I am having a very strange issue on my WCF client method.
My client proxy did work quite well with a method:
QuoteResult result = proxy.GetQuote(param);
But after I made some changes to the WCF (Only database access codes), after I updated my client proxy, I have to use code in my client:
GetQuoteRequest request = new GetQuoteRequest(param);
QuoteResultDetail result = proxy.GetQuote(request).GetQuoteResult;
Can anyone tell me what's been changed in WCF service side or what caused this?
Related
I have a WCF service that works perfectly fine unless I attempt to use a proxy in the communication stream such as:
AnonClient anonService = new AnonClient();
var bindHttp = anonService.Endpoint.Binding as BasicHttpBinding;
bindHttp.ProxyAddress = new Uri("http://149.169.227.131:3127");
bindHttp.BypassProxyOnLocal = false;
bindHttp.UseDefaultWebProxy = false;
As soon as the proxy is introduced - and it can be any proxy - IIS immediately rejects the request with a 405 error. There is no authentication occurring at the IIS level - I take of everything in code - anonymous access is enabled - so what is wrong with my IIS configuration?
Just to close this loop, the issue was using an Open Proxy with a WCF service which, by default, emits SOAP. Most open proxies block SOAP and were shutting things down. The solution is actually simple - add JSON attributes on top of the WCF service calls and run over the RESTful interface
I need to call a WCF service programmatically. The service may be hosted with either NTLM or Kerberos authentication and needs to work under either. That is, if connecting to the service via Kerberos fails, then it should fall back to NTLM.
Here's the code I'm using for Kerberos auth (if relevant, the service is hosted in SharePoint 2010 and is being called from a web part):
public static SiteMembershipSvc.SiteMembershipServiceClient InitialiseSiteMembershipService(string url)
{
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
url = url.EndsWith("/") ? url + SiteMembershipAddress : url + "/" + SiteMembershipAddress;
var endpoint = new EndpointAddress(url);
var proxy = new SiteMembershipSvc.SiteMembershipServiceClient(binding, endpoint);
proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
return proxy;
}
Calling a method on the proxy when run in an NTLM environment gives the error:
The HTTP request is unauthorized with
client authentication scheme
'Negotiate'. The authentication header
received from the server was 'NTLM'.
Note: The URL may be in another web application on another server. I can't check what authentication the web part's web app runs under and assume it is the same as where the WCF service is hosted.
How can I (automatically or manually) ensure authentication falls back from Kerberos back to NTLM on failure?
Update:
As mentioned, the authentication error occurs when a web method is called. However I don't want to wait that long as there are several web methods in the service called from several places. I'd like to test the authentication at the point where the proxy is configured (in the code snippet above).
I've tried using proxy.Open() but that doesn't seem to cause the failure.
This is a bit off a curveball, but why is it falling back to NTLM. I've had significant difficulty with security in active directory and WCF all related to service principal names (SPNs).
Kerberos will fail if you are running the service as something other than Network Service unless you have an SPN declared in the domain for your service. To set the SPN you need the windows server administrative kit, which has the command setspn.
setspn -A HTTP\machinename domain\service_account
This will then allow Kerberos to share client credentials to your service within the domain.
Please do some reading, as you could break kerberos for any other services running on the same box depending on your setup.
(I recognize the original post is very old.)
Can you use something other than BasicHttpBinding (like WsHttpBinding)? According to this article, BasicHttpBinding is the one exception to the binding objects, in that it does not automatically negotiate. This is why allowNTLM has no effect.
I had the same error msg which I posted about here and solved it by creating a dynamic endpoint like so:
public static SiteMembershipSvc.SiteMembershipServiceClient InitialiseSiteMembershipService(string url)
{
//create endpoint
EndpointAddress ep = new EndpointAddress(new Uri(string), EndpointIdentity.CreateUpnIdentity("MyDomain\WCFRunAsUser"));
//create proxy with new endpoint
SiteMembershipSvc.SiteMembershipServiceClient service = new SiteMembershipSvc.SiteMembershipServiceClient("wsHttp", ep);
//allow client to impersonate user
service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
//return our shiny new service
return service;
}
I was running the WCF service as a specific Active Directory user rather than the default NETWORK_SERVICE.
Try setting:
proxy.ClientCredentials.Windows.AllowNTLM = true;
According to this, AllowNTLM is now obsolete - i'm not sure what the correct alternative is.
I guess you are using the full dns name of the server as the address of the service. Try using the NETBIOS name or the IP address. That should force it to use NTLM.
If you know what protocol the server is using you can configure your app to use either the full name or the ip.
Hope that works for you.
If your Kerberos fail it will automatically default to NTLM, you don't have to do anything special.
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part1.html
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part2.html
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part3.html
I haven't been able to find a way to do this automatically. Instead I've added UI to the application where the type of authentication must be chosen.
I want to send a GET web Request to a WCF service:
for example to:
http://TheirServerIP:PortNumber/TheirService/TheirServiceName.svc?op=theirWCFmethod
i want to write a C# code in my page (web aplication) that send HTTP GET request to their service (without WCF Client)
can i do that ?
To create a WCF service that responds to HTTP GET or HTTP POST requests
http://msdn.microsoft.com/en-us/library/bb628610.aspx
Well, in that case, you need to create a WCF REST service, one that can be called from any language using any HTTP stack and no need for any WCF specifics.
Check out the WCF REST developer center for lots of great info on WCF REST services.
Basically, what it boils down to is
using the WebHttpBinding on your server side
defining a URL pattern to handle requests and their parameters
For the client part of this, use the answer Ladislav provided - just new up a HttpRequest object and make a HTTP GET request to a valid URL - that's all there is, really.
The basic approach to call HTTP resource is:
var request = HttpWebRequest.Create("YourURL");
request.Method = "GET";
var response = request.GetResponse();
...
I am working on an application where i am using a wcf service. I am currently hosting my service on localhost and accessing it from there only by adding the service reference in my project. On one of my page i am sending request on change of selected index on dropdown list. It works fine for first few requests but suddenly stops after that giving following excsption
"Failed to invoke the service. Possible causes: The service is offline or inaccessible; the client-side configuration does not match the proxy; the existing proxy is invalid. Refer to the stack trace for more detail. You can try to recover by starting a new proxy, restoring to default configuration, or refreshing the service."
How can service stop without any reason and that too from my localhost. It only works for first 3-4 requests. In service i am just sending a integer and getting back the records on its basis using a class in a generic list.
Thanks in advance
What protocol / bindings are you using? Can you show us the config? Anything inside the <system.serviceModel> on both the server and the client side.
Do you maybe create a client proxy and call the service method and not properly close and dispose of the client proxy? In that case, you might run out of connections at some point - but that's next to impossible to tell without some code to see what you're doing. Can you show us the service contract in question, and the code how you call it from the client side?
I have a WCF service ( Let's say WCFService1 ) is deployed on two remote machines. Since the same service is deployed on two different machines they have common interface and common methods exposed.
WCFService1 is deployed on Machine1 and Machine2.
To consume WCF service from client machine, I have created a client app:
I have added a design time reference of WCF service (WCFService1 )( with the help of URL http://11.12.25.23/WCFService/Service1.svc).
Now I can invoke the methods exposed in the service. Up until now its fine...
Now my question is If I have to update client at run time with same service hosted in different machine with different URL ( Let's say http://12.12.24.24/WCFService/Service1.svc), How can I do that?
At present I am doing this:
BasicHttpBinding binding = new BasicHttpBinding();
EndpointAddress address = new EndpointAddress("http://12.12.24.24/WCFService/Service1.svc");
MyServiceClient serviceClient = new MyServiceClient(binding, address);
but whenever I use to invoke the method exposed in the service I got binding mis match error.
Have you tried invoking your client first?
eg:
MyWCFClient client = new MyWCFClient();
client.EndPoint.Address = new EndpointAddress("http://somewhere:888/here.svc");
I'd suspect, that if you look in your web.config file on Machine1, you'll see that the binding there is WSHttpBinding (or something different than BasicHttpBinding). If you change it to BasicHttpBinding (assuming that is what you really want), you'll remove this error.
How is your service configured? Show us your server-side and client-side config!
Binding mismatch means you're either not using the same binding, or some vital parameter on the binding is different - there must be something configured wrong - so show us the config!
Marc