Not able to access the methods from secure wcf rest service - wcf

I have a running wcf rest service hosted on IIS. I have successfully added the .x509 certificates to the client and the server and it works fine.As it is a secure service it is accessed using https The problem I am facing is that I am not able to access any of the methods from the service it keeps throwing 404 error however when I browse the service from IIS using https link it open the WSDL fine but throws 404 error while accessing any of the methods.
Here is my Interface implementation of a method from the service.
[ServiceContract]
public interface IRestDemo
{
[OperationContract]
[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Xml, BodyStyle = WebMessageBodyStyle.Bare, UriTemplate = "/DoWork/{name}")]
string DoWork(string name);
}
Here is my configuration file:
<system.serviceModel>
<services>
<service name="RestDemo.RestDemo" behaviorConfiguration="serviceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost/RestDemo/RestDemo.svc" />
</baseAddresses>
</host>
<endpoint address="" binding="webHttpBinding" contract="RestDemo.IRestDemo" behaviorConfiguration="web">
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="RestDemo.IRestDemo" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="web" crossDomainScriptAccessEnabled="true">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<!--<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"
trustedStoreLocation="LocalMachine" />
</clientCertificate>
<serviceCertificate findValue="ServerCertificate"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>-->
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" httpsGetUrl="/RestDemo.svc" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<standardEndpoints>
<webScriptEndpoint>
<standardEndpoint
crossDomainScriptAccessEnabled="true">
</standardEndpoint>
</webScriptEndpoint>
</standardEndpoints>
</system.serviceModel>
Any suggestions would be really appreciated.

Related

WCF Ws-Seciurity service configuration

I'm having truble with configuration around my WCF service and WS-Seciurity.
I don't have access to the client side, so far I'm trying to use SoapUI as a client with WS-A adressing, userName, Password and WSS Password Type 'PasswordDigest' options.
I use IIS and https with a simple certificate, .NET 4.7.
I've tried many versions, but without success. I just want to find simplest, working solution to read 'Seciurity' header from SoapUI/client request with WS-Seciurity PasswordDigest options enabled.
The current error with the current config file 'InvalidSecurity' 'An error occurred when verifying security for the message'
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="wsHttpBinding"/>
</protocolMapping>
<services>
<service name="SoapService" behaviorConfiguration="SoapServiceConf">
<!--<endpoint address="SoapService" binding="wsHttpBinding" contract="MPA.SoapService.References.ServiceReference.SentSOAP" /> -->
<endpoint address="" binding="wsHttpBinding" contract="Interfaces.ISoap" bindingConfiguration="wsHttpBind"/>
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding maxReceivedMessageSize="10485760" name="wsHttpBind">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic"/>
<message clientCredentialType="UserName" algorithmSuite="Default" establishSecurityContext="false" />
</security>
<reliableSession enabled="false" />
<readerQuotas maxArrayLength="10485760" maxDepth="1024" maxStringContentLength="10485760" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SoapServiceConf">
<serviceCredentials>
<serviceCertificate findValue="soapservice"
storeName="My"
x509FindType="FindByIssuerName" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
<behavior name="MyServiceTypeBehaviors" >
<!-- Add the following element to your service behavior configuration. -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks.

How to avoid the service certificate?

"The service certificate is not provided. Specify a service certificate in ServiceCredentials." is what I see when I point my browser to the svc file address
as you can see below, my serviceCredentials section is commented (it's just an example from some book), since I don't want any certificate. But apparently I can't avoid it... what can I do ?
I can't use basicHttpBinding because I want sessions support
my binding:
<wsHttpBinding>
<binding name="BindingToViewer" sendTimeout="00:25:00">
<security mode="Message">
<message clientCredentialType = "None"/>
</security>
</binding>
</wsHttpBinding>
my service:
<service name="SomeNs.Whatever.ServName" behaviorConfiguration="NoPrinPermMode">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="BindingToViewer"
contract="SomeNs.Whatever.IMyInterface">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="https://localhost/"/>
</baseAddresses>
</host>
</service>
my service behaviors:
<serviceBehaviors>
<behavior name="NoPrinPermMode">
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646"/>
<serviceAuthorization principalPermissionMode="None" />
<!--<serviceCredentials>
<serviceCertificate
findValue = "MyServiceCert"
storeLocation = "LocalMachine"
storeName = "My"
x509FindType = "FindBySubjectName"/>
</serviceCredentials>-->
</behavior>
</serviceBehaviors>
You have configured message security in WSHttpBinding which implies your service must supply a certificate (unless you use windows auth). The question is what kind of security you need if at all?
Do not use https in base address:
<add baseAddress="https://localhost/"/>
use instead:
<add baseAddress="http://localhost/"/>
and remove httpsGetEnabled:
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True" />
to:
<serviceMetadata httpGetEnabled="True" />
and remove identity as you do not need to authentificate service
<identity>
<dns value="localhost" />
</identity>
edit
remove also
<security mode="Message">
<message clientCredentialType = "None"/>
</security>

How to configure WCF REST to work with SSL?

I have a nice WCF REST-ful JSON service working well as is. The problem arises when I try to put it to work on HTTPS. The Web.config is as follows:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="StreamedRequestWebBinding" bypassProxyOnLocal="true" useDefaultWebProxy="false" hostNameComparisonMode="WeakWildcard" sendTimeout="10:15:00" openTimeout="10:15:00" receiveTimeout="10:15:00" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" transferMode="StreamedRequest">
<security mode="Transport">
<transport clientCredentialType = "None" />
</security>
<readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" />
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="WcfRESTFullJSON.Service1" behaviorConfiguration="ServiceBehaviour">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="StreamedRequestWebBinding" contract="WcfRESTFullJSON.IService1" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<!--Him-->
<webHttp automaticFormatSelectionEnabled="true" />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
</system.serviceModel>
I configured a home-made certificate on IIS.
On the client I have:
WebClient WC;
...
WC.UploadData(URL, "POST", asciiBytes);
What we get:
The remote server returned an error: (500) Internal Server Error.
What may be the problem?
The issue is resolved. It was a missing reference to a endpoint behavior in the following line
...endpoint behaviorConfiguration="web" address="" binding="webHttpBinding" bindingConfiguration="StreamedRequestWebBinding" contract="WcfRESTFullJSON.IService1"...
in the Web.config below. Thank you for your help friends! The solution was finally found in the article Implementing 5 important principles of REST using WCF Services
<services>
<service name="WcfRESTFullJSON.Service1" behaviorConfiguration="ServiceBehaviour">
<endpoint behaviorConfiguration="web" address="" binding="webHttpBinding" bindingConfiguration="StreamedRequestWebBinding" contract="WcfRESTFullJSON.IService1" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<!--Him-->
<webHttp automaticFormatSelectionEnabled="true" />
</behavior>
</endpointBehaviors>
As SSL is a protocol under HTTP, there is usually nothing extra to configure in web.config (only a new binding). Another thing that changes if you use SSL is the port... you may need to update the firewall or check that your request is sent to the right port.
See Complete config file
<configuration> <system.web>
<compilation debug="true" targetFramework="4.0" />
<webServices>
<protocols>
<add name="HttpsGet"/>
<add name="HttpsPost"/>
</protocols>
</webServices> </system.web> <system.serviceModel>
<services>
<service name="RESTTEST.RestTestService" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="webHttpBinding"
contract="RESTTEST.IRestTestService"
bindingConfiguration="sslBinding"
behaviorConfiguration="web"
></endpoint>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before
deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before
deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="sslBinding" crossDomainScriptAccessEnabled="true">
<security mode="Transport">
</security>
</binding>
</webHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false">
</serviceHostingEnvironment>
<standardEndpoints>
<webHttpEndpoint>
<standardEndpoint crossDomainScriptAccessEnabled="true"></standardEndpoint>
</webHttpEndpoint>
<webScriptEndpoint>
<standardEndpoint name="" crossDomainScriptAccessEnabled="true" />
</webScriptEndpoint>
</standardEndpoints> </system.serviceModel> <system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="*" />
<add name="Access-Control-Allow-Headers" value="Content-Type" />
</customHeaders>
</httpProtocol> </system.webServer> </configuration>

IIS 7.5 Wcf https WSDL always returns blank (bad request)

Everything else works fine, I can make SOAP and RESTful calls w/o issue via https. But WSDL always returns blank (bad request). HTTP returns WSDL fine.
Trace log inner exception reports:
The body of the message cannot be read because it is empty.
serviceMetaData tag is set:
<serviceMetadata
httpGetEnabled="true"
policyVersion="Policy15"
httpsGetEnabled="true" />
web.Config sections
Binding:
<bindings>
<basicHttpBinding>
<binding name="soapBinding">
<security mode="None">
</security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="webBinding">
<security mode="None">
</security>
</binding>
</webHttpBinding>
</bindings>
You will immediately notice security mode="None"
Via ServiceHostFactory I see the mode to transport as:
ServiceHost serviceHost = new ServiceHost(service.GetType(), baseAddresses);
if (ExposeSSL(baseAddresses[0]))
{
foreach (var endpoint in serviceHost.Description.Endpoints)
{
if (endpoint.Binding is WebHttpBinding)
{
((WebHttpBinding)endpoint.Binding).Security.Mode = WebHttpSecurityMode.Transport;
endpoint.Address = new EndpointAddress(baseAddresses[0].ToString().Replace("http", "https"));
}
if (endpoint.Binding is BasicHttpBinding)
{
((BasicHttpBinding)endpoint.Binding).Security.Mode = BasicHttpSecurityMode.Transport;
endpoint.Address = new EndpointAddress(baseAddresses[0].ToString().Replace("http", "https"));
}
}
Services configuration:
<service name="xxxx.Wcf.AdminJsonService" behaviorConfiguration="DefaultBehaviour">
<host>
<baseAddresses>
<!-- note, choose an available port-->
<add baseAddress="http://localhost:62701/json"/>
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="" binding="webHttpBinding" bindingConfiguration="webBinding" behaviorConfiguration="jsonBehavior" bindingNamespace="https://www.xxxx/WebService4/AdminJsonService" contract="xxxx.Wcf.IAdminJsonService"/>
</service>
<service name="xxxx.Wcf.AdminXmlService" behaviorConfiguration="DefaultBehaviour">
<host>
<baseAddresses>
<!-- note, choose an available port-->
<add baseAddress="http://localhost:62701/xml"/>
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="" binding="webHttpBinding" bindingConfiguration="webBinding" behaviorConfiguration="poxBehavior" bindingNamespace="https://www.xxx/WebService4/AdminXmlService" contract="xxxx.Wcf.IAdminXmlService"/>
</service>
<service name="xxxx.Wcf.AdminSoapService" behaviorConfiguration="DefaultBehaviour">
<!-- Service Endpoints -->
<endpoint binding="basicHttpBinding" behaviorConfiguration="soapBehavior" bindingNamespace="https://www.example.com/WebService4/AdminSoapService" contract="xxxx.Wcf.IAdminSoapService"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
Endpoint behaviours
<!-- SOAP -->
<behavior name="soapBehavior">
</behavior>
<!-- JSON -->
<behavior name="jsonBehavior">
<webHttp/>
</behavior>
<!-- POX -->
<behavior name="poxBehavior">
<webHttp/>
</behavior>
Service Behaviours
<behavior name="ErrorBehaviour">
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="DefaultBehaviour">
<NiceErrorHandler/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata
httpGetEnabled="true"
policyVersion="Policy15"
httpsGetEnabled="true" />
</behavior>
Also have
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
Anyone have idea's why this may be occurring?
Did you try turning off one of the other endpoints? In my case WCF didn't work until I disabled one of the endpoints. It didn't matter which one I disabled. The others would work.
<services>
<service name="GTW.TrendToolService" behaviorConfiguration="MyServiceBehavior">
<!--<endpoint name="rest" address="" binding="webHttpBinding" contract="TT.ITrendtoolService" behaviorConfiguration="restBehavior"/>-->
<endpoint name="json" address="json" binding="webHttpBinding" behaviorConfiguration="jsonBehavior" contract="GTW.IAqvService" />
<endpoint name="xml" address="xml" binding="webHttpBinding" behaviorConfiguration="restBehavior" contract="GTW.IAqvService" />
<!--<endpoint name="mex" address="mex" binding="mexHttpBinding" contract="GTW.IAqvService" />
<endpoint name="soap" address="soap" binding="basicHttpBinding" contract="GTW.IAqvService" />-->
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp />
</behavior>
<behavior name="jsonBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
I believe your issue is going to be related to your service behaviors section. Specifically you told .net to publish your WSDL in HTTP but not HTTPS. Try the following
<behavior name="DefaultBehaviour">
<NiceErrorHandler/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata
httpGetEnabled="true"
httpsGetEnabled="true"
policyVersion="Policy15"
httpsGetEnabled="true" />
</behavior>
Note the extra line in the serviceMetadata referring to httpsGet as opposed to http.
I will assume that https is enabled on both the bindings and in your application given that you can see the http WSDL rather than some mumble jumbo about not being able to find bindings or something...
When you are doing the Transport encryption you have to add the s to your base address protocol ex: < add baseAddress="https://localhost:62701/xml"/> or < add baseAddress="http://localhost:62701/json"/>

How to use SSL with a WCF web service?

I have a web service in asp.net running and everything works fine. Now I need to access some methods in that web-service using SSL. It works perfect when I contact the web-service using http:// but with https:// I get "There was no endpoint listening at https://...".
Can you please help me on how to set up my web.config to support both http and https access to my web service. I have tried to follow guidelines but I can't get it working.
Some code:
My TestService.svc:
[ServiceContract(Namespace = "")]
[AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Allowed)]
public class TestService
{
[OperationContract]
[WebGet(ResponseFormat = WebMessageFormat.Json)]
public bool validUser(string email) {
return true;
}
}
My Web.config:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<behaviors>
<endpointBehaviors>
<behavior name="ServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceBehavior" name="TestService">
<endpoint address="" behaviorConfiguration="ServiceAspNetAjaxBehavior"
binding="webHttpBinding" bindingConfiguration="ServiceBinding"
contract="TestService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="ServiceBinding" maxBufferPoolSize="1000000" maxReceivedMessageSize="1000000">
<readerQuotas maxDepth="1000000" maxStringContentLength="1000000" maxArrayLength="1000000" maxBytesPerRead="1000000" maxNameTableCharCount="1000000"/>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
Instead of using the webHttpBinding, try creating a customBinding instead:
<customBinding>
<binding name="poxBindingHttps" closeTimeout="00:00:20">
<textMessageEncoding writeEncoding="utf-8" />
<httpsTransport manualAddressing="true"/>
</binding>
<binding name="poxBindingHttp" closeTimeout="00:00:20">
<textMessageEncoding writeEncoding="utf-8" />
<httpTransport manualAddressing="true"/>
</binding>
</customBinding>
You'll also need to setup the webHttpBehavior like so:
<behaviors>
<endpointBehaviors>
<behavior name="ajaxBehavior">
<enableWebScript/>
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
And finally, your service & endpoint:
<services>
<service name="TestService">
<endpoint name="sslDefault" address="" binding="customBinding" bindingConfiguration="poxBindingHttps" behaviorConfiguration="ajaxBehavior" contract="TestService"/>
<endpoint name="noSslDefault" address="" binding="customBinding" bindingConfiguration="poxBindingHttp" behaviorConfiguration="ajaxBehavior" contract="TestService"/>
</service>
</services>
Hopefully that works out for you in creating an SSL endpoint
It sounds like there is more an issue with IIS no listening on port 443 (The port used for HTTPS). Check IIS that there is a certificate installed and that it is listening on the secure port.