WCF Service with security mode none - wcf

My WCF service works fine with Security Mode="Transport" and clientCredentialType="Windows" (with client and service on either one machine or two). But I need to put the service on the other side of a firewall where Windows Authentication is not possible. I know I can either install X.509 certs or use security="None" (to which I would add my own security protocol). But I cannot get "None" to work! I keep getting 'The socket connection was aborted' error.
Here is the config, please let me know if you spot anything. I have tried it without the 2 lines that specify clientCredentialType="none" but it makes no diff. P.S. Each time I make a config change I stop and restart both the client and the service.
SERVER CONFIG
<system.serviceModel>
<services>
<service name="OuterService.OutCardTrx">
<endpoint address="" binding="netTcpBinding" contract="OuterService.IOutCardTrx">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://jimt4.campus.internal:8081/PCIOutService"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="netTcpBinding">
<security mode="None" >
<transport clientCredentialType="None" />
<message clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
CLIENT CONFIG:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IOutCardTrx" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None">
<transport clientCredentialType="None" />
<message clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://jimt4.campus.internal:8081/" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IOutCardTrx" contract="OCS.IOutCardTrx"
name="NetTcpBinding_IOutCardTrx">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>

Not 100% sure this is the reason, but your binding security settings don't match between the client and the service.
Note that the default security for NetTcpBinding is Transport (for mode). You define None in your binding in the service config, but that binding is never assigned to the service endpoint, so your service is using the default settings for NetTcp.
On the other hand, you are setting the binding configuration on your client.
Try setting the binding configuration in your service endpoint like this:
<endpoint address="" binding="netTcpBinding"
bindingConfiguration="netTcpBinding"
contract="OuterService.IOutCardTrx">
This will assign your specified binding to the endpoint, with security set to "None". I would also recommend changing the binding configuration name to something other than "netTcpBinding" to avoid any possible confusion.

Did you try increasing the values for MaxItemsInObjectGraph, MaxReceivedMessageSize, MaxBufferPoolSize, MaxBufferSize, MaxArrayLength in both client/server configs? The default values are pretty low, try maxing them out to 2147483647.
Also try enabling tracing on the service to see further error details.

Related

Changing protocol from net.tcp to http, Wcf, gives me the error "No corresponding start element is open"

I am required to update the endpoints from net.tcp to http and all of them work fine except for one.
Configuration on the client web config side is as follow.
<endpoint address="http://myseriesservices/Quote.svc" behaviorConfiguration="DynamicTransportBehavior" binding="wsHttpBinding" bindingConfiguration="httpConfiguration" contract="EbqQuoteServiceReference.IQuote" name="Quote" />
<!--<endpoint address="net.tcp://myseriesservices/Quote.svc" behaviorConfiguration="DynamicTransportBehavior" binding="netTcpBinding" bindingConfiguration="Quote" contract="EbqQuoteServiceReference.IQuote" name="Quote" />-->
and wsHttpBinding
<wsHttpBinding>
<binding name="httpConfiguration" maxReceivedMessageSize="10485760" openTimeout="00:01:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="None">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
and this is the configuration on the server side.
<service behaviorConfiguration="MexBehavior" name="OM.Mec.BF.Ebq.Quote">
<endpoint address="" bindingConfiguration="BasicHttpBinding_Large" name="BasicHttpBinding_Large" binding="wsHttpBinding" contract="OM.Mec.SC.Ebq.IQuote" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<!--<endpoint address="" bindingConfiguration="NetTcp_StreamingResponse" name="Quote" binding="netTcpBinding" contract="OM.Mec.SC.Ebq.IQuote" />
<endpoint address="Mex" binding="mexTcpBinding" bindingConfiguration="" name="QuoteService.MexBinding" contract="IMetadataExchange" />-->
<host>
<baseAddresses>
<add baseAddress="http://myseriesservices/Quote.svc" />
<!--<add baseAddress="net.tcp://myseriesservices/Quote.svc" />-->
</baseAddresses>
</host>
</service>
and BasicHttpBinding_Large
<binding name="BasicHttpBinding_Large" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
What could the reason be for getting this error?
I debugged on the backend and a call is made to the DB successfully but at the point of returning the data to the client it fails. net.tcp if fine, it only fails with http
There can be one of these reasons for this error
I think your call is failing due to the size of the object which you return from your service.
A second reason could be the serialization settings of your service as Net TCP (BinarySerializer) and HTTP (DatacontractSerializer) bindings use different serialization by default.
Solution for big size response would break your response in chunks and send it over HTTP. You can refer this link https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/chunking-channel
Which way did you use to host the service? If IIS is, we should not add the base address in the configuration since we should add the base address in the IIS site binding module.
Besides, it seems that the binding configuration is not coherent between the server and the client.
I suggest you call the service on the client side by using Adding service reference to generate the client proxy class, like below.
It could maintain the consistency of the binding configuration between the client and the server.
Feel free to let me know if the problem still exist.

WCF Callback Service with netTcp Binding timeout after 10 mins

I'm creating a chat application with WCF(using callback contract) and netTcpBinding.
I'm hosting the service as a windows service and accessing it from other computers
via the client application.
The problem that i'm facing now is the clients connection comes to a Fault state after
10 mins which seems to be some kind of timeout that occur.
I already tried increasing the received timeout and send timeout in both service and client but didn't work.
which setting should i change to increase this timeout period and in which application, service or client?
Following are my configuration files,
Service
<system.serviceModel>
<services>
<service behaviorConfiguration="PeerTalk.Service.ChatServiceBehavior"
name="PeerTalk.Service.ChatService">
<endpoint address="" binding="netTcpBinding" bindingConfiguration=""
contract="PeerTalk.Service.ServiceContracts.IChat">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:7920/ChatService" />
<add baseAddress="net.tcp://localhost:7921/ChatService" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PeerTalk.Service.ChatServiceBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="tcpBinding"
maxBufferSize="67108864"
maxReceivedMessageSize="67108864"
maxBufferPoolSize="67108864"
transferMode="Buffered"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:00:10"
sendTimeout="00:00:10"
maxConnections="100">
<readerQuotas maxDepth="64"
maxStringContentLength="67108864"
maxArrayLength="67108864"
maxBytesPerRead="67108864"
maxNameTableCharCount="16384"/>
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows"/>
</security>
<reliableSession enabled="false" inactivityTimeout="00:01:00"/>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
Client
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IChat" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:00:10" transactionFlow="false"
transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="67108864"
maxBufferSize="67108864" maxConnections="10" maxReceivedMessageSize="67108864">
<readerQuotas maxDepth="32" maxStringContentLength="67108864"
maxArrayLength="67108864" maxBytesPerRead="67108864" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:01:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://10.10.10.45:7921/ChatService" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IChat" contract="PeerTalkService.IChat"
name="NetTcpBinding_IChat">
</endpoint>
</client>
</system.serviceModel>
Thanks.
The timeout in this case is defined by both receiveTimeout in the binding and inactivityTimeout in reliable session which is used for duplex messaging. The correct solution is not increasing timeout but implementing some ping / keep alive messages. The reason is that increasing timeout will keep connections open for failed clients.
Can you post client call sample (service call example). What might happening here is that you are not closing client correctly and you reach maximum sessions on service side.
You must be aware that using net.tcp binding is different than http.
You can use System.ServiceModel performance counters (http://msdn.microsoft.com/en-us/library/ms750527.aspx) and see after 10 minutes what is happening (number of calls outstanding, number of service instances, etc..)
http://dkochnev.blogspot.com/2011/06/wcf-framework-40-monitoring-service.html

WCF method call returning web service disco page

I have a WCF web service and application that works fine in developemnt. I've published the WCF on an IIS Server and am able to use it from the web app inside the firewall addressing it by server name. HOWEVER, now that I've put it out for use externally, it is causing problems.
My web app is getting an error trying to connect. I can see the service, disco, wsdl, etc from inside and outside the firewall, but when I make my first call for authentication from the outside, the service is returning the DISCO page instead of processing the authentication method call. This results in a ProtocolException because as I understand it, the app is expecting xml, not html.
Again, exact same web app works fine interally hitting the IIS server.
One difference being externally I'm getting to it from a web address, internally i'm using the server name. But the service loads in a web browser outside the firewall using the web address.
Partial web app config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding
name="WSHttpBinding_IWebService"
closeTimeout="00:03:00"
openTimeout="00:03:00"
receiveTimeout="00:10:00"
sendTimeout="00:03:00"
bypassProxyOnLocal="false"
transactionFlow="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="5000000"
maxReceivedMessageSize="5000000"
useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="5000000"
maxArrayLength="5000000"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport
clientCredentialType="Windows"
proxyCredentialType="None"
realm="" />
<message
clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default"
establishSecurityContext="true"
/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://<dns address/server address>/WebService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IWebService"
contract="WebServiceRef.IWebService" name="WSHttpBinding_IWebService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</client>
Partial service web.config file:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding
name="ServiceBinding"
openTimeout="00:03:00"
sendTimeout="00:03:00"
transactionFlow="false"
maxBufferPoolSize="5000000"
maxReceivedMessageSize="5000000">
</binding>
</wsHttpBinding>
</bindings>
<services>
<service
behaviorConfiguration="xxx.WebServiceBehavior"
name="xxx.WebService">
<endpoint
address="http://<dns address/server address>/WebService.svc"
binding="wsHttpBinding"
bindingConfiguration="ServiceBinding"
contract="xxx.IWebService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
/WebService.svc"/>

WCF Multiple Service Configuration Issue

Scenario
Ignoring that fact that some of the settings might be wrong and inconsistent or just not there!.
Why does the program fail to compile when I try and put these 2 separate configurations for WCF Services into the same APP.CONFIG file? One was writen by myself and another by a friend, yet I cannot get the application to compile. What have I missed?
ERROR
Type Initialization Exception
CODE
<configuration>
<system.serviceModel>
<!--START Service 1 CONFIGURATION-->
<bindings>
<netTcpBinding>
<binding name="tcpServiceEndPoint" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:05:00"
enabled="true" />
<security mode="None">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address=""
binding="netTcpBinding" bindingConfiguration="tcpServiceEndPoint"
contract="ListenerService.IListenerService"
name="tcpServiceEndPoint" />
</client>
<!--END Service 1 CONFIGURATION-->
<!--START Service 2 CONFIGURATION-->
<services>
<service name="UploadObjects.ResponseService">
<!-- Define NetMsmqEndpoint -->
<endpoint address=""
binding="netTcpBinding"
contract="UploadObjects.IResponseService"
bindingConfiguration="TransactedBinding"/>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="TransactedBinding">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<!--END Service 2 CONFIGURATION-->
</system.serviceModel>
</configuration>
A couple of observations:
Your <client> endpoint has no address:
<client>
<endpoint address=""
binding="netTcpBinding"
bindingConfiguration="tcpServiceEndPoint"
contract="ListenerService.IListenerService"
name="tcpServiceEndPoint" />
How do you expect your client code to know where to connect to?? You need to specify a full WCF service address in any client <endpoint>
Your <service> endpoint also is lacking an address - you either need to specify a full address here, or than you have to have a base address defined in your service! One of the two must be present:
<services>
<service name="UploadObjects.ResponseService">
<endpoint address="net.tcp://YourServer:5455/YourServiceAddress"
binding="netTcpBinding"
contract="UploadObjects.IResponseService"
bindingConfiguration="TransactedBinding"/>
</service>
or:
<services>
<service name="UploadObjects.ResponseService">
<endpoint address=""
binding="netTcpBinding"
contract="UploadObjects.IResponseService"
bindingConfiguration="TransactedBinding"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://YourServer:5455/YourServiceAddress" />
</baseAddresses>
</host>
</service>
Also, from your question, it's not clear what you're trying to do when you get the error:
are you trying to start up a service host that hosts the service? A console app, or IIS?
are you trying to connect a client side to a running service?

WCF Service Binding taking default values instead of custom values

I have build an APi which is a WCF Service. In the web.config for the service i have specified a custom bindong looking like this:
<bindings>
<wsHttpBinding>
<binding name="FxBinding"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647"
closeTimeout="00:20:00"
openTimeout="00:20:00"
receiveTimeout="00:20:00"
sendTimeout="00:20:00"
messageEncoding="Mtom">
<readerQuotas
maxDepth="64"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<security mode="None"></security>
</binding>
</wsHttpBinding>
</bindings>
Telling the configuration to use the binding i have specified by setting the "name" attribute in the endpoint tag:
<services>
<service name="Dba.Admanager.Api.ListingServiceContract" behaviorConfiguration="Dba.Admanager.Api.ListingServiceContractBehavior">
<endpoint address="" binding="wsHttpBinding" name="FxBinding" contract="Dba.Admanager.ApplicationController.Api.IListingServiceContract">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
See. When i create an web reference to the service in VS2008 a app.config are generated.
In this app.config the binding used, should be the one specified above. But in the app.config is a default binding with default values in the "maxArrayLength" for instance.
<bindings>
<wsHttpBinding>
<binding name="FxBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://l-aar-00424012.corp.ebay.com/Admanager.Api/ListingServiceContract.svc"
binding="wsHttpBinding" bindingConfiguration="FxBinding" contract="WCFListingServiceContract.IListingServiceContract"
name="FxBinding">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
I can see that the client is using the FxBinding configuration, but why on earth all the values are default, i dont understand. Can anubody give at at clue on how to customize the binding-values and make it reflect on the "client"-part?
If i change the values manualle in the app.config i get the desired effect, but every time the webreference is updated, VS just adds a new binding with the default values.
Information such as maxArrayLength is not part of the WSDL, so the client cannot infer it and just takes default values.
As Darin already mentioned - since those binding parameters aren't part of the interoperable metadata between service and client, they can't be automagically picked up by the client when you create a new client proxy.
What you could do is this:
define your binding configurations in a separate config file and reference that on the server - i.e. put everything inside <bindings> into bindings.config and then reference it from your server side web.config or app.config:
<system.serviceModel>
<bindings configSource="bindings.config" />
</system.serviceModel>
Then copy that bindings.config to your client side and do the same thing there in your app.config.
Note: yes, Visual Studio will complain about the "configSource" not being defined and all - but that's just a flaw in the VS intellisense for config files. Trust me - it works - I use it everyday in production systems! Every configuration section in .NET has a "configSource" attribute!
With this method, you create one file that contains those binding configurations for your system and you can use it on both the server and the client side.