I have a wcf service that will only work once I deploy it to a server and configure through IIS. there error message I get when running it through IIS express is:
The authentication schemes configured on the host ('Ntlm, Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
My web.config services binging looks like this:
<services>
<service name="LMS.Services.Services.AppService" behaviorConfiguration="LargeDataRequestBehavior">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="LMS.Services.Services.AppService" />
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="IMetadataExchange" />
</service> </services>
and my binding looks like this:
<bindings>
<basicHttpBinding>
<binding name="basicHttp_LargeDataRequestBinding" receiveTimeout="01:00:00" sendTimeout="01:00:00" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" >
</transport>
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<basicHttpBinding>
</bindings>
Any Help would be greatly appreciated.
Try changing this part. The issue is that the enum for Credential Type Windows maps to a protocol called Negotiate. IIS is informing you that Negotiate has not been enabled on your website, only Basic (no security) and Ntlm (another form of Windows Security) is allowed.
<bindings>
<basicHttpBinding>
<binding>
<security >
<transport clientCredentialType="Ntlm" >
</transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
The WTF here is that there is a mismatch between "Negotiate" and "Windows".
Updating IIS Authentication settings as below fixed it in my case:
Anonymous Authentication: Disabled
Windows Authentication: Enabled
Related
I am required to update the endpoints from net.tcp to http and all of them work fine except for one.
Configuration on the client web config side is as follow.
<endpoint address="http://myseriesservices/Quote.svc" behaviorConfiguration="DynamicTransportBehavior" binding="wsHttpBinding" bindingConfiguration="httpConfiguration" contract="EbqQuoteServiceReference.IQuote" name="Quote" />
<!--<endpoint address="net.tcp://myseriesservices/Quote.svc" behaviorConfiguration="DynamicTransportBehavior" binding="netTcpBinding" bindingConfiguration="Quote" contract="EbqQuoteServiceReference.IQuote" name="Quote" />-->
and wsHttpBinding
<wsHttpBinding>
<binding name="httpConfiguration" maxReceivedMessageSize="10485760" openTimeout="00:01:00" receiveTimeout="00:05:00" sendTimeout="00:05:00">
<security mode="None">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
and this is the configuration on the server side.
<service behaviorConfiguration="MexBehavior" name="OM.Mec.BF.Ebq.Quote">
<endpoint address="" bindingConfiguration="BasicHttpBinding_Large" name="BasicHttpBinding_Large" binding="wsHttpBinding" contract="OM.Mec.SC.Ebq.IQuote" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<!--<endpoint address="" bindingConfiguration="NetTcp_StreamingResponse" name="Quote" binding="netTcpBinding" contract="OM.Mec.SC.Ebq.IQuote" />
<endpoint address="Mex" binding="mexTcpBinding" bindingConfiguration="" name="QuoteService.MexBinding" contract="IMetadataExchange" />-->
<host>
<baseAddresses>
<add baseAddress="http://myseriesservices/Quote.svc" />
<!--<add baseAddress="net.tcp://myseriesservices/Quote.svc" />-->
</baseAddresses>
</host>
</service>
and BasicHttpBinding_Large
<binding name="BasicHttpBinding_Large" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
What could the reason be for getting this error?
I debugged on the backend and a call is made to the DB successfully but at the point of returning the data to the client it fails. net.tcp if fine, it only fails with http
There can be one of these reasons for this error
I think your call is failing due to the size of the object which you return from your service.
A second reason could be the serialization settings of your service as Net TCP (BinarySerializer) and HTTP (DatacontractSerializer) bindings use different serialization by default.
Solution for big size response would break your response in chunks and send it over HTTP. You can refer this link https://learn.microsoft.com/en-us/dotnet/framework/wcf/samples/chunking-channel
Which way did you use to host the service? If IIS is, we should not add the base address in the configuration since we should add the base address in the IIS site binding module.
Besides, it seems that the binding configuration is not coherent between the server and the client.
I suggest you call the service on the client side by using Adding service reference to generate the client proxy class, like below.
It could maintain the consistency of the binding configuration between the client and the server.
Feel free to let me know if the problem still exist.
My WCF service works fine with Security Mode="Transport" and clientCredentialType="Windows" (with client and service on either one machine or two). But I need to put the service on the other side of a firewall where Windows Authentication is not possible. I know I can either install X.509 certs or use security="None" (to which I would add my own security protocol). But I cannot get "None" to work! I keep getting 'The socket connection was aborted' error.
Here is the config, please let me know if you spot anything. I have tried it without the 2 lines that specify clientCredentialType="none" but it makes no diff. P.S. Each time I make a config change I stop and restart both the client and the service.
SERVER CONFIG
<system.serviceModel>
<services>
<service name="OuterService.OutCardTrx">
<endpoint address="" binding="netTcpBinding" contract="OuterService.IOutCardTrx">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://jimt4.campus.internal:8081/PCIOutService"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="netTcpBinding">
<security mode="None" >
<transport clientCredentialType="None" />
<message clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
CLIENT CONFIG:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IOutCardTrx" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None">
<transport clientCredentialType="None" />
<message clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://jimt4.campus.internal:8081/" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IOutCardTrx" contract="OCS.IOutCardTrx"
name="NetTcpBinding_IOutCardTrx">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Not 100% sure this is the reason, but your binding security settings don't match between the client and the service.
Note that the default security for NetTcpBinding is Transport (for mode). You define None in your binding in the service config, but that binding is never assigned to the service endpoint, so your service is using the default settings for NetTcp.
On the other hand, you are setting the binding configuration on your client.
Try setting the binding configuration in your service endpoint like this:
<endpoint address="" binding="netTcpBinding"
bindingConfiguration="netTcpBinding"
contract="OuterService.IOutCardTrx">
This will assign your specified binding to the endpoint, with security set to "None". I would also recommend changing the binding configuration name to something other than "netTcpBinding" to avoid any possible confusion.
Did you try increasing the values for MaxItemsInObjectGraph, MaxReceivedMessageSize, MaxBufferPoolSize, MaxBufferSize, MaxArrayLength in both client/server configs? The default values are pretty low, try maxing them out to 2147483647.
Also try enabling tracing on the service to see further error details.
Is it possible to define default client binding configurations in the service's Web.config file?
I would like to specify default maxReceivedMessageSize and maxBufferPoolSize values so that clients don't need to constantly change the defaults
Something along the lines of this (which doesn't work):
<bindings>
<wsHttpBinding >
<binding name="Standard" maxReceivedMessageSize="6000000" maxBufferPoolSize="200000000" >
<readerQuotas maxDepth="32" maxBytesPerRead="200000000"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
<security mode="TransportWithMessageCredential" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint binding="wsHttpBinding"
bindingConfiguration="Standard"
contract="SomeContract" />
</client>
In WCF 4 (.NET 4) - yes: just leave the name= attribute blank (or omit the name= attribute all together) - so use
<bindings>
<wsHttpBinding >
<binding
maxReceivedMessageSize="6000000" maxBufferPoolSize="200000000" >
<readerQuotas maxDepth="32" maxBytesPerRead="200000000"
maxArrayLength="200000000" maxStringContentLength="200000000"/>
<security mode="TransportWithMessageCredential" />
</binding>
</wsHttpBinding>
</bindings>
and then those settings apply to all wsHttpBinding's used by endpoints in that configuration file.
Read more about what's new in WCF 4 here: A Developer's Introduction to WCF 4 - the default binding and behavior configuration is listed there, too (not too far from the top).
I'm trying to access a WCF service on a company network. I'm using the proxy and config file generated by svcutil. The code looks like this:
using (Client client = new Client())
{
client.Open();
client.DoStuff();
}
Client is the client class in the generated proxy code, meaning it's derived from System.ServiceModel.ClientBase and implements the Contract interface.
And the config file looks like this:
<configuration>
<system.serviceModel>
<client>
<endpoint address="net.tcp://Address"
binding="netTcpBinding"
bindingConfiguration="Config"
contract="Namespace.Contract"
name="name">
<identity>
<servicePrincipalName value="Host" />
</identity>
</endpoint>
</client>
<bindings>
<netTcpBinding>
<binding name="Config"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
transactionFlow="false"
transferMode="Buffered"
transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard"
listenBacklog="10"
maxBufferPoolSize="524288"
maxBufferSize="65536"
maxConnections="10"
maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true"
inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None">
<transport clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
I get the exception "An existing connection was forcibly closed by the remote host" every time the code reaches client.Open(). What really bothers is that when I try it from another computer, there's no exception. And on top of that, the config file used to have Transport security which was changed to None, and the computer where it works still has the old config file with
<security mode="Transport">
<transport clientCredentialType="Windows"
protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
whereas on the first machine and the server it's
<security mode="None">
<transport clientCredentialType="None" />
</security>
What can cause this? I've read numerous other questions here regarding this exception, but none seemed to resemble my issue.
SOLVED! I have set the security options in the wrong place.
The service was self hosted with ServiceHost, and the Security property wasn't set, so it defaulted to something else than None.
Check your Security settings for this project on your IIS (you are using IIS right?). I think it still says authentication type Windows.
We have a one way connection between an agent and the server via MSMQ. I am trying to move it to MSMQ over http.
Now, MSMQ is integrated with IIS on the server side - I made sure to check the respective option when installed MSMQ. But I am puzzled what to do next. I mean, the endpoint address has no indication that MSMQ should be over http.
The relevant agent (which acts as a client) configuration is:
<client>
<endpoint name="WcfOneWayDataPortal"
address="net.msmq://server/private/nc_queue"
contract="Shunra.Common.Contract.IWcfOneWayPortal"
binding="netMsmqBinding"
bindingConfiguration="Msmq" />
</client>
<bindings>
<netMsmqBinding>
<binding name="Msmq" durable="true" useActiveDirectory="false" exactlyOnce="false"
receiveErrorHandling="Fault" maxReceivedMessageSize="2147483647">
<security mode="None">
<transport msmqAuthenticationMode="None" msmqProtectionLevel="None" />
</security>
</binding>
</netMsmqBinding>
</bindings>
And the server's one is:
<services>
<service name="Shunra.Common.Csla.WcfOneWayPortal" >
<endpoint contract="Shunra.Common.Contract.IWcfOneWayPortal"
binding="netMsmqBinding"
bindingConfiguration="Msmq"
address="net.msmq://server/private/nc_queue"/>
</service>
</services>
<bindings>
<netMsmqBinding>
<binding name="Msmq" durable="true" useActiveDirectory="false" exactlyOnce="false"
maxReceivedMessageSize="2147483647">
<security>
<transport msmqAuthenticationMode="None" msmqProtectionLevel="None"/>
</security>
</binding>
</netMsmqBinding>
</bindings>