I have a Web API (ASP.NET Core 3.0, IIS 6.2) on Windows Server 2012 R2. When it's making an HTTPS request to an external SOAP API, I get a responce with code 500 after 20 seconds. My API wrote in a log:
The operation timed out
Tail of an exception stack trace:
at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)\r\n at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)\r\n at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)\r\n at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass1_0.b__0(IAsyncResult asyncResult)\r\n--- End of stack trace from previous location where exception was thrown ---
I repeat my API's request from the same server to external one by SoapUI. It's successfull after 2-3 seconds. Also my Web API works from my another server.
Unfortunatelly, I don't know how to get a reason of the problem. Can you give me any idea, please?
I found a solution. I just updated nuget packages System.ServiceModel.* from 4.4.0 and WCF requests work appropriately now.
https://github.com/dotnet/wcf/issues/2368
Related
I have developed .Net Core (5.0) application and its have SSO Login functionality.
This application is deployed on PCF and its having multiple instance
Now issue is while calling .Net Core methods using ajax call its giving below exception
Look 1st request goes in 1st instance and 2nd request goes in 2nd instance but 2nd instance not able to process the request how can we resolve this?
We use Service stack, and run using the InProcess model on .net core.
We have some longer running requests, which we would like to timeout - however, I am struggling to do this. Before .net core, you could configure the httpRuntime's "executionTimeout" however, this is unavailable in .net core. The new way of doing this (I believe) is to use the "requestTimeout" in the config - but Microsoft's website claims this is not supported with the InProcess model. If feels like the only solution left is to configure this in Service Stack somewhere, but I am not seeing anywhere obvious.
Am I missing something here? Is there a ServiceStack option to force the thread to finish on a timeout, or is this just not not possible?
There are other timeout options via IIS, but none which will stop the execution
Thanks
ServiceStack operates as a library handler on the .NET HTTP Worker Request thread, i.e. it doesn't spawn or manage any of its own threads. Any request quota limits or timeouts would need to be configured on the underlying HTTP Server, i.e. just as any other ASP.NET Core App would need to do.
If you're using IIS, you can still configure ASP.NET Core Request Timeouts in Web.config in the <aspNetCore/> tag. If you're using the default Kestrel HTTP Server you can configure its limits when configuring your Web Host.
I wrote an ASP.NET Core 3.1 MVC web application. It's an front end calling a Web API back end.
The application works perfectly on development and Staging.
I can't make it work on Production: the Web API seems ok, I can call it from the browser or Postman.
But I can't reach it from my web app. This is the error from the log when it tries to make a call:
info: System.Net.Http.HttpClient.IApiClient.ClientHandler[100]
Sending HTTP request GET https://webapi.****.it/inetApi/api/links
fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
An unhandled exception has occurred while executing the request.
System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host..
System.Net.Sockets.SocketException (10054): An existing connection was forcibly closed by the remote host.
--- End of inner exception stack trace ---
Staging and Production are both Windows server 2019 machines with IIS10 web server.
Staging has a single website where both the Web API and the web app run as applications:
Web-t.****.it/inetApi
Web-t.****.it/inetW
Production VM has two website, one is supposed to be for internal web apps and the other for APIs:
webapi.****.it/inetApi
intranet.****.it/inetW
We made this VM from the scratch, it's new, there aren't any other application or websites on it.
I already tried to move the Web API application into the same website of the web app to see if that could be the problem, but it doesn't.
I tried to force the web app to use TLS as security protocol using this in my startup.cs:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;
But it only change the error:
info: System.Net.Http.HttpClient.IApiClient.ClientHandler[100]
Sending HTTP request GET https://webapi.****.it/inetApi/api/links
fail: Microsoft.AspNetCore.Diagnostics.ExceptionHandlerMiddleware[1]
An unhandled exception has occurred while executing the request.
System.Net.Http.HttpRequestException: An error occurred while sending the request.
System.Net.Http.WinHttpException (80072EFF, 12030): Error 12030 calling WINHTTP_CALLBACK_STATUS_REQUEST_ERROR, 'The connection with the server was terminated abnormally'.
at System.Threading.Tasks.RendezvousAwaitable`1.GetResult()
at System.Net.Http.WinHttpHandler.StartRequestAsync(WinHttpRequestState state)
--- End of inner exception stack trace ---
So I tried to call the production Web API from the web app on staging or development, and it works.
Then I tried to use the web app on Production with the staging Web API... and it works too!
This is driving me nuts.
It's like everything in production is working individually, but not together.
I have grants to do everything I need on the VMs... but I'm a developer (and not very good at dealing with systems), and I can't ask much help to the sysadmins because they are overwhelmed in this period.
Any ideas?
According to the Transport security Best practice, as much as possible not to specify the SSL version during the establishment of SSL connection. Just let the OS decide on the SSL protocol version.
https://learn.microsoft.com/en-us/dotnet/framework/network-programming/tls
There might be something wrong with the validation process of the SSL certificate installed on the server-side. As you know, SSL communication requires the trust relationship between the client-side and the server-side, therefore I would like to know how you specify the certificate for your WebAPI project. have you established the trust relationship between the client-side and the server-side? namely, install the service certificate on the client-side. As to explain how it works properly in the development and Staging environment, Http Get request doesn't represent something, please try an Http Post request.
Besides, the SSL protocol requires the DotNet framework/OS support, try to install a high version DotNet framework.
Feel free to let me know if you get something new afterward.
I have a silverlight application hosted on an asp.net web application including a WCF SOAP web service. The application is running under an HTTPS://... link using SSL. When I deploy it on our test server running IIS 7.5, everything works fine and as expected.
I also have a second web application including a RESTful WCF service which runs using SSL on both my local machine and the mentioned test server (but no silverlight client in this case).
My problem is that the silverlight client receives a Security error when getting responses from the SOAP service in the part where deserialization should take place, but only on my local machine.
return base.Channel.EndGet...(IAsyncResult) // <-- exception reported here:
System.ServiceModel.CommunicationException: An error occurred while
trying to make a request to URI 'https://localmachinename.domain.com:8000/Service.svc'.
This could be due to attempting to access a service in a cross-domain way without a
proper cross-domain policy in place, or a policy that is unsuitable for SOAP services.
You may need to contact the owner of the service to publish a cross-domain policy file
and to ensure it allows SOAP-related HTTP headers to be sent. This error may also be
caused by using internal types in the web service proxy without using the
InternalsVisibleToAttribute attribute. Please see the inner exception for more
details. ---> System.Security.SecurityException --->
System.Security.SecurityException: Security error.
at System.Net.Browser.BrowserHttpWebRequest.InternalEndGetResponse(IAsyncResult asyncResult)
at System.Net.Browser.BrowserHttpWebRequest.c__DisplayClassa.b__9(Object sendState)
at System.Net.Browser.AsyncHelper.c__DisplayClass4.b__0(Object sendState)
--- End of inner exception stack trace ---
at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
--- End of inner exception stack trace ---
at System.ServiceModel.Channels.Remoting.RealProxy.Invoke(Object[] args)
at proxy_2.EndGetTypes(IAsyncResult )
at NameSpace.ClientClass.ServiceContractInterfaceImplementation.EndGetTypes(IAsyncResult result)
My clientaccesspolicy.xml for the SOAP service looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Any hints what I'm doing wrong?
The deployed application runs fine on our test web server.
Dec 06 2012: The problem still persists. Some updates / more information:
The web service uses windows authentication and impersonation. The only difference between test server and local machine is that the application pools run under different identities which in both cases is a technical domain user. The only difference I've found is that the user on my local machine was not granted the "Trusted for delegation" flag in Active Directory. So I assumed it could be a Kerberos problem. However, when I run my restful WCF service and client, this never was a problem. Besides, using a windows forms client for the SOAP service, everything runs fine on my local machine and developing/debugging is just possible as intended.
So it has to be a Silverlight problem.
What I do not get is, assuming this dreaded security error results from a crossdomain policy problem as it does in most cases, where are those domains crossed? Everything should be happining on the local machine, no other services are called. This shouldn't happen using IIS Express, should it?
Anybody able to help?
The clientaccesspolicy.xml should be placed in wwroot folder and also include crossdomain.xml
If you have multiple startup project in solution make sure you are running your Service and proper Silverlight project. I had two silverlight projects and was starting the wrong one that didnt contain clientaccesspolicy.xml.
I made a WCF Service with wsHttpBinding that uses asp.net membership provider for authentication. I can able to host the service on Server successfully. But my problem is wiered. (I can able see the .svc and wsdl files in browser irrespective of the domain) I can able to consume the service only from my machine or any other machine in the same domain. If I try to access the service from some other domain through the application(windows appl.). It is giving me the error message :-
"The communication object, System.ServiceModel.Channels.ServiceChannel, cannot be used for communication because it is in the Faulted state"
Stack Trace:
Server stack trace:
at System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
at System.ServiceModel.ClientBase1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
at System.ServiceModel.ClientBase1.Close()
at System.ServiceModel.ClientBase`1.System.IDisposable.Dispose()
at AOLICWindows.Forms.SynchronizeTest.btnRegistration_Click(Object sender, EventArgs e)
wsHttpBinding defaults to using Windows credentials for authentication, which is fine as long as you are on the same domain, or on domain with full trust relationships.
The error message seems to point to a timeout - maybe you need to tweak those. Once an exception happens on your server which is not handled properly and turned into a SOAP fault, then the channel (the connection between client and server) is "faulted", e.g. it goes into a state of error, and cannot be used anymore. All you can do is abort the channel (you can't even close it anymore at that point), and re-create it from scratch.
Or maybe this timeout happens because you have wrapped your client proxy's usage into a using(......) {......} block? That's usually a great idea - but not in the case of a WCF client proxy.
The problem occurs because of the fact that once a channel is faulted, you can't even close it anymore. If you wrap your client proxy usage into a using() statement, when something goes bad on the server and isn't handled properly, the channel will fault, and at the end of the using() block, the .NET runtime tries to close it, which then throw another exception since the channel is faulted....
So for WCF clients, the recommended best practice is something like this:
YourClientProxy proxy = new YourClientProxy();
try
{
... use it
proxy.Close();
}
catch(TimeoutException exception)
{
proxy.Abort();
}
catch(CommunicationException exception)
{
proxy.Abort();
}
Marc