the maxRetryCount on wsHttpBinding but you can do some custom binding trickery to make it work.