Moving WCF service to IIS6 with SSL enabled - wcf

I ran my WCF service on the server without SSL enabled and now I moved it to one with SSL enabled and I am getting the following error:
Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].
Below are my settings:
<bindings>
<basicHttpBinding>
<binding name="basicHTTP">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows">
</transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="basicBehavior" name="ProjectName.MyService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHTTP" contract="ProjectName.IMyService"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="basicBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
How can I fix this error?

You need to define a binding for basicHttps. This is a very simple settings that works for SSL:
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="BasicHttpBinding_IMyService" />
</basicHttpsBinding>
</bindings>
<client>
<endpoint
name="BasicHttpBinding_IMyService"
address="https://MyURL/MyService.svc/soap/"
binding="basicHttpsBinding"
bindingConfiguration="BasicHttpBinding_IMyService"
contract="ClientServiceReference.IMyService" />
</client>
</system.serviceModel>
Note: The endpoint needs to be defined and its URL is https.
Also, make sure that in production environment, you are not sending the exception details back to the caller (that would be considered a security hole in your system because exceptions can reveal too much information to hackers). You must change this line:
<serviceDebug includeExceptionDetailInFaults="false"/>

Fixed the issue by specifying security mode as Transport and using webHttpBinding

Related

WCF in windows phone security transport

WP supports only basicHttpBinding. My app sends sensitive data through WCF and store them in DB. Data are sent as plain text and this is inacceptable. I found some solutions but it isn't working. I've set securityMode to Transport but I've got exception. Here is my web.config file:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="baseBinding" >
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="serviceBehavior" name="TestWCF.WcfNotificationService.WcfNotificationService">
<endpoint address="base" binding="basicHttpBinding" bindingConfiguration="baseBinding"
contract="TestWCF.WcfNotificationService.IWcfNotificationService" />
<host>
<timeouts openTimeout="00:05:00" />
</host>
</service>
</services>
when I update service reference in client I get error:
Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].
Could you help me, what I have to do?
Thanks

Accessing WCF service on AppHarbor via https

I'm trying to secure my WCF service using transport security model. I've successfully deployed my service to AppHarbor. But I'm getting the following exception when I try to access service page:
[InvalidOperationException: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].] ...
I haven't uploaded any certificates, just using piggyback SSL there. I've downloaded the build and deployed it on my machine. It works fine.
Here is my system.serviceModel section of web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<host>
<baseAddresses>
<add baseAddress="https://auth.apphb.com/AuthService.svc" />
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthService.IAuthService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I've already tried this Hosting a WCF Web API app on AppHarbor?
Can somebody please explain me what I'm doing wrong?
This issue frequently appear when you communicate with the wcf web service thru the LB (AppHarbor one of the example of it).
You should know several things about such kind of communications.
1) Communication between yours client application and LB is secured (https is in use). So you should leverage security binding on the client side.
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
2) Communication between LB and web-front uses http, so server binding should be basicHttpBinding without extra configuration.
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
Summarizing all that stuff we have
Client
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://auth.apphb.com/AuthService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IAuthService"
contract="AuthService.IAuthService" name="BasicHttpBinding_IAuthService" />
</client>
</system.serviceModel>
</configuration>
Server
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" />
</protocolMapping>
<bindings>
<basicHttpBinding/>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Your approach is not going to work right off the bat. This is because SSL is terminated at the load balancers and the app servers see http traffic. You can read more about AppHarbor load balancers here.
You might be able to fool WCF with this module.
There are also some hints in this discussion: http://support.appharbor.com/discussions/problems/829-transportwithmessagecredential-https-ssl

IIS hosted WCF service with digest authentification

I want to create a WCF service hosted in IIS 7.5 and I want to use digest authentification over http.
I have setup digest on virtual directory but when I try to access the service I always get error:
this service require 'Anonymous' Authentication but it is not enabled
for the IIS application that hosts this service
This is my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_IServisTest">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Digest"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="ServisService.ServisTest"
behaviorConfiguration="ServisService.ServisTestBehavior">
<endpoint
address=""
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IServisTest"
contract="ServisService.IServistest" >
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServisService.ServisTestBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I'm using http not https.
For this I guess Security Mode should be transport
<security mode="Transport">
This post might help you.

Both http and https for one service

I'm tackling with an issue but couldn't sort out it.
I have one service which is worked inside asp.net 4.0 app.
The site is available both over http and https.
Issue is that the service with below provided config snipped can work either over http or over https.
What is wrong in my config?
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="HMS.DataServices.PaymentsServiceBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="HMS.DataServices.PaymentsServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="HMS.DataServices.PaymentsService">
<!--HTTP-->
<endpoint address="" binding="webHttpBinding" contract="HMS.DataServices.IPaymentsService"
behaviorConfiguration="HMS.DataServices.PaymentsServiceBehavior" />
<!--HTTPS-->
<endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttpsBinding"
contract="HMS.DataServices.IPaymentsService" behaviorConfiguration="HMS.DataServices.PaymentsServiceBehavior" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
this config works over https but not nttp
In the windows log I see next error
The exception message is: Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]..
Thanks in advance!

Setting Max Message and buffer size for WCF webhttp

I currently have a WCF service with webHttp bindings, im attempting to increase the max size that can be inputted to the service by overriding the default settings in config, i have tried doing something like
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttp" >
<security mode="Transport">
<transport clientCredentialType =
"None"
proxyCredentialType="None"
realm="string" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="PrimeStreamInfoServices.Service1" behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="webHttpBinding" contract="PrimeStreamInfoServices.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrimeStreamInfoServices.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics>
and setting various other properties pertaining to message size but none seems to be working, can one even change the m essage size of a webHttp binding?
Any suggestions? Thanks!
There's a multitude of settings that might have an influence depending on your settings - try this:
<bindings>
<webHttpBinding>
<binding name="LargeWeb"
maxBufferPoolSize="1500000"
maxReceivedMessageSize="1500000"
maxBufferSize="1500000">
<readerQuotas
maxArrayLength="656000"
maxBytesPerRead="656000"
maxDepth="32"
maxNameTableCharCount="656000"
maxStringContentLength="656000"
/>
</binding>
</webHttpBinding>
</bindings>
By defining your "version" of the webHttpBinding and setting all those parameters to higher values, you should be able to get through any message size (almost).
Mind you: this does open up your system to the potential of being flooded with huge messages and thus be brought down to its knees (classic denial-of-service attacks) - that's the reason these limits are set fairly low - by design and on purpose.
You can change them to higher values - just be aware what you're doing and what the security risks are, if you do!
Marc
PS: In order to make use of these settings, you of course have to reference that binding configuration in your server and client side configs:
<client>
<endpoint address="http://localhost"
binding="webHttpBinding" bindingConfiguration="LargeWeb"
contract="IMyService" />
</client>
<services>
<service>
<endpoint address="http://localhost"
binding="webHttpBinding" bindingConfiguration="LargeWeb"
contract="IMyService" />
</service>
</services>
Setting Max Message and buffer size for WCF Rest services webhttpbinding
<bindings>
<webHttpBinding>
<binding maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="200" maxStringContentLength="83886089" maxArrayLength="163841" maxBytesPerRead="2147483647" maxNameTableCharCount="16384"/>
</binding>
</webHttpBinding>
</bindings>
If you are using [DataContract] decorator in your model, you need to add yhe dataContractSerializer into your web.config
Example:
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="false" httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>