I have developed WCF windows service using net tcp binding. Its working fine when wcf client and wcf service both are in domain (in two different system)
Getting error when both system are in work group not in domain
please suggest what configuration i need to change .
Error :System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '00:00:58.9879193'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Client Config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<client>
<endpoint kind="discoveryEndpoint" address="net.tcp://localhost:8005/Probe" binding="netTcpBinding" bindingConfiguration="RequestReplyNetTcpBinding">
</endpoint>
<endpoint binding="netTcpBinding" bindingConfiguration="RequestReplyNetTcpBinding" contract="Test2ServLib.IService1" behaviorConfiguration="LargeEndpointBehavior">
<identity>
<dns value="WCFServer" />
</identity>
<!--The behaviorConfiguration is required to enable WCF deserialization of large data sets -->
</endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior name="announcementBehavior">
<!--The following behavior attribute is required to enable WCF serialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceDiscovery>
<announcementEndpoints>
<endpoint kind="announcementEndpoint" address="net.tcp://localhost:8005/Announcement" binding="netTcpBinding" bindingConfiguration="RequestReplyNetTcpBinding" />
</announcementEndpoints>
</serviceDiscovery>
<serviceThrottling maxConcurrentCalls="1500" maxConcurrentSessions="1500" maxConcurrentInstances="1500" />
<clientCredentials>
<clientCertificate findValue="WCFClient"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<serviceCertificate >
<authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
<behavior name="LargeEndpointBehavior">
<!--The behavior is required to enable WCF deserialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<clientCredentials>
<clientCertificate findValue="WCFClient"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<serviceCertificate >
<authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="disableEndpointDiscovery">
<endpointDiscovery enabled="false" />
<!--The behavior is required to enable WCF deserialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<clientCredentials>
<clientCertificate findValue="WCFClient"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<serviceCertificate >
<authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
<behavior name="LargeEndpointBehavior">
<!--The behavior is required to enable WCF deserialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<clientCredentials>
<clientCertificate findValue="WCFClient"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<serviceCertificate >
<authentication certificateValidationMode="PeerTrust" revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="RequestReplyNetTcpBinding" receiveTimeout="05:00:00" openTimeout="00:00:59" closeTimeout="00:00:59" maxBufferPoolSize="524288" maxBufferSize="25000000" maxConnections="50" maxReceivedMessageSize="25000000" sendTimeout="00:05:00" listenBacklog="1500">
<reliableSession ordered="false" inactivityTimeout="00:01:00" enabled="true" />
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security>
<message clientCredentialType="Certificate"/>
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
Service Config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="announcementBehavior">
<!--The following behavior attribute is required to enable WCF serialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceDiscovery>
<announcementEndpoints>
<endpoint kind="announcementEndpoint"
address="net.tcp://localhost:8005/Announcement"
binding="netTcpBinding"
bindingConfiguration="RequestReplyNetTcpBinding"/>
</announcementEndpoints>
</serviceDiscovery>
<serviceThrottling
maxConcurrentCalls="1500"
maxConcurrentSessions="1500"
maxConcurrentInstances="1500"/>
<serviceCredentials>
<serviceCertificate findValue="WCFServer"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck" mapClientCertificateToWindowsAccount="false" />
</clientCertificate>
</serviceCredentials>
</behavior>
<endpointBehaviors>
<behavior name="disableEndpointDiscovery">
<endpointDiscovery enabled="false"/>
<!--The behavior is required to enable WCF deserialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceCredentials>
<serviceCertificate findValue="WCFServer"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck" mapClientCertificateToWindowsAccount="false" />
</clientCertificate>
</serviceCredentials>
</behavior>
<behavior name="LargeEndpointBehavior">
<!--The behavior is required to enable WCF deserialization of large data sets -->
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceCredentials>
<serviceCertificate findValue="WCFServer"
storeLocation="LocalMachine"
storeName="TrustedPeople"
x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck" mapClientCertificateToWindowsAccount="false" />
</clientCertificate>
</serviceCredentials>
</behavior>
</endpointBehaviors>
</behavior>
</serviceBehaviors>
<service name="Test2ServLib.IService1"
behaviorConfiguration="announcementBehavior">
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8006/Service1"/>
</baseAddresses>
</host>
<endpoint binding="netTcpBinding"
bindingConfiguration="RequestReplyNetTcpBinding"
contract="Test2ServLib.IService1"
behaviorConfiguration="LargeEndpointBehavior" />
<bindings>
<netTcpBinding>
<binding RequestReplyNetTcpBinding>
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
According to the information you provide, it is very likely that the error is caused by the large amount of transmitted data. NetTcpbing will have a higher transmission performance in the local area network. SO you have no errors in the same domain. The WCF default timeout period is 1 minute. If the data is not transmitted within a minute, an error will be reported. I suggest you extend the timeout period on the server side:
<bindings>
<netTcpBinding>
<binding openTimeout="00:10:00"
closeTimeout="00:10:00"
sendTimeout="00:10:00"
receiveTimeout="00:20:00">
</binding>
</netTcpBinding>
</bindings>
Besides, please enable the windows feature for supporting NetTCP protocol.
Feel free to let me know if the problem persists.
UPDATE
If the client and server are not on the same machine, the client needs to provide windows credentials, because nettcpbinding defaults to windows authentication:
ServiceReference1.CalculatorClient calculatorClient = new ServiceReference1.CalculatorClient();
calculatorClient.ClientCredentials.Windows.ClientCredential.UserName = "Administrator";
calculatorClient.ClientCredentials.Windows.ClientCredential.Password = "Password";
If this problem still exists, it is recommended to add a mex endpoint:
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"></endpoint>
Set the Mode value to Message:
<binding name="Binding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
In your configuration file, I found that you did not set the value of Mode.
This is my App.config:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<services>
<service name="Microsoft.Samples.X509CertificateValidator.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior">
<!-- use host/baseAddresses to configure base address provided by host -->
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8001/servicemodelsamples/service"/>
</baseAddresses>
</host>
<!-- use base address specified above, provide one endpoint -->
<endpoint address="certificate" binding="netTcpBinding" bindingConfiguration="Binding" contract="Microsoft.Samples.X509CertificateValidator.ICalculator"/>
</service>
</services>
<bindings>
<netTcpBinding>
<!-- X509 certificate binding -->
<binding name="Binding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata/>
<serviceCredentials>
<!--
The serviceCredentials behavior allows one to specify authentication constraints on client certificates.
-->
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
<!--
The serviceCredentials behavior allows one to define a service certificate.
A service certificate is used by a client to authenticate the service and provide message protection.
This configuration references the "localhost" certificate installed during the setup instructions.
-->
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
Related
Client certificate (from commercial CA) was changed due to expiration and communication to one service stopped functioning - we get following error on server trace
System.IdentityModel.Tokens.SecurityTokenValidationException: The X.509 certificate CN=aaa.ccc.ff, O=XXXXX, L=Brbr, C=XX chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
The same certificate is used to authenticate to other company's service that uses the same configuration and it's working fine the whole time.
service's configuration is following:
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="A2AValidation" type="xxxyyyzzz.A2AValidation+CustomBehaviorSection, xxxyyyzzz A2A, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</behaviorExtensions>
</extensions>
<protocolMapping>
<add scheme="http" binding="wsHttpBinding" />
</protocolMapping>
<bindings>
<wsHttpBinding>
<binding name="WcfServiceBinding">
<security mode="Message">
<message clientCredentialType="Certificate" negotiateServiceCredential="true" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ClientSecBehavior" name="xxxyyyzzz.Service">
<endpoint address="" behaviorConfiguration="A2AValidationBehavior" binding="wsHttpBinding" bindingConfiguration="WcfServiceBinding" name="A2AmessageEndpoint" contract="xxxyyyzzz.IService" />
<endpoint address="mex" binding="mexHttpsBinding" name="A2AMessageEndpointMex" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://xxxyyyzzz:10002/XX/A2A/Service.svc" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="A2AValidationBehavior">
<A2AValidation />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ClientSecBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck" mapClientCertificateToWindowsAccount="true" />
</clientCertificate>
<serviceCertificate findValue="______" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<diagnostics wmiProviderEnabled="true">
<messageLogging logEntireMessage="true" logKnownPii="false" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="500" />
<endToEndTracing messageFlowTracing="true" />
</diagnostics>
</system.serviceModel>
Client side config is as following (also contains config for the other service that runs OK in other company):
<system.serviceModel>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="true"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="YYYY_A2AMessageEndpoint_BindingConfig" maxReceivedMessageSize="2147483647">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
<binding name="XXXYYYZZZ_A2AMessageEndpoint_BindingConfig">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="YYYY_A2AMessageEndpoint_BehaviorConfig">
<clientCredentials>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"
revocationMode="NoCheck"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
<clientCertificate findValue="__________" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" />
</clientCredentials>
</behavior>
<behavior name="XXXYYYZZZ_A2AMessageEndpoint_BehaviorConfig">
<clientCredentials>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust"
revocationMode="NoCheck"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
<clientCertificate findValue="__________" x509FindType="FindByThumbprint" storeLocation="LocalMachine" storeName="My" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint
name="YYYY_A2AMessageEndpoint"
contract="A2AMessageService.IService"
address="http://YYYY:10002/a2a/Service.svc"
binding="wsHttpBinding" bindingConfiguration="YYYY_A2AMessageEndpoint_BindingConfig"
behaviorConfiguration="YYYY_A2AMessageEndpoint_BehaviorConfig" >
<identity>
<certificate encodedValue="xyz=" />
</identity>
</endpoint>
<endpoint
name="XXXYYYZZZ_A2AMessageEndpoint"
contract="A2APTAMessageService.IService"
address="http://XXXYYYZZZ:10002/PTA/A2A/Service.svc"
binding="wsHttpBinding" bindingConfiguration="XXXYYYZZZ_A2AMessageEndpoint_BindingConfig"
behaviorConfiguration="XXXYYYZZZ_A2AMessageEndpoint_BehaviorConfig" >
<identity>
<certificate encodedValue="xyz=" />
</identity>
</endpoint>
</client>
</system.serviceModel>
The certificate is correctly registered in IIS Certificate Mapping and also in AD Certificate mapping, the whole certificate chain is displayed correctly on IIS and on AD for client certificate.
The certificate that the client uses has following purposes:
Proves your identity to a remote computer
Ensures the identity of a remote computer
2.23.140.1.2.2
But I don't see this as a problem as one service does not have problem with such type of certificate to use.
If the code on the successful computer is the same as yours and only the certificate is different from yours, Try exporting the certificate on a successful computer and then import to your device.
I'm having truble with configuration around my WCF service and WS-Seciurity.
I don't have access to the client side, so far I'm trying to use SoapUI as a client with WS-A adressing, userName, Password and WSS Password Type 'PasswordDigest' options.
I use IIS and https with a simple certificate, .NET 4.7.
I've tried many versions, but without success. I just want to find simplest, working solution to read 'Seciurity' header from SoapUI/client request with WS-Seciurity PasswordDigest options enabled.
The current error with the current config file 'InvalidSecurity' 'An error occurred when verifying security for the message'
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="wsHttpBinding"/>
</protocolMapping>
<services>
<service name="SoapService" behaviorConfiguration="SoapServiceConf">
<!--<endpoint address="SoapService" binding="wsHttpBinding" contract="MPA.SoapService.References.ServiceReference.SentSOAP" /> -->
<endpoint address="" binding="wsHttpBinding" contract="Interfaces.ISoap" bindingConfiguration="wsHttpBind"/>
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding maxReceivedMessageSize="10485760" name="wsHttpBind">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic"/>
<message clientCredentialType="UserName" algorithmSuite="Default" establishSecurityContext="false" />
</security>
<reliableSession enabled="false" />
<readerQuotas maxArrayLength="10485760" maxDepth="1024" maxStringContentLength="10485760" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SoapServiceConf">
<serviceCredentials>
<serviceCertificate findValue="soapservice"
storeName="My"
x509FindType="FindByIssuerName" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
<behavior name="MyServiceTypeBehaviors" >
<!-- Add the following element to your service behavior configuration. -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks.
I'm experiencing a problem when trying to introduce WCF-Routing into a project containing two target service endpoints which have message security enabled. (Signing only - No encryption)
I've set two simple Action based filters which direct to one service or the other.
Calling the RoutingService from my client presents the following error message in the trace logs:
The 'Body', 'http://www.w3.org/2003/05/soap-envelope' required message part was not encrypted.
I've set ProtectionLevel.Sign on the service interface so i'm struggling to understand why this is a problem.
[ServiceContract(Namespace = "http://helloservice.adam.com/services/v1.0", ProtectionLevel = ProtectionLevel.Sign)]
public interface IHelloAService
{
[OperationContract(Action = "http://helloservice.adam.com/services/v1.0/helloa", ProtectionLevel = ProtectionLevel.Sign)]
string SayHello(string name);
}
Any help that anyone can provide would be much appreciated.
WCF Service Project Config
Services
<services>
<service name="System.ServiceModel.Routing.RoutingService" behaviorConfiguration="RoutingSecureBehavior" >
<endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
contract="System.ServiceModel.Routing.ISimplexDatagramRouter"
name="RoutingServiceEndpoint" />
</service>
<service name="WCF.Services.HelloAService" behaviorConfiguration="SecureServiceBehavior">
<endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
contract="WCF.Services.IHelloAService" />
</service>
<service name="WCF.Services.HelloBService" behaviorConfiguration="SecureServiceBehavior">
<endpoint binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
contract="WCF.Services.IHelloBService" />
</service>
</services>
Bindings
<customBinding>
<binding name="HTTPSCustomBinding">
<textMessageEncoding messageVersion="Soap12WSAddressing10" writeEncoding="utf-8" />
<security allowSerializedSigningTokenOnReply="true"
authenticationMode="MutualCertificateDuplex"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
messageProtectionOrder="SignBeforeEncrypt" />
<httpsTransport/>
</binding>
</customBinding>
Service Behaviors
<serviceBehaviors>
<behavior name="SecureServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />
</clientCertificate>
<serviceCertificate findValue="service.adam.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="50" maxConcurrentInstances="50" />
</behavior>
<behavior name="RoutingSecureBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck" />
</clientCertificate>
<serviceCertificate findValue="service.adam.com" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceThrottling maxConcurrentCalls="50" maxConcurrentInstances="50" />
<routing filterTableName="MyFilterTable" routeOnHeadersOnly="True" />
</behavior>
</serviceBehaviors>
Filters
<routing>
<filters>
<filter name="HelloAAction" filterType="Action" filterData="http://helloservice.adam.com/services/v1.0/helloa" />
<filter name="HelloBAction" filterType="Action" filterData="http://helloservice.adam.com/services/v1.0/hellob" />
</filters>
<filterTables>
<filterTable name="MyFilterTable">
<add filterName="HelloAAction" endpointName="HelloA" priority="100" />
<add filterName="HelloBAction" endpointName="HelloB" priority="100" />
</filterTable>
</filterTables>
</routing>
Service Side Clients
<client>
<endpoint name="HelloA" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="Internal_SecureClientBehavior" contract="*" />
<endpoint name="HelloB" binding="customBinding" bindingConfiguration="HTTPSCustomBinding" behaviorConfiguration="Internal_SecureClientBehavior" contract="*" />
</client>
Endpoint Behaviors
<endpointBehaviors>
<behavior name="Internal_SecureClientBehavior">
<clientCredentials>
<clientCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<authentication revocationMode="NoCheck" certificateValidationMode="ChainTrust" />
<defaultCertificate findValue="service.adam.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
WCF Client Project Config
Client Side Clients
<client>
<endpoint name="ServiceProxy"
address="https://services.adam.com/ServiceProxy.svc"
binding="customBinding" bindingConfiguration="HTTPSCustomBinding"
behaviorConfiguration="SecureClientBehavior"
contract="WCF.Services.IHelloAService">
<identity>
<dns value="service.adam.com" />
</identity>
</endpoint>
</client>
Bindings
<customBinding>
<binding name="HTTPSCustomBinding">
<textMessageEncoding messageVersion="Default" writeEncoding="utf-8" />
<security allowSerializedSigningTokenOnReply="true" authenticationMode="MutualCertificateDuplex"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10" />
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"
maxPendingAccepts="1" />
</binding>
</customBinding>
Behaviors
<endpointBehaviors>
<behavior name="SecureClientBehavior">
<clientCredentials>
<clientCertificate findValue="client.adam.com" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<authentication revocationMode="NoCheck" certificateValidationMode="ChainTrust" />
<defaultCertificate findValue="service.adam.com" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
I know this is a very common scenario, but I've still, after two days of searching, not found a solution to this problem.
I've got a WCF Service and a client (web site), using SSL and a client certificate.
Relevant service config section:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="HOLBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HOLServiceBehaviour">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine" />
</clientCertificate>
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<services>
<service name="HOL.Core.Service.HOLService" behaviorConfiguration="HOLServiceBehaviour">
<endpoint address="bh" bindingConfiguration="HOLBinding" binding="basicHttpBinding" contract="HOL.Core.Service.IHOLService" />
<endpoint address="wb" behaviorConfiguration="WebBehaviour" binding="webHttpBinding" contract="HOL.Core.Service.IHOLService" />
</service>
</services>
Relevant client service config:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="HOLServiceEndpointBehaviour">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine"
findValue="mythumbprint"
x509FindType="FindByThumbprint" storeName="TrustedPeople" />
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IHOLService" maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www.myhttpsite.co.uk/Service/HOLService.svc/bh" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IHOLService" contract="HOLCoreService.IHOLService"
name="BasicHttpBinding_IHOLService" behaviorConfiguration="HOLServiceEndpointBehaviour">
</endpoint>
</client>
</system.serviceModel>
My certificate is being found, so that's not the problem (took me a day to fix that problem too!)
I believe the error is that the client calling the WCF Service simply isn't sending through the correct details to authenticate... but why?
I am trying to configure a REST WCF service over SSL and I keep getting:
Could not find a base address that
matches scheme https for the endpoint
with binding WebHttpBinding.
Registered base address schemes are
[http].
Can somebody please take a look at my config file? Thanks.
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding1">
<security>
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
<mexHttpsBinding>
<binding name="mexHttpsBinding1"/>
</mexHttpsBinding>
<webHttpBinding>
<binding name="webHttpBinding1">
<security mode="Transport" />
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="serviceBehavior" name="CompanyX.WebServices.WebApi">
<endpoint address="" behaviorConfiguration="WebApiBehavior" binding="webHttpBinding"
bindingConfiguration="webHttpBinding1" contract="CompanyX.WebServices.IWebApi">
<identity>
<certificateReference x509FindType="FindBySubjectName" findValue="CompanyXDev"
isChainIncluded="false" storeName="My" storeLocation="LocalMachine" />
</identity>
</endpoint>
<endpoint binding="mexHttpsBinding" bindingConfiguration="mexHttpsBinding1"
name="mex" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="WebApiBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpsGetEnabled="true" httpGetBinding="" httpsGetBinding="webHttpBinding"
httpsGetBindingConfiguration="webHttpBinding1" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<certificate findValue="CompanyXDev" x509FindType="FindBySubjectName" />
</clientCertificate>
<serviceCertificate findValue="CompanyXDev" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="CompanyX.WebServices.CredentialsValidator, CompanyX.WebServices" />
<peer>
<certificate findValue="CompanyXDev" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" storeName="My" />
</peer>
<issuedTokenAuthentication>
<knownCertificates>
<add findValue="CompanyXDev" storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName" />
</knownCertificates>
</issuedTokenAuthentication>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Let me guess: You are running your service from Visual Studio in Developement web server (Cassini), don't you? Development web server does not support HTTPS. You have to host your service in IIS and follow Greg's advice to add HTTPS binding for the site.
You need to add a https binding in IIS.
Navigate to your site in IIS
Click 'Bindings...' in the Actions panel on the right.
Click 'Add'
Select 'https' and select a certificate.
Two choices:
Specify the full address in the endpoints.
Specify somewhere in the tag the base addresses used for the host, for example:
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/service"/>
<add baseAddress="https://localhost:8001/service"/>
</baseAddresses>
</host>