I'm looking on this issue for hours. I try to get a WCF service running and now it comes down to a ContractFilter-Mismatch-Error wit the Action "http://tempuri.org/ISystemService/LogIn". Here is the relevant part of the client config:
<bindings>
<netTcpBinding>
<binding name="netTcpBindingConfig_TimeRegistrationSystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="netTcpBindingConfig_SystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.TimeRegistrationSystemService.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_SystemService" contract="SystemService.ISystemService" name="NetTcpBindingBinding_ISystemService" />
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_TimeRegistrationSystemService" contract="TimeRegistrationSystemService.ITimeRegistrationSystemService" name="NetTcpBindingBinding_ITimeRegistrationSystemService" />
</client>
and here the server's config - binding configuration:
<bindings>
<netTcpBinding>
<binding name="netTcpBindingConfig_OtherInterfaceService">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="netTcpBindingConfig_TimeRegistrationSystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="netTcpBindingConfig_SystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
server's config - services:
<service name="MyCompany.Services.EasyLogicInterfaceService" behaviorConfiguration="release">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_EasyLogicInterfaceService" contract="MyCompany.Services.IEasyLogicInterfaceService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.EasyLogicInterfaceService.svc/" />
</baseAddresses>
</host>
</service>
<service name="MyCompany.Services.TimeRegistrationSystemService" behaviorConfiguration="release">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_TimeRegistrationSystemService" contract="MyCompany.Services.ITimeRegistrationSystemService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc/" />
</baseAddresses>
</host>
</service>
<service name="MyCompany.Services.SystemService" behaviorConfiguration="release">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_SystemService" contract="MyCompany.Services.ISystemService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc/" />
</baseAddresses>
</host>
</service>
and the behaviors:
<serviceBehaviors>
<behavior name = "debug">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name = "release">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
I first thought it might be a typo but I don't find it (am I blind?!?). I already updated my service references in the client solution and published both, the server code and the client code, afterwards. And also, I already put all relevant strings in the client config from the server config (binding configuration, endpoint addesses etc.) by copy'n'paste to avoid a typo.
Than I run through a lot of answers here on stackoverflow without finding any solving my problem.
I can run the client and the server code locally without problems. The problems occur only after deployment.
Tracking the call by system.diagnostics doesn't reveal something else than this error message.
Do you see more than I do or do you know any issues wich triggers this errors? When this error comes up, a connection between the client and the server already is succesfully established, right? So it cannot be a problem with Kerberos or something...
I apologize in advance if it turns out that it really is just a typo. But I don't find any...
Best regards!
<client>
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.TimeRegistrationSystemService.svc"... contract="SystemService.ISystemService" name="NetTcpBindingBinding_ISystemService" />
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc"... contract="TimeRegistrationSystemService.ITimeRegistrationSystemService" name="NetTcpBindingBinding_ITimeRegistrationSystemService" />
</client>
The client config endpoints have reverse contract.
As per your service.config, For the TimeRegistrationSystemService.svc the contract should be ITimeRegistrationSystemService and for SystemService.svc the contract should be ISystemService.
Related
Our WCF service is hosted in a Windows Service using net tcp binding with port 8090.
It works well for the most part, but from time to time, client applications fail to connect to the service, even if the service is still running and there are no apparent errors in the event log. The client application will get the following exception while connecting:
The open operation did not complete within the allotted timeout of 00:01:00. The time allotted to this operation may have been a portion of a longer timeout.
The client machine is still able to ping the server.
Restarting the windows service solves the problem, but users don't like it.
Any idea what could be happening here? I've read about the Net TCP Listener service and making sure the server has been patched. But I think that's only for net tcp binding hosted in IIS, and might not be applicable in my case.
Thanks!
Here's the service configuration:
<services>
<service behaviorConfiguration="behavior1" name="Tamer.Service.WcfService">
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint1" contract="Tamer.Service.Library.IFundService" />
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint2" contract="Tamer.Service.Library.IEntitlementService" />
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint3" contract="Tamer.Service.Library.IReferenceDataService" />
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint4" contract="Tamer.Service.Library.ITransactionService" />
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint4" contract="Tamer.Service.Library.IDocumentService" />
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint5" contract="Tamer.Service.Library.IFileStreaming" />
<endpoint binding="netTcpBinding" bindingConfiguration="netTcpLarge" name="endpoint6" contract="Tamer.Service.Library.IReportService" />
<endpoint address="net.tcp://localhost:8091/mex" binding="mexTcpBinding" name="mex" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="behavior1">
<serviceMetadata policyVersion="Policy15" />
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceThrottling maxConcurrentCalls="192" maxConcurrentSessions="192" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="netTcpLarge" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="01:00:00" sendTimeout="01:00:00" maxBufferPoolSize="524288"
maxReceivedMessageSize="2147483647" maxConnections="192" listenBacklog="100">
<!--listenBacklog="100"-->
<readerQuotas maxDepth="32"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="None">
<message clientCredentialType="None"/>
<transport protectionLevel="None" clientCredentialType="None"/>
</security>
<!--reliableSession enabled="false"/-->
</binding>
</netTcpBinding>
</bindings>
I have a WCF client in a VS2012 project that has the configuration:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="myServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpointBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="myServiceBehaviour"
name="xxx.Web.Mvc.Client.Services.MyService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" contract="xxx.Wcf.IMyService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Within IIS 7.5, the service is set to use Windows authentication.
I'm using basicHttpBinding over HTTPS. My requirements are SSL, but I've ended up using Windows authentication to get it to work.
I have a quick and dirty console application with the following config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpoint">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://dev.xxxx.local/xxxx.Web.Mvc.Client/services/MyService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
contract="MyService.IMyService" name="BasicHttpEndpoint" />
</client>
</system.serviceModel>
This works fine, like a dream.
The same configuration (I thought) in a VB application:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpEndpoint" sendTimeout="10:00:00"> <!-- See point 1 below -->
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://xxxx.inter.local/xxxx.Web.Mvc.Client/services/MyService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpoint"
contract="MyService.IMyService" name="BasicHttpEndpoint" />
</client>
Doesn't work, instead I get:
MessageSecurityException: The HTTP request is unauthorized with client
authentication scheme 'Negotiate'. The authentication header received
from the server was 'Negotiate
oXIwcKADCg....igAwIBAaERMA8bDWlvbXZuZWRkZXYwMiQ='.
The service is clearly fine, it's just the client (and specifically the web site client) that is struggling.
Seemingly, the server is rejecting the authorisation from the web site client. The Negotiate response includes the token, I've ommitted for obvious reasons here, but you can see the structure.
How can I get this working? With the only requirement being it needs to be over SSL. I'd prefer to send credentials, but I'm not bothered. I didn't get very far using anonymous, anyway.
Points:
The sendTimeout setting is applied because for some reason when being called remotely from the web site client, execution takes over 1 minute and times out.
by this: http://blogs.msmvps.com/alvin/2008/11/14/net-3-5-sp1-breaking-change-to-wcf/
you may need to add this block to your endpoint-identity node
<servicePrincipalName value=""/>
turning it to:
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpEndpointBinding" name="BasicHttpEndpoint" contract="xxx.Wcf.IMyService">
<identity>
<dns value="localhost" />
<servicePrincipalName value=""/>
</identity>
</endpoint>
I have a SilverLight application that calls WCF service by POST via SSL and sends large request. Everything works OK on a local machine with a self-signed certificate. Moreover, it works on a remote server but only for a small request. When the application make a POST request (using SOAP) for a big scope of data I get a CommunicationException: "The remote server returned an error: NotFound." The same use case on the local machine with absolutely the same web.config file (except of the sql connection string) works without the issue. It seems that the problem in the IIS configuration. I tried to investigate IIS logs but did not find any information about the requests as something before the logging kernel rejected the request. I have read a lot of articles where people propose different settings of the endpoints bindings, tried them but have not achieved success.
My configuration of the services is the next:
<system.web>
<httpRuntime maxRequestLength="2097151"/>
<!--...(other settings) -->
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483647" />
</requestFiltering>
</security>
</system.webServer>
<system.serviceModel>
<services>
<!--... (other services)-->
<service name="SD.Web.Services.ClientUser.UserLayersService">
<endpoint address="soap"
binding="basicHttpBinding"
contract="SD.Web.Services.ClientUser.IUserLayersService" />
<endpoint address="json"
behaviorConfiguration="SD.Web.Services.AspNetAjaxBehavior"
binding="webHttpBinding"
contract="SD.Web.Services.ClientUser.IUserLayersService" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<security mode="Transport" />
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="SD.Web.Services.AspNetAjaxBehavior">
<webHttp defaultBodyStyle="Bare"
defaultOutgoingResponseFormat="Json"
automaticFormatSelectionEnabled="false"
faultExceptionEnabled="true" />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
I found the answer using Fiddler 4. Reader quotas have to be set.
<bindings>
<webHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="Transport" />
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
I hosted a WCF .svc file in IIS 6.0 under a virtual directory secured with https. When requesting the wsdl through my browser I get a http 400 error. Here's a chunk of my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="AuthWorkStation_Extranet.App_Code.AwsService" behaviorConfiguration="ServiceBehavior">
<endpoint name="" address="https://extlpo01.srr.fr/Sphinx/Service.svc" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthWorkStation_Extranet.App_Code.IAwsService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate storeName="Root" findValue="CA_SRR_DISTRIB" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
anyone knows what's wrong with my setup ?
If you just want HTTPS, you need to update your web.config. Change the following:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
To:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Even though anonymous access is enabled on the Virtual Directory of the WCF service and Integrated Authentication is disabled, I still get the error:
The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'Negotiate,NTLM'.
This is what the security definition on client binding configuration looks like:
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="None" negotiateServiceCredential="false" />
</security>
And the endpoint definition:
<endpoint address="https://url.com/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
contract="IService" name="WSHttpBinding_IService">
<identity>
<servicePrincipalName value="spn" />
</identity>
</endpoint>
I've already tried adding:
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
But it doesn't seem to have any effect.
Is there something on IIS that I need to change?
[EDIT]
Service configuration:
<behaviors>
<endpointBehaviors>
<behavior name="defaultBehavior"/>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="metadataSupport">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl=""/>
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="https" port="443" />
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="ServiceLibrary.Service"
behaviorConfiguration="metadataSupport">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="wsSecureBinding"
contract="ServiceLibrary.IService"/>
<endpoint address="mex"
binding="wsHttpBinding"
bindingConfiguration="wsSecureBinding"
name="mexHttps"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsSecureBinding">
<security mode="Transport"/>
</binding>
</wsHttpBinding>
</bindings>
Modify your binding configuration in service to:
<bindings>
<wsHttpBinding>
<binding name="wsSecureBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
It expects Windows credentials by default.