I'm setting up client certificates on my wcf service. All works great. The service requires client certs, my client test app supplies the cert and is able to make a request to one of the service end points.
No I want to implement a custom validator. I created a new class inheriting from X509CertificateValidator, and set it up in the services web config. I can put a breakpoint in the validate method and see it gets called. Awesome possum.
Now I want to be able to supply custom configuration parameters to the validator. The X509CertificateValidator has a LoadCustomConfiguration method which I can override, but it doesn't get called, I'm assuming it's because I'm not supplying any actual custom configuration anywhere - if that assumption is correct, how do I define my custom configuration parameters? Or is there some other way I should be doing this?
public class CustomValidator : System.IdentityModel.Selectors.X509CertificateValidator
{
/// <summary>
/// If the passed certificate is not valid according to the validation logic, this method throws a SecurityTokenValidationException. If the certificate is valid, the method returns to the caller.
/// </summary>
/// <param name="certificate"></param>
public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate)
{
bool bValid = true;
// Check that there is a certificate.
if (certificate == null)
{
throw new ArgumentNullException("certificate", "Certificate was not supplied.");
}
bValid = certificate.Verify() &&
DateTime.Now <= certificate.NotAfter &&
DateTime.Now >= certificate.NotBefore;
if (!bValid)
{
throw new System.IdentityModel.Tokens.SecurityTokenValidationException("Certificate is not valid.");
}
}
public override void LoadCustomConfiguration(System.Xml.XmlNodeList nodelist)
{
base.LoadCustomConfiguration(nodelist);
}
}
Configuration
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="WCFTransportAuthCertificateCustomValidation.Service1"
behaviorConfiguration="MapClientCertificates">
<endpoint binding="basicHttpBinding"
bindingConfiguration="TransportCertificateAuthentication"
contract="WCFTransportAuthCertificateCustomValidation.IService1">
</endpoint>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="TransportCertificateAuthentication">
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="MapClientCertificates">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="X509CertificateValidation.CustomValidator, X509CertificateValidation" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
Related
I have created a WCF service with Basic Authentication following this article https://learn.microsoft.com/en-gb/dotnet/framework/wcf/feature-details/transport-security-with-basic-authentication.
But when I call it using Postman, I get an error (400 Bad Request).
If I use a small application written in C# setting out ClientCredentials, it works well.
Here is my server code:
public class DataService : IDataService
{
public bool GetData()
{
return true;
}
}
[ServiceContract]
public interface IDataService
{
[OperationContract]
[WebInvoke(Method = "GET", UriTemplate = "GetData")]
bool GetData();
}
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.2" />
<httpRuntime targetFramework="4.6.2"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<wsHttpBinding>
<binding name="UsernameWithTransport">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="BasicAuthenticationTest">
<endpoint
address=""
binding="wsHttpBinding"
bindingConfiguration="UsernameWithTransport"
name="BasicEndpoint"
contract="BasicAuthTest.IDataService"/>
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
I also turned off "SSL certificate verification" and proxy in Postman
I'm trying to config my service to use protobuf-net. The methods that return T[] and T works but List is returning null. Is it supported?
Also, how can i tell that it is really using protobuf for during serialization. I tried to use fiddler but i can't really tell the difference.
public interface IOrdersService
{
[OperationContract(IsOneWay = false)]
OrderDTO[] GetAllOrders();
[OperationContract(IsOneWay = false)]
List<OrderDTO> GetAllOrders2();
[OperationContract(IsOneWay = false)]
OrderDTO GetOrder();
}
public class OrdersClient : IOrdersServiceCallback
{
private OrdersServiceClient client;
public OrdersClient()
{
}
public void Init()
{
InstanceContext site = new InstanceContext(null, new OrdersClient());
client = new OrdersServiceClient(site);
}
public void Start()
{
OrderDTO[] orders = client.GetAllOrders();
OrderDTO[] orders2 = client.GetAllOrders2();
OrderDTO dto = client.GetOrder();
Console.WriteLine(dto);
}
}
web config
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="OrdersServer.OrdersService">
<endpoint address=""
binding="wsDualHttpBinding"
bindingConfiguration="Binding1"
contract="OrdersServer.IOrdersService"
behaviorConfiguration="ProtoBufBehavior" />
</service>
</services>
<bindings>
<wsDualHttpBinding>
<binding name="Binding1">
<!-- Binding property values can be modified here. -->
<security mode="None"/>
</binding>
</wsDualHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ProtoBufBehavior">
<protobuf />
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<!--add binding="basicHttpsBinding" scheme="https" />-->
<add scheme="http" binding="wsDualHttpBinding"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<extensions>
<behaviorExtensions>
<add name="protobuf" type="ProtoBuf.ServiceModel.ProtoBehaviorExtension, protobuf-net, Version=2.0.0.640, Culture=neutral, PublicKeyToken=257b51d87d2e4d67"/>
</behaviorExtensions>
</extensions>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
client config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<wsDualHttpBinding>
<binding name="WSDualHttpBinding_IOrdersService" clientBaseAddress="http://localhost:8000/whatisthis/">
<security mode="None" />
</binding>
</wsDualHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost.fiddler:49522/OrdersService.svc"
binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_IOrdersService"
contract="OrdersServiceReference.IOrdersService" name="WSDualHttpBinding_IOrdersService"
behaviorConfiguration="proto"/>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="proto">
<protobuf />
</behavior>
</endpointBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="protobuf" type="ProtoBuf.ServiceModel.ProtoBehaviorExtension, protobuf-net, Version=2.0.0.640, Culture=neutral, PublicKeyToken=257b51d87d2e4d67"/>
</behaviorExtensions>
</extensions>
</system.serviceModel>
</configuration>
I've been struggling with this for a couple of days now - I cannot get this WCF service configured correctly to use a custom membership provider. When I fire up the test client I get this error:
The username/password Membership provider MidlandsCoop.MembersWcfService.Business.UserAuthentication specified in the configuration is invalid. No such provider was found registered under system.web/membership/providers.
I have been following this MSDN link to no avail. Can anyone tell me where I'm going wrong?
Here's my web.config:
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<add name="MyCS" connectionString="Data Source=my server;Initial Catalog=MyDB;Integrated Security=True" providerName="System.Data.SqlClient"/>
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding">
<security>
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="MidlandsCoop.MembersWcfService.MembersService" behaviorConfiguration="Service_Behaviour">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration=""
name="basicHttpBinding" contract="MidlandsCoop.MembersWcfService.IMembersService" />
<endpoint binding="wsHttpBinding" bindingConfiguration="wsHttpBinding"
name="wsHttpBinding" contract="MidlandsCoop.MembersWcfService.IMembersService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Service_Behaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
membershipProviderName="MidlandsCoop.MembersWcfService.Business.UserAuthentication" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
</configuration>
My user authentication class is as follows:
public class UserAuthentication : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
if (null == userName || null == password)
{
throw new ArgumentNullException();
}
var db = new PetaPoco.Database("MyDB");
db.Fetch<dynamic>("SELECT Username, Password FROM MyTable WHERE Username=#0 AND Password =#1",
userName, password);
}
}
Any suggestions would be greatly appreciated.
the link that you have provided mentions customUserNamePasswordValidatorType to specify custom authentication type, UserAuthentication in your case. I think MembershipProviderName should be a class derived from MembershipProvider Class.
I have WCF webservice using windows authentication and custom ServiceAuthorizationManager. Everything works fine, but if overridden CheckAccessCore returns false, I get error 500, instead of 401 as I expected. Service does not implement any service level error handling. How can I send 401 instead of 500 header?
Service config:
<!-- App configuration-->
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off" />
</system.web>
<appSettings>
<!-- Allowed users divided by comma -->
<add key="allowedUsers" value="DOMAIN\User1, DOMAIN\User2" />
</appSettings>
<!--Webservice-->
<system.serviceModel>
<services>
<service name="WebService.ApiService">
<endpoint binding="basicHttpBinding" bindingConfiguration="AuthenticatedBinding" bindingNamespace="http://namespace.com/customapi" contract="WebService.IApiService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceAuthorization serviceAuthorizationManagerType="WebService.Model.Services.AuthorizationService, WebService" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="AuthenticatedBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
Custom authorization manager:
class AuthorizationService : ServiceAuthorizationManager
{
private List<string> allowedUsers = new List<string>();
public AuthorizationService() : base()
{
Configure();
}
protected override bool CheckAccessCore(OperationContext operationContext)
{
base.CheckAccessCore(operationContext);
return allowedUsers.Contains(operationContext.ServiceSecurityContext.WindowsIdentity.Name);
}
private void Configure()
{
var configRow = ConfigurationManager.AppSettings["allowedUsers"];
var parts = configRow.Split(',');
if (parts.Length > 0)
{
foreach (var part in parts)
allowedUsers.Add(part.Trim());
}
}
}
Result image:
I found on the web that error code 500 is the proper way how to send SOAP fault response. So everything is fine with my webservice (I am getting 'Access denied' fault with error code 500).
SOAP specification about it
Summary on Martin Karpiseks blog
I've been struggling with this error for a while:
An error occurred while receiving the HTTP response to
....8332/Service1.svc. This could be due to the service endpoint
binding not using the HTTP protocol. This could also be due to an HTTP
request context being aborted by the server (possibly due to the
service shutting down). See server logs for more details.
I traced the error and apparently it's something to do with the binding or the connection that I can't figure out how to solve.
..I am putting the class and the config files below.please guide me.thanks in advance.
[DataContract]
public class filepack
{
string filesize = "0";
int accesspermitid =0;
System.IO.Stream str ;
[DataMember]
public System.IO.Stream Filestr
{
get { return str; }
set { str = value; }
}
[DataMember]
public string Filesize
{
get { return filesize; }
set { filesize = value; }
}
[DataMember]
public int Accesspermitid
{
get { return accesspermitid; }
set { accesspermitid = value; }
}
}
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="debugbeh">
<dataContractSerializer />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" maxBufferSize="500000000"
maxReceivedMessageSize="500000000">
<security mode="None">
<message algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8332/Service1.svc" behaviorConfiguration="debugbeh"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
contract="vcpservice.IService1" name="BasicHttpBinding_IService1" />
</client>
</system.serviceModel>
</configuration>
<?xml version="1.0"?>
<configuration>
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="System.ServiceModel"
switchValue="Information, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="sdt"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="c:\\logclientHOST.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="mybinding" closeTimeout="00:10:00" maxBufferPoolSize="52428800"
maxBufferSize="500000000" maxReceivedMessageSize="500000000" />
</basicHttpBinding>
</bindings>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<behaviors>
<endpointBehaviors>
<behavior name="NewBehavior0">
<dataContractSerializer />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"
httpGetBinding="webHttpBinding" httpGetBindingConfiguration="" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
You cannot send a stream. You will need to either materialize your stream into a real data object (string or byte array for example) by reading it to the end before sending or if you really want streaming (which I doubt) you can read this.
the problem seems to be solved by removing the stream from the class and returning it separately!
but I don't know how did it help to solve it!