How to secure MEX endpoint WCF - wcf

suppose i have developed a WCF service with one mex endpoint. now i like to know how can i secure the mex endpoint means that if anyone know my mex endpoint address then that user may not be able to add my mex endpoint address from their VS IDE to create proxy. if user try to do so then windows auth login dialog comes.
now the question is how then any out side user will be able to call my wcf service. i will distribute my service dll or proxy class related *.cs files or WSDL. so user can add that dll or add those proxy related .cs file or add wsdl to their project to create proxy just to call & consume my service. i am not advance developer so i am not being able to understand how to develop this kind of secure wcf service where user can not add my mex endpoint.
so just guide me with little wcf sample code & config example from where i can understand what i need to to meet my requirement. thanks

This topic looks helpful
https://msdn.microsoft.com/en-us/library/aa395212%28v=vs.110%29.aspx
Initially, one would think one would just change the HTTP to HTTPS but according to the article apparently you lose some degree of freedom in configuration
If you use the mexHttpsBinding your metadata endpoint will be secure, but there is no way to modify the binding settings.

Related

Nothing happens after adding service to Wcf Test Client

I added the service to the WCF Test Client app and I get Service Added Successfully, but I don't see any of the operations available.
This WCF service is already being consumed by several javascript charts, so I should be able to see something here.
What am I doing wrong?
By default, WCFTestclient doesn’t support call the Restful service by using a client proxy. WCF creates the Restful style service with WebHttpbinding. thereby the client proxy class generates nothing thought the service WSDL is available.
Besides, we are capable of making a successful call to the service by using a client proxy. please refer to the below link.
WCF: There was no endpoint listening at, that could accept the message
the above client proxy class is generated by adding service reference.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/accessing-services-using-a-wcf-client
Here is a detailed exposition of WCFTestClient from Microsoft document.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/wcf-test-client-wcftestclient-exe?redirectedfrom=MSDN
Feel free to let me know if there is anything I can help with.
 

Does WCF Add Service Reference require something configured on the service to generate the app config?

We have an existing wcf service, and I created a new project. I want to use it. I hit add service reference, pop in the URL, press OK, and it adds it as a service reference but there is no config generated.
I also tried svcutil.exe /language:cs /out:GeneratedProxy.cs /config:app.config [url] but no config is generated, only the proxy cs.
I'm using VS 2013 / .NET 4.0
My question is, is this a sign that the SVC itself has some missing data that is required to build the contracts, or is the problem with adding the service reference?
For the record I have tried unchecking the reuse types option which some questions on here have reported as fixing the problem.
Bonus question, do you think if I can't get this working that manually adding some generic default bindings and endpoint code to the web config will work?
First, the reason that why the Adding service reference generates nothing is that the WCF service is rest style service. By default, the proxy-based invocation of rest style WCF services is complex.
https://en.wikipedia.org/wiki/Representational_state_transfer
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/wcf-web-http-programming-model
Calling the WCF rest style service with the client proxy is uncommon. Generally, we construct an Http request by using an HTTP client library to call the service, such as HttpClient, WebClient.
How to fix "ERR_ABORTED 400 (Bad Request)" error with Jquery call to C# WCF service?
Besides, calling the WCF rest style service with the client proxy is feasible. Please refer to my previous link.
WCF: There was no endpoint listening at, that could accept the message
Feel free to let me know if there is anything I can help with.

WCF RoutingService failing when mex gets too large

I'm having an issue with a net.tcp WCF windows service int .NET 4.0 where it looks like my mex for a particular endpoint is too large. There is no problem at all connecting directly to the endpoint. I created a WCF RoutingService to allow someone outside our private network to connect to my internal WCF service. Getting the mex information through the RoutingService fails.
My WCF service has about 7 endpoints, and the WCF RoutingService is routing all of them, but only the large one (with 17 methods) is having the problem.
I found this link below which explains how to fix the problem when failing to connect directly to the mex endpoint
http://blogs.msdn.com/b/distributedservices/archive/2009/05/07/too-many-operations-or-methods-in-wcf-service-causes-the-metadataexchange-fail.aspx
But it talks about creating an endpoint in svcutil.exe.config with a contract of IMetadataExchange. The RoutingService endpoint I'm having a problem with is using the contract System.ServiceModel.Routing.IRequestReplyRouter, so I don't know if I need to configure the svcutil.exe.config file slightly differently. I've tried all sorts of combinations but couldn't get anything to work. I'm not even sure where I need to put the svcutil.exe.config file for the RoutingService WCF service to pick it up, or even if it needs one.
Does anybody know of a better solution, or a link which might provide help for when a RoutingService is involved?

WCF: Client config for non-.net-clients

I am developing a wcf service (basicHttpBinding) that should also be consumed by non .net clients (e.g. Java clients). But now I wonder how the client can define his client config file. Or is this file only needed for .net-clients? (I am thinking of configurations like maxReceivedMessageSize or maxItemsInObjectGraph for example).
Each development platform (call it as you want: SOAP stack, Framework, API) has its own way to configure communication. You don't need to bother with it. You just need to expose correct WSDL and client's developer will be responsible for configuring the client application based on his needs.
If you want to extend documentation of your service in WSDL you can use wsdl:documentation. WCF doesn't offer it by default but you can use this technology sample to extend WCF. You can use such documentation for example to describe that service operation can return large amount of data. Another approach to add wsdl:documentation is using WCF Extras.
From the sound of it, the client shouldn't have access to those configuration options. For instance, why should a client to the WCF service be able to specify the maxReceivedMessageSize?
What you probably want to do is define these configuration options on the server-side. If a client makes a call and there is a conflict with one of your options (i.e. the client exceeds maxReceivedMessageSize), you'll want to throw a SoapException back to the client.
If you want to let the client have access to the configuration settings before he or she sends a request, you can always implement a simple web service method that sends back the values.

BizTalk publish net.tcp WCF service

Is anybody familiar with setting up WCF-nettcp adapters for BTS?
When I create a WCF-netTcp adapter for a Receive location, I am unsure how/when BTS will open up port 808 to listen on the address URI specified. It appears to only happen if I restart the entire BizTalk application. If it closes for some reason, I do not see any way of reconfiguring and reopening the port.
Furthermore, since that is only the net.tcp binding, there is no mex endpoint exposed. I believe client applications that wish to use that exposed WCF service needs mex metadata initially. Accessing that endpoint direct from a Visual Studio project would just yield
Metadata contains a reference that cannot be resolved: 'net.tcp://biztalkserver/PostReceiveLocation_TCP/PostReceiveService.svc'.
Metadata contains a reference that cannot be resolved: 'net.tcp://biztalkserver/PostReceiveLocation_TCP/PostReceiveService.svc'.
If the service is defined in the current solution, try building the solution and adding the service reference again.
Cannot tell for such how to properly expose a mex endpoint to the service. the BizTalk WCF Service Publishing Wizard is confusing me; I cannot get it to reference the WCF adapter/Receive location I setup. I find no document that teaches what one ought to do for netTcp services; it is all about Http.
Funny, it took the walkthrough about publshing Net-Msmq WCF service to nudge me thinking how the WCF Service Publishing Wizard really works.
The issue is this: When I manually created the WCF-netTcp Receive location, it has its endpoint URI e.g. net.tcp://biztalkserver/PostReceiveLocation_TCP/PostReceiveService.svc. When selecting the option to publish just an mex endpoint in the WCF Service Publishing Wizard, it will eventually ask for the WCF Service Location, which i confused to be the actual service location. Since it would accept nothing but Http URLs, it appeared to only support Http-based WCF endpoints.
But for that textbox, one is supposed to place the Http URL that for just the mex endpoint, not the actual net.tcp WCF endpoint. That is the location in IIS where the wizard will create the necessary meta-data files. Once finished, that location, hosting a mex endpoint will inform clients of the real service located at the net.tcp endpoint.