I have implemented message layer security using message inspector mechanism in a wcf service.
On the client side, in IClientMessageInspector.BeforeSendRequest I add an authentication header.
On the service side, in IDispatchMessageInspector.AfterReceiveRequest I inspect the authentication header in the message. If it is not found or as expected, I throw a SecurityException and try to log it to a database.
Here comes the interesting part. When logging to database, I try to read from this webservice again (this is web service which provides configuration info).
This is where the service stalls/deadlocks. I can see that the call to read configuration (when logging to db) is made, but I don't receive the call on the service. I keep getting a timedout exception every time.
After a little googling, I came across this post, which mentions that message inspectors are synchronous in nature. If that is so, how can I achieve what I am after?
Related
I am trying to implement the same functionalities of one WCF web service (which is working of course) to another WCF web service, but I encounter an exception: {"An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail."}
and {"The message could not be processed because the action 'http://tempuri.org/IBlueWebService/GetDataSourceList' is invalid or unrecognized."}
I copied exactly same codes and same configuration and I use my client tool to call the new web service (I only changed the web service url to the new one), but it throws the exception.
Some forums told me to set the establishSecurityContext but it doesn't work also.
Please can somebody tell me what I am missing?
Solution
I tried to compare the wsdl files and I remarked that the new wcf web service had different action url from the old one, but I tried to use the same config file in client application (which is obviously looking for old wcf web service action url).
So in every operationcontract of new web service, I specified the action url and replyaction url for every operation and it works for me now.
I have a peculiar problem with client requests randomly not getting a response to a WCF service call.
The setup is a Silverlight 5 application making calls to a WCF service, using both HTTP and PollingDuplex bindings. The SL makes a number of requests upon loading (20+ in 20s), and every now and then does not receive a response to one or two of them. To be clear, the exact same request works 90% of time, if I refresh the page all requests could get a response.
The error cannot be the actual request sent. I use Fiddler to validate this as well, since I see the request being made (make sure the content is the same as previous successful requests), but there is no response to the request. Eventually the client times out the request. The WCF service is hosted in IIS7, and I have diagnostics and logging enabled on both. In the WCF server trace logs, I only see message logged when the client times the request out. It has the following exception action logged under a "Processing message" activity, at the time of the client timing out:
"The number of bytes available is inconsistent with the HTTP Content-Length header. There may have been a network error or the client may be sending invalid requests."
This is as if the body of the HTTP is not getting through to WCF (I do not know if I can log the full request received by IIS before passing to WCF handlers?). As I said, using Fiddler I can see the full message is valid (note that this behaviour also occurs when Fiddler is not sniffing the traffic, so I've ruled Fiddler out as the problem).
Typically the "Processing message" activity has a "To: Process action xxx"
Like I said this occurs with Http and PollingDuplex services, on my dev box as well as production web servers. Occurs on different endpoints as well, and I don't think it has to do with WCF throttling behaviour, since it occurs
Any information or help will be appreciated to get to the cause, whether it's additional information I can gather to help diagnose or any hints.
I have a WinForm app which uses WCF to call a WCF service. I am trying to troubleshoot an issue and need to look at the wcf trace file without any encryption. So I have WCF endpoint set to use BasicHttpBinding and my service contract is set for SessionMode = SessionMode.NotAllowed.
However I keep getting an error "Contract requires Session, but Binding 'BasicHttpBinding' doesn't support it or isn't configured properly to support it".
I don't want to use sessions. Why does it think I want to use sessions?
OR how do I get the messages to go on the wire where I can see objects and their properties in clear text in the trace file?
BasicHttpBinding never uses session. There is something incorrectly configured in your code (or you didn't correctly update service reference). To see messages even if security is enabled use Message logging.
I have a wcf service and handle a lot of client (server document generation). This service should receive a lot of request and should be handle in queue. It also have a callback. (callback will return successfully generated document). I am still using PIA and will implement OpenXML in the future.
Is it wcf msmq is the way to implement this?
Is there any samples might be related? Previously its running in local machine but now want to change it as a so called "Server generated"
WCF MSMQ doesn't support callback directly - it supports only one-way operations. But for example this article discuss how to add this support. With default configuration you can send message back to original sender but it is not a callback. To support responses every client will have to expose queue and pass address of its queue as part of the request to be able to receive the message from the service. More about responses in MSMQ is in MSDN magazine.
I'm connecting to a webservice using WCF. I can authenticate on the server correctly, send my request, and get a signed response back.
The only thing is that the body of the response isn't encrypted. Ok, I'm fine with that. It's not my service and not my call how they do things, I'm just writing a client.
The issue is that WCF keeps giving me a MessageSecurityException stating that the'Body' required part of the response message wasn't encrypted. Where in my app.config can I specify that I couldn't give two flying craps that it isn't encrypted and it should be let through and read?
For the record, I'm using customBinding.
The protection level (which defaults to "EncryptAndSign" in WCF) is set on the service contract, e.g. your interface that defines the service methods:
[ServiceContract(Name="YourServiceContract",
Namespace="http://www.yourdomain.com/2009/09/WCF",
ProtectionLevel=ProtectionLevel.None)]
public interface IYourService
{
string SayHello(string inputString);
}
You can set it to "ProtectionLevel.EncryptAndSign" (which is the default), "Sign" or "None".
However, you cannot set it to be one thing for the request and another for the response - the protection level applies to both directions of your WCF communication.
Check out the Fundamentals of WCF Security which explains these topics (this one in particular on page 2).
Marc
There is a way to send a secured message and permit the response to be unsecured. However it requires a hotfix you need to request from Microsoft technical support. This has saved me when workign with a goverment service that required recured requests but send unsecured faults back. See here for more information on the hotfix.