I have developed a sample WCF service and hosted in IIS 8.5, Windows Server 2012 R2. Note that this server is added to F5 load balancing setup (I do not know the details of this setup) and I am supposed to invoke this service using the URL https://loadbalanceddomainname/servicename.svc.
In the IIS, I have made the below configurations:
Created a new website
Created a Self Signed certificate with the subject name "loadbalanceddomainname" and imported to the Personal store.
Bind this certificate to this website on port 443, and host header is set to "loadbalanceddomainname".
With this configuration, when I try to browse the URL https://loadbalanceddomainname/servicename.svc, it gives me a 504 Error (as shown in Fiddler -> "
[Fiddler] ReadResponse() failed: The server did not return a complete
response for this request. Server returned 0 bytes.
")
However, in IIS, if I add one more binding to Port 80 with host header "loadbalanceddomainname", I get the response as shown in the screenshot below.
Though I am able to invoke this service using Https (as shown in address bar) in the browser with the port 80 binding added to IIS, I see that it is getting changed to http as shown in the screenshot below where it says "svcutil.exe http://loadbalanceddomainname/servicename.svc". Why is this https getting changed to http? Why is my service giving 504 error when I remove the Binding at Port 80?
Though I get a response in the browser (with port 80 binding in server), when I try to invoke an operation using a test client (by adding a service reference in Visual Studio and creating a proxy), I get error 404 - no such endpoint exists. The WCF trace log shows the below error as well:
Failed to lookup a channel to receive an incoming message. Either the
endpoint or the SOAP action was not found.
I also have noticed that the certificate I have Bind in IIS is not what I see i the browser, in the above screenshot - when I view the certificate details. Is this a different certificate coming from F5 or somewhere in between?
I think you are dealing with this metadata issue. when client tries to access the service over https, it still gets redirected to http because of soap: address location.
https://blogs.msdn.microsoft.com/dsnotes/2014/10/03/ssl-offloading-in-load-balancer-scenario/
Related
I have a WCF services hosted on IIS on one of our windows 2019 server and it is working properly. Now as per our new architecture we should not expose this service to outside directly. Like if any user tries to hit my WCF service from outside (via internet) it should not directly hit my server to get the response rather the request should first come to DMZ zone windows server and from this DMZ server I need to route to our actual windows server where my wcf service is hosted.
To achieve this I tried with IIS URL Rewrite on my DMZ server. If request comes from outside it will first hit the DMZ server IIS and from there I am using URL rewrite to route the service to my actual server where the services are hosted. But this approach is not working I am getting 404 and 502 errors. Below is the Inbound rule screenshot.
How can I achieve this WCF service routing from one windows server to another windows server?
1)Install Application Request Routing feature.
2)Open iis-> Application Request Routing -> server proxy setting-> enable proxy
3)Add below code in the web.config file:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
4)Open iis, select site(which has public binding)
5)Double click URL Rewrite.
6)Using the “Add Rule(s)…” template that is opened from the right-hand actions pane, create a new Reverse Proxy rule.
7)In reverse proxy template add an internal server or site IP or server name.
You can choose whether to perform SSL Offloading or not. If you leave this checked then all requests to the internal server will be over HTTP regardless of the original web request. This can help with performance and SSL bindings if all requests are within a trusted network. If the network path between the two web servers is not completely trusted and safe then uncheck this.
Next, enable Outbound rules. You can enter your friendly public URL for the outbound rule.
Click ok to save the rule.
You could refer to the below link for more detail:
https://weblogs.asp.net/owscott/creating-a-reverse-proxy-with-url-rewrite-for-iis
WCF using Reverse proxy
I am deploying my asp.net core site on Local IIS and binding is
http//localhsot:{portnumber} but the website is not running and giving me error
HTTP Error 404.4 - Not Found
The resource you are looking for does not have a handler associated with it.
Detailed Error Information:
Module IIS Web Core
Notification MapRequestHandler
Handler Not yet determined
Error Code 0x8007007b
Requested URL http://localhost:9001/
Physical Path D:\Deploy\Stagging - Copy
Logon Method Anonymous
Logon User Anonymous
But when my binding is
https//localhsot:{portnumber}
web site runs fine
why this is happening I don't want to run the site on Https
It seems that there is already a binding rule binding your localhost domain name and HTTP protocol.
If you just installed the IIS service and it will create a default site automaticly and bind your 80 port.
Try removing the default website and try again.
And try not set the HTTP host name of your binding and just leave it empty. When you leave the host name empty it will bind all incomming requests from the port.
The difference between IIS http binding and https binding is that HTTP binding is based on the host header in the HTTP request and the https binding is based on SNI. Now your https binding is working fine so it is possible that your HOST name settings caused this issue.
I have a WCF service that I have set up to be consumed via HTTPS. Unfortunately when my client tries to consume it he immediately gets an error because the referenced schema locations generated in the WSDL are set as HTTP which throws an error when he tries to reference it in a client project. Indeed from his network he cannot get to the XSD via the HTTP URL however, if he pastes the URL into a browser and changes the HTTP to HTTPS then he can see it.
So is there anyway that I can specify the proper generation of the URL, i.e. as HTTPS?
FYI... Our environment does not use SSL or certs, using WAF and a proxy instead.
i have a silverlight app connected to a webservice over https.
The webservice is hosted on mydomain.com (not localhost).
When i run the silverlight, it makes https calls to webservice on mydomain.com, but also tries to access "http://localhost/clientaccesspolicy.xml" and fails obviously. Why is my SL app looking for cal.xml in localhost? why is it not looking for cal.xml in the mydomain.com?
Appreciate your thoughts.
Thanks!
"Before allowing a connection to a network resource, the Silverlight runtime will try to download a security policy file from the domain that hosts the network resource. There are two different methods used to download the security policy that depend on whether the connection request was from a WebClient or HTTP class or whether the connection request was from sockets.
If the connection request was from a WebClient or an HTTP class to a cross-domain site, the Silverlight runtime tries to download the security policy file using the HTTP protocol. The Silverlight runtime first tries to download a Silverlight policy file with a name of "clientaccesspolicy.xml" at the root of the requested target domain using the HTTP protocol.
If the "clientaccesspolicy.xml" is either not found (the web request returns a 404 status code), returned with an unexpected mime-type, is not valid XML, or has an invalid root node, then the Silverlight runtime will issue a request for a for the Flash policy file with a name of "crossdomain.xml" at the root of the requested target domain, using the HTTP protocol."
http://msdn.microsoft.com/en-us/library/cc645032%28VS.95%29.aspx
What does the address look like inside your SL application?
Is the address coming from the ServiceReference.ClientConfig file? If so, make sure that it has a mydomain.com and not a localhost address there.
I have a Self-Hosted (Console App) WCF REST service with the following binding:
WebMessageEncodingBindingElement
HttpsTransportBindingElement (ManualAddressing=true, KeepAliveEnabled=true, AllowCookies=false, HostNameComparisonMode=Exact)
This is exposed over an HTTPS URL ("https://mylaptop/myendpoint")
I have a self-signed certificate issued to "mylaptop" that I assign using myServiceHost.Credentials.ServiceCertificate.SetCertificate. The certificate is added successfully, and the ServiceHost opens successfully (no exceptions). If I type "netsh http show servicestate", I can see that there's a successful registration at https://mylaptop/myendpoint with HTTP.SYS
However, when I issue a GET to the endpoint, it doesn't work. It seems like the socket is dropped even before a valid HTTP response is obtained. (FireFox says "connection to the server was reset", IE says "cannot display the webpage", and if I do the request through Fiddler it says "connection was forcibly closed by the remote host").
Everything works fine when I use HTTP instead of HTTPS.
Any idea what could be going wrong in the HTTPS case?
You probably need to use httpcfg.exe to reserve your endpoint with HTTP.SYS correctly with a configured X.509 certificate for SSL. The steps to get it done are documented here.
Or use HttpCfgGui- a much friendlier interface to setting up the server certs w/ HTTP.SYS. This is a must-install on all my servers that do HTTP w/ WCF.