I have a WCF service that I have set up to be consumed via HTTPS. Unfortunately when my client tries to consume it he immediately gets an error because the referenced schema locations generated in the WSDL are set as HTTP which throws an error when he tries to reference it in a client project. Indeed from his network he cannot get to the XSD via the HTTP URL however, if he pastes the URL into a browser and changes the HTTP to HTTPS then he can see it.
So is there anyway that I can specify the proper generation of the URL, i.e. as HTTPS?
FYI... Our environment does not use SSL or certs, using WAF and a proxy instead.
Related
I have an application that sends a request to a web service. Unfortunately the application is compiled and the link to the web service is embedded in the application as http. (Yes I know how dumb that is, I didn't write it)
Recently, the 3rd party company is no longer allowing http requests, everything must be https.
The application runs as a webapp on Tomcat. The server is a windows server.
Is there a way to intercept the call to this web service and force it to use https?
As you can't change the application's source code (as it is compiled), and you can't change the web service (as it is 3rd party) either, the only way to solve this problem is making a proxy between the application and web service. To do that, you need to (assume the proxy is running in localhost):
As the web service URL is embedded into the compiled application, in order to let application send HTTP request to our proxy, hosts mapping need to change (e.g. /etc/hosts) to override DNS. For example, if the HTTP request in application is GET http://example.com/api/sample, in /etc/hosts, example.com need to be mapped to 127.0.0.1.
Make a proxy web server in localhost and open the same port as the web service. This proxy is a very simple web server (any backend programming tech can do it), it is only responsible for request-forwarding. In this way, when application send HTTP request to example.com, it sends the request to the proxy server.
After receiving HTTP request from application, the proxy server extract the request URL/header/body and send HTTPS request to example.com's real IP address. Please note: in this HTTPS request, a header host whose value is example.com should be added. 3rd party web service may check this header.
After the real response is returned from example.com, proxy will return it to the application.
Of course, you can also use reverse engineering (Java Decompiler) to get the application's "source code", change the web service URL and then compile again to a webapp. However, as the application may need to update/upgrade and it is may not under your control, this reverse engineering method is not recommended.
You could use a proxy script. Write it in any server-side language you want, for example PHP, set the API URL to this script, the script does the https request for you and pass the results back to your app.
You could also use Apache itself as the proxy and use something like: Apache config: how to proxypass http requests to https
I have developed a sample WCF service and hosted in IIS 8.5, Windows Server 2012 R2. Note that this server is added to F5 load balancing setup (I do not know the details of this setup) and I am supposed to invoke this service using the URL https://loadbalanceddomainname/servicename.svc.
In the IIS, I have made the below configurations:
Created a new website
Created a Self Signed certificate with the subject name "loadbalanceddomainname" and imported to the Personal store.
Bind this certificate to this website on port 443, and host header is set to "loadbalanceddomainname".
With this configuration, when I try to browse the URL https://loadbalanceddomainname/servicename.svc, it gives me a 504 Error (as shown in Fiddler -> "
[Fiddler] ReadResponse() failed: The server did not return a complete
response for this request. Server returned 0 bytes.
")
However, in IIS, if I add one more binding to Port 80 with host header "loadbalanceddomainname", I get the response as shown in the screenshot below.
Though I am able to invoke this service using Https (as shown in address bar) in the browser with the port 80 binding added to IIS, I see that it is getting changed to http as shown in the screenshot below where it says "svcutil.exe http://loadbalanceddomainname/servicename.svc". Why is this https getting changed to http? Why is my service giving 504 error when I remove the Binding at Port 80?
Though I get a response in the browser (with port 80 binding in server), when I try to invoke an operation using a test client (by adding a service reference in Visual Studio and creating a proxy), I get error 404 - no such endpoint exists. The WCF trace log shows the below error as well:
Failed to lookup a channel to receive an incoming message. Either the
endpoint or the SOAP action was not found.
I also have noticed that the certificate I have Bind in IIS is not what I see i the browser, in the above screenshot - when I view the certificate details. Is this a different certificate coming from F5 or somewhere in between?
I think you are dealing with this metadata issue. when client tries to access the service over https, it still gets redirected to http because of soap: address location.
https://blogs.msdn.microsoft.com/dsnotes/2014/10/03/ssl-offloading-in-load-balancer-scenario/
What I would like to do is have a wcf service be anonymous accessible using a https url.
I have created a WCF in a .net 4.0. Deployed the wcf on a server that is set up to use HTTPS. The server's IIS is set to allow anonymous calls. I can access the WCF's Service.svc's website url and the Service.svc page comes up with no issues. When I click on the wsdl url link on the Service.svc, I get back either a HTTP 404 error or HTTP 401 error. The wcf's wsdl virtual directory, (I am guessing), won't allow me to get to the wsdl file.
I have set the serviceMetadata's property httpsGetEnabled to true.
wsHttpBinding's security to transport and the clientCredentialType is set to none.
basicHttpBinding's security to transport and the clientCredentialType is set to none.
Is it absolutely certain, I need to create a certificate? Because when I use VS2010 in another project and add the WCF as a Service Reference, a pop-up certificate dialog box appears and I click okay and it continues onward. But it stops when the project can't grab the wsdl flie.
How can I get to the service.svc's wsdl?
Thanks.
If you browse to the deployed service endpoint, you'll see a screen that has a link to generating the WSDL. You do need a certificate for SSL -- just create a self-signed one (it's pretty easy). Don't forget to set up your https bindings too for your site in IIS.
i have a silverlight app connected to a webservice over https.
The webservice is hosted on mydomain.com (not localhost).
When i run the silverlight, it makes https calls to webservice on mydomain.com, but also tries to access "http://localhost/clientaccesspolicy.xml" and fails obviously. Why is my SL app looking for cal.xml in localhost? why is it not looking for cal.xml in the mydomain.com?
Appreciate your thoughts.
Thanks!
"Before allowing a connection to a network resource, the Silverlight runtime will try to download a security policy file from the domain that hosts the network resource. There are two different methods used to download the security policy that depend on whether the connection request was from a WebClient or HTTP class or whether the connection request was from sockets.
If the connection request was from a WebClient or an HTTP class to a cross-domain site, the Silverlight runtime tries to download the security policy file using the HTTP protocol. The Silverlight runtime first tries to download a Silverlight policy file with a name of "clientaccesspolicy.xml" at the root of the requested target domain using the HTTP protocol.
If the "clientaccesspolicy.xml" is either not found (the web request returns a 404 status code), returned with an unexpected mime-type, is not valid XML, or has an invalid root node, then the Silverlight runtime will issue a request for a for the Flash policy file with a name of "crossdomain.xml" at the root of the requested target domain, using the HTTP protocol."
http://msdn.microsoft.com/en-us/library/cc645032%28VS.95%29.aspx
What does the address look like inside your SL application?
Is the address coming from the ServiceReference.ClientConfig file? If so, make sure that it has a mydomain.com and not a localhost address there.
I have a Self-Hosted (Console App) WCF REST service with the following binding:
WebMessageEncodingBindingElement
HttpsTransportBindingElement (ManualAddressing=true, KeepAliveEnabled=true, AllowCookies=false, HostNameComparisonMode=Exact)
This is exposed over an HTTPS URL ("https://mylaptop/myendpoint")
I have a self-signed certificate issued to "mylaptop" that I assign using myServiceHost.Credentials.ServiceCertificate.SetCertificate. The certificate is added successfully, and the ServiceHost opens successfully (no exceptions). If I type "netsh http show servicestate", I can see that there's a successful registration at https://mylaptop/myendpoint with HTTP.SYS
However, when I issue a GET to the endpoint, it doesn't work. It seems like the socket is dropped even before a valid HTTP response is obtained. (FireFox says "connection to the server was reset", IE says "cannot display the webpage", and if I do the request through Fiddler it says "connection was forcibly closed by the remote host").
Everything works fine when I use HTTP instead of HTTPS.
Any idea what could be going wrong in the HTTPS case?
You probably need to use httpcfg.exe to reserve your endpoint with HTTP.SYS correctly with a configured X.509 certificate for SSL. The steps to get it done are documented here.
Or use HttpCfgGui- a much friendlier interface to setting up the server certs w/ HTTP.SYS. This is a must-install on all my servers that do HTTP w/ WCF.