I had created WCF services which host sub.xyz.com and I can access it from abc.xyz.com as well sub.xyz.com successfully.
While I can't access WCF services through Phonegap Application.
It shows me error "No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://sub.xyz.com' (Check in Ripple Emulator) is therefore not allowed access. The response had HTTP status code 503."
I had also put support.cors=true; but can't able to connect with WCF service.
$(document).bind("mobileinit", function () {
$.support.cors = true;
});
Related
In Akana API Gateway, I am trying to setup a Proxy API for invoking SOAP service which is Secured(BASIC Authentication). When I tried to invoke the Proxy API from Test Client, it is not invoking the Target service.
It is showing the 503 service unavailable Error. However, It is working fine when I invoke the target service from SOAP UI.(I passed BASIC Authentication credential in SOAP UI)
I even tried, invoking the Proxy API from SOAP UI and passed the BASIC Authentication credential. Still I get the same error. ie., 503 service unavailable Error
Here is the error details
Cause: Binding component error encountered. HTTP Error [503:Service Unavailable] when accessing the URI [http://url]
Could any one please help.
I managed to resolve this issue.
It was due to the incorrect Protocol. The WSDL URL is HTTPS. After importing the WSDL, the auto generated operation endpoint has HTTP.
After modifying the endpoint URL manually from HTTP to HTTPs, it worked.
I'm writing an UWP app in C#, and I'm trying to have it consume data from a (pre-existing) WCF service. I can't find any information online on the subject. Here is what my code looks like (WCF service is Serv, service namespace is Ns):
var config = Ns.ServClient.EndpointConfiguration.BasicHttpBinding_IServ;
var client = new Ns.ServClient(config);
var result = client.TestCall();
I get the following exception, which I don't understand how to parse:
Exception thrown:
'System.ServiceModel.Security.MessageSecurityException' in
mscorlib.ni.dll
Additional information: The HTTP request is unauthorized with client
authentication scheme 'Negotiate'. The authentication header received
from the server was 'Negotiate, NTLM'.
What does this error message mean? And how do I successfully authenticate with the WCF service?
Bonus question: what is the ServiceReferences.Designer.ClientConfig file? How do I use it?
I opened the Package.appxmanifest file and added the Enterprise Authentication and Private Networks (Client & Server) capabilities. This fixed the issue.
I have two separate projects
MVC Web App
MVC Web API
I have published both on my IIS 7.5
My Web App is hosted on 7172 port
and Web API is hosted on 7171 port
Strangely iam not able to call jquery.ajax() from my web app (7172) to web api (7171) port. It gives me 405 Method not found error code.
But if i write the same jquery.ajax() in my web api project (7171) and call web api method then it work fine and returns data.
I want to call web api from my web app.
Any suggestion would be appreciated.
Thanks in advance.
This has to do with the Same Origin Policy. By default, you can't execute an AJAX call to another domain (both on name, port and protocol).
If you want to enable this you should use Cross-origin resource sharing (CORS). CORS can be used with Web API by installing a (prerelase) NuGet package: Microsoft ASP.NET Web API Cross-Origin Support
This package allows you to configure which domains can call your service. You can find a walk trough here Enabling Cross-Origin Requests in ASP.NET Web API. In essence it comes down to adding attributes to your controllers like this:
[EnableCors(origins: "http://myclient.azurewebsites.net", headers: "*", methods: "*")]
You're running into the same-origin/cross-domain security policy. The port used is part of the origin calculation. A bit of Javascript loaded from (say) localhost:80 cannot make an AJAX request to localhost:8080, because the port numbers don't match. The 405 error you're getting is almost certainly coming from your Web App, not the API - check the server logs for the app, and you'll see the ajax hit in there.
I currently have a JAX-WS Web Service that receives some credentials in the HTTP header. These are used for BASIC authentication.
There is a filter that performs authentication by reading the HTTP headers and checking against the database.
Still, I need the username from within the Web Service in order to perform other service logic related stuff. Is there a way of accessing the HTTP headers from within the Web Service?
Thanks.
The WebServiceContext object does the work for me. It ca be easily injected in my web services as a Resource:
#Resource
private WebServiceContext context;
I need to call a WCF service programmatically. The service may be hosted with either NTLM or Kerberos authentication and needs to work under either. That is, if connecting to the service via Kerberos fails, then it should fall back to NTLM.
Here's the code I'm using for Kerberos auth (if relevant, the service is hosted in SharePoint 2010 and is being called from a web part):
public static SiteMembershipSvc.SiteMembershipServiceClient InitialiseSiteMembershipService(string url)
{
var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
url = url.EndsWith("/") ? url + SiteMembershipAddress : url + "/" + SiteMembershipAddress;
var endpoint = new EndpointAddress(url);
var proxy = new SiteMembershipSvc.SiteMembershipServiceClient(binding, endpoint);
proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
return proxy;
}
Calling a method on the proxy when run in an NTLM environment gives the error:
The HTTP request is unauthorized with
client authentication scheme
'Negotiate'. The authentication header
received from the server was 'NTLM'.
Note: The URL may be in another web application on another server. I can't check what authentication the web part's web app runs under and assume it is the same as where the WCF service is hosted.
How can I (automatically or manually) ensure authentication falls back from Kerberos back to NTLM on failure?
Update:
As mentioned, the authentication error occurs when a web method is called. However I don't want to wait that long as there are several web methods in the service called from several places. I'd like to test the authentication at the point where the proxy is configured (in the code snippet above).
I've tried using proxy.Open() but that doesn't seem to cause the failure.
This is a bit off a curveball, but why is it falling back to NTLM. I've had significant difficulty with security in active directory and WCF all related to service principal names (SPNs).
Kerberos will fail if you are running the service as something other than Network Service unless you have an SPN declared in the domain for your service. To set the SPN you need the windows server administrative kit, which has the command setspn.
setspn -A HTTP\machinename domain\service_account
This will then allow Kerberos to share client credentials to your service within the domain.
Please do some reading, as you could break kerberos for any other services running on the same box depending on your setup.
(I recognize the original post is very old.)
Can you use something other than BasicHttpBinding (like WsHttpBinding)? According to this article, BasicHttpBinding is the one exception to the binding objects, in that it does not automatically negotiate. This is why allowNTLM has no effect.
I had the same error msg which I posted about here and solved it by creating a dynamic endpoint like so:
public static SiteMembershipSvc.SiteMembershipServiceClient InitialiseSiteMembershipService(string url)
{
//create endpoint
EndpointAddress ep = new EndpointAddress(new Uri(string), EndpointIdentity.CreateUpnIdentity("MyDomain\WCFRunAsUser"));
//create proxy with new endpoint
SiteMembershipSvc.SiteMembershipServiceClient service = new SiteMembershipSvc.SiteMembershipServiceClient("wsHttp", ep);
//allow client to impersonate user
service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
//return our shiny new service
return service;
}
I was running the WCF service as a specific Active Directory user rather than the default NETWORK_SERVICE.
Try setting:
proxy.ClientCredentials.Windows.AllowNTLM = true;
According to this, AllowNTLM is now obsolete - i'm not sure what the correct alternative is.
I guess you are using the full dns name of the server as the address of the service. Try using the NETBIOS name or the IP address. That should force it to use NTLM.
If you know what protocol the server is using you can configure your app to use either the full name or the ip.
Hope that works for you.
If your Kerberos fail it will automatically default to NTLM, you don't have to do anything special.
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part1.html
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part2.html
http://www.windowsecurity.com/articles/Troubleshooting-Kerberos-SharePoint-environment-Part3.html
I haven't been able to find a way to do this automatically. Instead I've added UI to the application where the type of authentication must be chosen.