I am able to add a record to my database when using WCF basicHttpBinding and running the client & service locally. The DB is my production DB.
When running the client & service directly from the shared hosting site, the record can't be added with no error being recorded.
Note that this situation only happens while adding only certain records in a specific scenario and all others go through. However, I debugged it locally and everything is fine. I have a feeling it may be a setting I need to put on my service behaivors. Below is the config section for my behaivors.
Does anyone have an idea what I may need to add or if they have encountered this themselves and found another solution?
<serviceBehaviors>
<behavior>
<!--To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment-->
<serviceMetadata httpGetEnabled="True" />
<!--To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information-->
<serviceDebug includeExceptionDetailInFaults="True" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
Related
I am trying to deploy a Silverlight with WCF Service to a hosting. Basically, I have the same problem as this guy:
How to configure WCF services to work through HTTPS without HTTP binding?
Except the solutions don't work for me.
//edit: I've been pasting it wrong, but it still doesn't work.
I have tried Ladislav Mrnka's answer - changed this in the Web.config file:
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
The dreaded error still appears when I navigate to the .svc file on the server:
The HttpsGetEnabled property of ServiceMetadataBehavior is set to true and the
HttpsGetUrl property is a relative address, but there is no https base address.
Either supply an https base address or set HttpsGetUrl to an absolute address.
Now it should be all correct, I just changed the httpGetEnabled and
httpsGetEnabled in the proper place (it's already in the config file).
But I still get the error. Should I perhaps specify the HttpsGetUrl
somewhere? Where?
Yes, see here.
Should be:
<behaviors>
<serviceBehaviors>
<behavior name="NewBehavior">
<serviceMetadata httpsGetEnabled="true"
httpsGetUrl="https://myComputerName/myEndpoint" />
</behavior>
</serviceBehaviors>
</behaviors>
This error happened because the setting is logically wrong. If you enable the httpsGetEnabled means, you allow clients to retrieve metadata via https. And if you don't provide a URL about https, how can clients retrieve metadata from https. So the error message alert you to provide a URL.
Either supply an https base address or set HttpsGetUrl to an absolute address.
You have three options.
Provide httpsGetUrl as other answers showed above
Binding an address via IIS
(if you are still developing in visual studio then you only need to degug with SSL Enabled mode )
Set httpsGetEnabled to false
In configuration, under behaviour where you have set httpsGetEnabled="true",
Set httpsGetUrl="https://UserSystemName/EndPointName" too and problem resolved.
<behaviors>
<serviceBehaviors>
<behavior name="mexBehaviour">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="https:///UserSystemName/EndPointName"/>
</behavior>
</serviceBehaviors>
</behaviors>
I've got a WCF service which swallows up exceptions thrown in called methods and passing them on to the client. This is fine for DEBUG mode, and I've got a feeling I turned this functionality on, but how do you turn it off?
Any help much appreciated.
Check the includeExceptionDetailInFaults attribute of the serviceDebug element in the web.config file for your service. Setting this attribute to "false" should prevent exception details from being returned to the client.
<behaviors>
<serviceBehaviors>
<behavior name="httpsBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
I've coded a WCF service that is external to the solution I wish to use it in. I'm doing this so that I can have one service that's reusable across many solutions. We've already duplicated this service many times as an asmx integral to the solution and it's not a good maintenance scenario. I'm finally able to have time to tackle gettign this working the right way. Any help will be greatly appreciated! All the posts I've seen about this take me in circles. My solution (and the service) is in VS2010, Framework 4.0, vb.net.
When using the webHttpBinding binding in the endpoint, when I add the service to my solution the reference is getting added, but web.config does not get added with the system.serviceModel configuration group that is needed. All the articles I can find talk about making the service part of the solution but that is what I'm trying to avoid.
Any ideas? Here is the system.serviceModel section of my service's web.config:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="AspNetAjaxBehavior">
<enableWebScript/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service name="Com.mydomain.Services.WCF_ACE.ACE">
<endpoint address=""
behaviorConfiguration="AspNetAjaxBehavior"
binding="webHttpBinding"
contract="Com.mydomain.Services.WCF_ACE.I_ACE" />
</service>
</services>
So you are trying to use a wcf service you built. It looks like clients section is missing in the attached config file.
And client configuration is always going to be different from service config. And you can add that manually to the client solution.
I have created wcf service and planning to make it accessible from the internet. The page 'You have created a service' seems to be some stub which should be replaced before putting service on production. Is it a bad practice to have this welcome page on production? What do you do with that welcome page when you publish wcf services on the internet?
Thanks
On production you can turn off this page by adding:
<behaviors>
<serviceBehaviors>
<behavior name="ProductionService">
<serviceDebug includeExceptionsInDetail="false" httpHelpPageEnabled="false" />
</behavior>
<serviceBehaviors>
</behavirs>
Also think about publishing WSDL / Metadata. If you don't want to publish WSDL but you want to use mex endpoint use following configuration:
<behaviors>
<serviceBehaviors>
<behavior name="ProductionService">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionsInDetail="false" httpHelpPageEnabled="false" />
</behavior>
<serviceBehaviors>
</behavirs>
Your services must use those behavior in their behaviorConfiguration attribute.
Yes, it's bad. It says potential attackers that the system is non-configured completely, so they would try to attack it. Also, it's not very professional.
Well, print something useful there or hide it:-)
I'm modifying my WCF API to include a new service that should be exposed to internal IP addresses only. All of the services in my API are available in SOAP, POX and JSON. What I'm looking for is a behavior or something that allows me to implement a simple IP address filter, to process requests from internal IP's and deny everything else. I'd like it to work in configuration, because all the other services in the API should remain available to the Internet. I did some googling but can't find anything like this built into WCF. Am I missing something?
Ok, I figured it out, and its kind of slick, in my opinion.
I implemented an IP Filter system as a service behavior, then added it to my service in the web.config. Here's my new web config behaviors section:
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="RestrictedServiceBehaviour">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<IPFilter filter="172.*.*.* 127.0.0.1" />
</behavior>
</serviceBehaviors>
The IPFilter class implements IDispatchMessageInspector to catch the request as soon as possible, inspect the client IP and throw an exception if it doesn't match the filter. If anyone's interested I can post my code.
If your service is hosted in IIS, then you can do this with IIS, on a per-website basis (maybe per-application, but I don't know).