We have to consume a service from an external party and we were having issues because the BinarySecurityToken was not being signed in the SOAP message.
We found several online references that finally helped us and it all comes down to the fact that we have to create a custom binding where we prevent the inclusion of both the InitiatorToken and RecipientToken and add a new EndpointSupportingToken:
bindingElement.InitiatorTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
bindingElement.RecipientTokenParameters = new X509SecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never };
bindingElement.EndpointSupportingTokenParameters.Signed.Add(new X509SecurityTokenParameters());
Here is the configuration for the custom binding:
<customBinding>
<binding name="SecuredSadmiBinding" sendTimeout="00:02:00" receiveTimeout="00:02:00">
<textMessageEncoding messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647"
maxStringContentLength="2147483647"/>
</textMessageEncoding>
<security authenticationMode="MutualCertificateDuplex"
enableUnsecuredResponse="true"
securityHeaderLayout="LaxTimestampLast"
messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12"
includeTimestamp="true"
defaultAlgorithmSuite="Basic128Rsa15"
messageProtectionOrder="SignBeforeEncrypt"
requireDerivedKeys="false"
requireSignatureConfirmation="false">
<localClientSettings timestampValidityDuration="00:01:00" />
<secureConversationBootstrap />
</security>
<httpsTransport maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647"
requireClientCertificate="false" />
</binding>
</customBinding>
Our question is whether or not setting the inclusion mode to never for the InitiatorToken and RecipientToken is possible by configuration rather than by code. The same question for the EndpointSupportingToken.
Related
I have a WCF Service with multiple endpoints one is netmsmqbinding and other is webhttpbinding,when i tried to browse the service i am receiving following error "Contract requires TwoWay (either request-reply or duplex), but Binding 'NetMsmqBinding' doesn't support it or isn't configured properly to support it." i had added [OperationContract(IsOneWay = true)]
void myMethod(YourClass objectHere) to my netmsmq method and second method [OperationContract()] void mymethod() still getting the same error.
Below are my end points
please let me know if i am missing something.
<service behaviorConfiguration="UpdateShipmentStatus" name="mydomian.UpdateShipmentStatus">
<endpoint name="webHttpBinding" address="" behaviorConfiguration="webHttp" binding="webHttpBinding" bindingConfiguration="UpdateShipmentStatus" contract="mydomian.IUpdateShipmentStatus"></endpoint>
<endpoint address="net.msmq://localhost/private/UpdateShipmentStatus.svc" binding="netMsmqBinding" bindingConfiguration="NetMsmqBinding_IUpdateShipmentStatus" contract="mydomian.IUpdateShipmentStatus"/>
<endpoint name="mexHttpBinding" address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
<host>
<baseAddresses>
<add baseAddress="http://mydomian.com/xyz/UpdateShipmentStatus.svc" />
<add baseAddress="net.msmq://localhost/private/UpdateShipmentStatus.svc" />
</baseAddresses>
</host>
</service>
bindings
<binding name="NetMsmqBinding_IUpdateShipmentStatus" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" deadLetterQueue="System" durable="true" exactlyOnce="false" maxReceivedMessageSize="65536" maxRetryCycles="2" receiveErrorHandling="Fault" receiveRetryCount="5" retryCycleDelay="00:30:00" timeToLive="1.00:00:00" useSourceJournal="false" useMsmqTracing="false" queueTransferProtocol="Native" maxBufferPoolSize="524288" useActiveDirectory="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport msmqAuthenticationMode="WindowsDomain" msmqEncryptionAlgorithm="RC4Stream" msmqProtectionLevel="Sign" msmqSecureHashAlgorithm="Sha1" />
<message clientCredentialType="Windows" />
</security>
</binding>
<binding name="UpdateShipmentStatus" closeTimeout="10:00:00" openTimeout="10:00:00" receiveTimeout="10:00:00" sendTimeout="10:00:00" maxBufferSize="2147483647" maxBufferPoolSize="9223372036854775807" maxReceivedMessageSize="9223372036854775807" transferMode="Streamed">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None" />
</binding>
binding for MSMQ:
<binding name="NetMsmqBinding_IUpdateShipmentStatus" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" >
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <security mode="None">
<transport msmqAuthenticationMode="WindowsDomain" msmqEncryptionAlgorithm="RC4Stream" msmqProtectionLevel="Sign" msmqSecureHashAlgorithm="Sha1" />
<message clientCredentialType="Windows" /> </security> </binding>
I have looked at most of the questions that relate to this issue and none of the solutions are working. The binds that I have are listed below...
Server
<basicHttpBinding>
<binding name="UploadSoap" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport"></security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="UploadSoapWeb" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</webHttpBinding>
<client>
<endpoint address="https:.../upload.asmx" binding="webHttpBinding" bindingConfiguration="UploadSoapWeb" contract="Upload.UploadSoap" name="UploadSoap" />
</client>
Client
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_service" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://.../service.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_service"
contract="HH.service" name="BasicHttpBinding_service" />
</client>
I have tried both the basic binding and the web binding but I'm still receiving the error message.
Thanks
You haven't set an explicit binding for your service so it will default to basicHttpBinding with default configuration values. The default value for maxReceivedMessageSize will be 64KB.
Keep in mind that maxReceivedMessageSize is only applicable for the message receiver and not the message sender. The client does not need to set these values if it is sending a large message.
Update your server side binding to the following:
<basicHttpBinding>
<!-- Unnamed (default) binding-->
<binding maxBufferPoolSize="2147483647"
maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647"
messageEncoding="Text" /> <!-- Consider using Mtom if you're transfering binary data-->
<binding name="UploadSoap">
<security mode="Transport"></security>
</binding>
</basicHttpBinding>
<client>
<endpoint address="https:.../upload.asmx"
binding="basicHttpBinding"
bindingConfiguration="UploadSoap"
contract="Upload.UploadSoap" name="UploadSoap" />
</client>
The unnamed binding will provide the default values for any endpoint, server or client, using the basicHttpBinding without a bindingConfiguration.
I've assumed that your clients are not receiving a large message in response.
If you're receiving the 413 error from the service, then the problem appears to be that your service config does not have any explicitly defined service endpoints, so the binding configuration that you've created isn't being used.
You need to add a <services> section to your service config, like this:
<services>
<service name="YourServiceName">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="UploadSoap"
contract="YourContractName" />
</service>
</services>
As currently posted, there is nothing that tells WCF to use your defined binding configuration for the service, so by default out of the box WCF will use basicHttpBinding with the default (lower) values.
A second way to resolve this issue is to define a binding configuration and set it as the default for that type of binding by omitting the name attribute, like this:
<binding maxBufferPoolSize="2147483647"
maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647"
messageEncoding="Text">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport"></security>
</binding>
I generally prefer the first method (setting an explicit service endpoint), but either should work.
I've just increased the number of methods in my ServiceContract. when I update the Service Reference in Visual Studio I get the message:
Metadata contains a reference that cannot be resolved:
'net.tcp://xxxxx.com:8002/DataQueryService/mex'.
There is an error in the XML document.
The maximum nametable character
count quota (16384) has been exceeded while reading XML data. The
nametable is a data structure used to store strings encountered during
XML processing - long XML documents with non-repeating element names,
attribute names and attribute values may trigger this quota. This
quota may be increased by changing the MaxNameTableCharCount property
on the XmlDictionaryReaderQuotas object used when creating the XML
reader.
The original server side config was:
<services>
<service behaviorConfiguration="XXXXX.DataQueryService.ServiceBehavior" name="XXXXX.DataQueryService.QueryService">
<host>
<baseAddresses>
<add baseAddress="net.tcp://xxxxx.com:8002/DataQueryService" />
</baseAddresses>
</host>
<endpoint name="MexEndpoint" address="mex" binding="customBinding" bindingConfiguration="unsecureTcpMex" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<customBinding>
<binding name="unsecureTcpMex">
<tcpTransport portSharingEnabled="True" />
</binding>
</customBinding>
</bindings>
which I modified to:
<bindings>
<customBinding>
<binding name="unsecureTcpMex">
<textMessageEncoding>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</textMessageEncoding>
<tcpTransport portSharingEnabled="True" maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
</bindings>
What other changes do I need to make to my config to get this working?
Update
Following #Chris's advice I tried updating the config file for SVCUtil. I added a name to my endpoint so that it would match (updated above). The SvcUtil.config is now as follows:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="unsecureTcpMex">
<textMessageEncoding>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</textMessageEncoding>
<httpTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint binding="customBinding" bindingConfiguration="unsecureTcpMex"
contract="IMetadataExchange"
name="MexEndpoint" />
</client>
</system.serviceModel>
</configuration>
<binding name="NameSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" messageEncoding="Text">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="1638400" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
Take a look to this line: maxNameTableCharCount="1638400"
I don't suppose its practical to split up the operations into multiple contracts? Mind if I ask how many service operations we're talking about?
Have you tried the solutions in this post?
http://social.msdn.microsoft.com/Forums/vstudio/en-US/17592561-c470-452a-a52c-2a5a2839582c/metadataexchangeclient-and-nametable-character-count-quota
Among other suggestions are using the Discovery protocol to read metadata, which does not have any reader quotas:
http://msdn2.microsoft.com/en-us/library/system.web.services.discovery.discoveryclientprotocol.aspx
The solution at the bottom suggests you change the default reader quotas in code before starting the service. I believe this would have to be done in a custom ServiceHost factory. Please let me know if you would assistance with that.
Hope this helps.
This should help:
http://geekswithblogs.net/claraoscura/archive/2007/08/20/114806.aspx
appears that the solution is to create a config file for svcutil and place it in the same folder as it.
Try setting the new value for the MaxNameTableCharCount property programmatically:
Binding binding = endpoint.Binding;
XmlDictionaryReaderQuotas myReaderQuotas = new XmlDictionaryReaderQuotas();
myReaderQuotas.MaxStringContentLength = something;
myReaderQuotas.MaxArrayLength = something;
myReaderQuotas.MaxBytesPerRead = something;
myReaderQuotas.MaxDepth = something;
myReaderQuotas.MaxNameTableCharCount = something;
binding.GetType().GetProperty("ReaderQuotas").SetValue(binding, myReaderQuotas, null);
Note: you have to set it BEFORE the client proxy and/or service host are created. Once created, they can't be changed.
I want to increase the MaxClockSkew of my binding but I don't know how can I convert my binding to a custom binding to add the MaxClockSkew element.
I really appreciate if anyone could help me converting this.
<wsHttpBinding>
<binding name="MyBinding" maxReceivedMessageSize="102400">
<readerQuotas maxArrayLength="51200" maxStringContentLength="102400" maxNameTableCharCount="2147483647" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
Thanks
Use the online WCF Binding Converter
Try this:
<customBinding>
<binding name="NewBinding0">
<security authenticationMode="UserNameOverTransport" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
<textMessageEncoding />
<httpsTransport maxBufferSize="102400" maxReceivedMessageSize="102400" />
</binding>
</customBinding>
I have a wcf service that needs to implement callbacks and be hosted on IIS 6.0. Since IIS 6.0 doesn't support the net.tcp binding, I decided to use a custom binding because the service is accessed by different clients in different timezones and, using custom binding, I can set the allowed clock skew time to values other than the default one.
Here is my server config file:
<bindings>
<customBinding>
<binding name="pscNetBinding" openTimeout="00:10:00">
<reliableSession acknowledgementInterval="00:00:00.2000000"
flowControlEnabled="true" inactivityTimeout="23:59:59"
maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128"
ordered="true" />
<compositeDuplex />
<oneWay maxAcceptedChannels="128" packetRoutable="false">
<channelPoolSettings idleTimeout="00:10:00"
leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" />
</oneWay>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Default" writeEncoding="utf-8">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</textMessageEncoding>
<httpTransport manualAddressing="false"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="2147483647"
proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered"
unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/>
</binding>
</customBinding>
</bindings>
<services>
<service name="SchneiderElectric.PSCNet.Server.Services.PSCNetWCFService" behaviorConfiguration="Behaviors1">
<host>
<baseAddresses>
<add baseAddress ="http://10.155.18.18:2000/PSCNet"/>
</baseAddresses>
</host>
<endpoint address="" binding="customBinding" bindingConfiguration="pscNetBinding"
contract="SchneiderElectric.PSCNet.Server.Contracts.IPSCNetWCFService"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Behaviors1">
<serviceMetadata httpGetEnabled = "true"/>
<!--<serviceThrottling maxConcurrentCalls="2048" maxConcurrentSessions="2048" maxConcurrentInstances="2048" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />-->
</behavior>
</serviceBehaviors>
</behaviors>
Client config file:
<bindings>
<customBinding>
<binding name="pscNetBinding" openTimeout="00:10:00">
<reliableSession acknowledgementInterval="00:00:00.2000000"
flowControlEnabled="true" inactivityTimeout="23:59:59"
maxPendingChannels="128" maxRetryCount="8" maxTransferWindowSize="128"
ordered="true" />
<compositeDuplex />
<oneWay maxAcceptedChannels="128" packetRoutable="false">
<channelPoolSettings idleTimeout="00:10:00"
leaseTimeout="00:10:00" maxOutboundChannelsPerEndpoint="10" />
</oneWay>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Default" writeEncoding="utf-8" >
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</textMessageEncoding >
<httpTransport manualAddressing="false"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="2147483647"
proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered"
unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://10.155.18.18:2000/PSCNet" binding="customBinding"
bindingConfiguration="pscNetBinding" contract="PSCNetWCFService.IPSCNetWCFService"
name="pscNetBinding" />
</client>
If I use the server and client on the same machine, everything works fine. If I run them on different machines, I get the following error:
Could not connect to
http://10.155.18.198:9000/e60ba5b3-f979-4922-b9f8-c820caaa04c2. TCP
error code 10060: A connection attempt failed because the connected
party did not properly respond after a period of time, or established
connection failed because connected host has failed to respond
10.155.18.198:9000.
Can anyone in the community help me in this regard?
Can you show the part of the config where you're defining the customBinding? Maybe you just didn't paste that part in, but when you define a custom binding, you have to specify an encoding and a transport at minimum - something like this:
<bindings>
<customBinding>
<binding name="MyCustomTextTcpBinding">
<textMessageEncoding />
<tcpTransport />
</binding>
</customBinding>
</bindings>
Can you also paste in the part where you're defining your "pscNetBinding" bindingConfiguration?
Windows service is undoubtely a nice solution but i think a better would be a self hosting
and you could have anytype of binding on it.