I have a wcf application. tested on my local computer (windows 7 and IIS 7.5), it works. but after deployed to dev server (windows server 2003, IIS 6). I got following error message.
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Negotiate,NTLM'.
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest request, HttpWebResponse response, WebException responseException, HttpChannelFactory`1 factory)
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ICFIR.ProcessXmlMessage(String xmlDocument)
at CFIRClient.ProcessXmlMessage(String xmlDocument)
Inner Exception:
The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
I searched on google for hours, found alot similar issues but none of them can fix it. here's my web.config
<basicHttpBinding>
<binding name="ServiceSoap" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="65536" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
Its expecting windows authentication, are you on the same domain that your server is? if you are you will need to turn on windows authentication like this:
<security>
<transport clientCredentialType="Windows" proxyCredentialType="None" />
<message clientCredentialType="Windows" />
</security>
if you dont want to turn that on your can turn on other authentication types like Anonymous or Certificate. Refer to this:
http://msdn.microsoft.com/en-us/library/ms729700.aspx
Note: Sometimes if your proxy server is enabled from the machine you are calling, it will get this type of issue too. In that case either turn off your proxy or provide authentication to the proxy.
This is what Bravo11 was talking about....
This was really bothering me for a while, but I finally ran into a solution after trying the above many different ways. When creating a service in vs2010 if you want to add Windows as your security you need to have the authentication mode set to Windows.
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Windows" />
</system.web>
you can do this either in your Web.config in the service or in IIS 6.0 in the properties -> ASP.NET -> Edit Configuration -> Authentication -> Authentication mode drop down
If you choose to do it in IIS you must remember to do it all the time or it will reset when you publish again.
Hope this will help someone.
Related
We are seeing SecurityNegotiationException when making calls from our Windows service to an api. The issue has been off-and-on. Sometimes it affects all communication attempts and sometimes we only see it for some or none of hundreds of queries against the API in a day.
Interestingly, we can make the same calls using SoapUI from our server and they work fine. We also do not see any evidence of time drift on the machine.
Stack trace and service confiq is included below. Any ideas on what would be causing this?
.NET Windows Service Binding Configuration
<binding name="Sevier_Binding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" sendTimeout="00:10:00" maxBufferPoolSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
Stack Trace
System.ServiceModel.Security.SecurityNegotiationException Could not
establish secure channel for SSL/TLS with authority
'EndpointRemoved'. Void
HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,
System.Runtime.Remoting.Messaging.IMessage) Server stack trace:
at
System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException
webException, HttpWebRequest request, HttpAbortReason abortReason)
at
System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
timeout) at
System.ServiceModel.Channels.RequestChannel.Request(Message message,
TimeSpan timeout) at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message
message, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message)
I have an old WCF web service method which execute 10-20 minutes.
It's written on vb.net 4.0
I use SoapUI application to test it, and self written vb.net app which consume it.
On my localhost when I run it in Debug mode with IIS Express, I'm getting results back in both application.
But on QA web server, under https, I'm getting error back:
SoapUI error: Error getting response; java.net.SocketException: Connection reset.
From my web client: "An error occurred while receiving the HTTP response to https://qa.organization.com/services/Blah.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details." Inner Exception: The underlying connection was closed: An unexpected error occurred on a receive. Inner Exception: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
Web engineer run trace on web server, got and error "An operation was attempted on a nonexistent network connection".
Please advise what else I can check in order to fix this issue?
From web service web.config:
<binding name="Blah_1"
closeTimeout="00:12:00"
openTimeout="00:12:00"
receiveTimeout="00:30:00"
sendTimeout="00:30:00"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647"
messageEncoding="Text"
textEncoding="utf-8"
transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="1000"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
algorithmSuite="Default" />
</security>
</binding>
Add the protocol mapping in the config file:
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
I would like to consume a 3rd party WCF service using basic authentication, but I also need to use SNI. I've hacked together the following example (minus real endpoint stuff) to show what I've setup and the error I get.
Any help much appreciated as I know little about WCF and nothing about SNI.
Config
<endpoint
address="https://their.server.com/theirservice.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_ISyncFramework2"
contract="ISyncFramework" name="BasicHttpBinding_ISyncFramework2">
</endpoint>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISyncFramework2" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Basic" proxyCredentialType="None"
realm="" />
</security>
</binding>
</basicHttpBinding>
code:
var service = new SyncFrameworkClient();
service.ClientCredentials.UserName.UserName = "username";
service.ClientCredentials.UserName.Password = "thepassword";
service.method() // fails!
the call to method fails with:
The requested service, 'https://their.server.com/theirservice.svc' could not be activated. See the server's diagnostic trace logs for more information.
The server trace
Server stack trace:
at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory, WebException responseException, ChannelBinding channelBinding)
at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
That error is usually a service-side issue not a client-side problem. SNI is a server technology to improve SSL handshaking and in the Microsoft stack is only supported in the unreleased IIS 8 version. Unless the third-party rolled their own SNI/SSL stack it seems unlikely that their WCF service would require it.
On the actual exception you're getting, it seems that something along the lines of this blog post would likely be the cause of the problem. Your config and code snippets look right for basicHttpBinding using SSL and basic HTTP authentication.
I have a .NET 4.0 WCF service. If I send a soap message larger than 64K, then I get "The remote server returned an unexpected response: (400) Bad Request" Error. It works fine all the way until I go over the 64K message size. I have read the many posts out there regarding what to do for this error, and as far as I can tell, I have the correct web.config values, but I still get the error. Below are the settings in my web.config. Anything I am missing? This occurs when communicating both to my local ASP.NET VS server and a remote Windows 2008 R2 IIS server. Is there a way to verify or log the maxReceivedMessageSize settings, etc. that are in the service binding in real-time or in the debugger? The service is hosted in MVC if that makes any difference.
<httpRuntime maxRequestLength="50000000" />
...
...
<bindings>
<basicHttpBinding>
<binding name="IpsApiBinding" receiveTimeout="00:15:00" sendTimeout="00:05:00" maxReceivedMessageSize="40000000">
<readerQuotas maxDepth="5000000" maxStringContentLength="50000000"
maxArrayLength="50000000" maxBytesPerRead="50000000" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ApiBehavior" name="IPSApi.IpsApi">
<endpoint behaviorConfiguration="endpointBehavior" binding="basicHttpBinding"
bindingConfiguration="IpsApiBinding" name="IPSApi.IpsApi"
contract="IPSApi.IIPSApi" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="endpointBehavior">
<dataContractSerializer maxItemsInObjectGraph="6553600" />
<callbackDebug includeExceptionDetailInFaults="true" />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ApiBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
On the client side, the stack track is showing...
Server stack trace: at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest
request, HttpWebResponse response, HttpChannelFactory factory,
WebException responseException, ChannelBinding channelBinding) at
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan
timeout) at
System.ServiceModel.Channels.RequestChannel.Request(Message message,
TimeSpan timeout) at
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message
message, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs, TimeSpan timeout) at
System.ServiceModel.Channels.ServiceChannel.Call(String action,
Boolean oneway, ProxyOperationRuntime operation, Object[] ins,
Object[] outs) at
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage
methodCall, ProxyOperationRuntime operation) at
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage
message) Exception rethrown at [0]: at
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage
reqMsg, IMessage retMsg) ...
I figured out my problem. Here are the details. I am hosting my WCF service in a MVC app. The WCF service is in a separate DLL. I had the configuration settings in the web.config thinking that it would read its config from there. Come to find out, if in a separate DLL, then it will not use the web.config settings. It was just using the default bindings, etc.
To get it to read the configuration in web.config, I used the method that was suggested in http://blogs.msdn.com/b/dotnetinterop/archive/2008/09/22/custom-service-config-file-for-a-wcf-service-hosted-in-iis.aspx . I created my own custom ServiceHostFactory and ServiceHost. In the ServiceHostFactory.CreateServiceHost I create an instance of my ServiceHost (derived class). In my ServiceHost derived class, I take over the ApplyConfiguration and load the config from the web.config.
It works!
I had a similar issue and also had to increase two additional fields on the binding that I do not see in your code... maxBufferSize and maxBufferPoolSize. Not sure if this would be your issue but I know that the default for these is roughly 64k.
Sample Web.config settings:
<binding name="HTTPNoneBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
I would suggest for to enable Tracing on your Service to determine the exact cause of the Bad Request. If it is because of the message size the framework would tell you clearly on which property needs to be set. In order to enable tracing follow this link
I just created a WCF service library. I created a test function and i invoked the test function from the WCF test client. I had put a break point in the code. The control reaches the break point and stops there. Now i let the control to stay at the break point for sometime and in about i minute the get the following error message
"Failed to invoke the service. Possible causes: The service is offline or inaccessible; the client-side configuration does not match the proxy; the existing proxy is invalid. Refer to the stack trace for more detail. You can try to recover by starting a new proxy, restoring to default configuration, or refreshing the service."
Error Details:
The request channel timed out while waiting for a reply after 00:00:59.9843750. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.
Server stack trace:
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ClientReliableChannelBinder1.RequestClientReliableChannelBinder1.OnRequest(TRequestChannel channel, Message message, TimeSpan timeout, MaskingMode maskingMode)
at System.ServiceModel.Channels.ClientReliableChannelBinder1.Request(Message message, TimeSpan timeout, MaskingMode maskingMode)
at System.ServiceModel.Channels.ClientReliableChannelBinder1.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.SecurityRequestSessionChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at ITrustmarkService.StartRobotProcess()
at TrustmarkServiceClient.StartRobotProcess()
Any idea what is causing this?
This is a sample WCF client config from MSDN:
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ISampleService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
you should set receiveTimeout and sendtimout to appropriated value, you can see similar configuration in a config file of your test.
Yes. By default WCF Service has a response timeout for 1 minute configured. That means clients can wait up to a minute and if they don't get a response in that time, they can assume failed/no response.
In your case, you are holding WCF service using a breakpoint to respond to client's request. And after waiting for a minute, client times out and doesn't wait anymore.
You can increase this timeout from WCF service's .config file.