Following is how the serviceModel configured in WCF's web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpWithSecure">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="CMA.Customers">
<endpoint name="basic" binding="basicHttpBinding" contract="CMA.Customers" bindingConfiguration="basicHttpWithSecure"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
This service is deployed on IIS, and I can access it using the url -
https://www.companyname.co.uk/sitename/wcfservicename/service.svc
Authentication is set to "Anonymous", and "Basic" in IIS for this WCF.
Now I have an MVC application deployed on the same site, and I want to point that MVC site to consume this WCF. How can I configure it in web.config of my MVC site?
Or you think any change required in WCF's configurations to make it possible?
change your security mode :
<security mode="TransportCredentialOnly">
to
<security mode="Transport">
because TransportCredentialOnly is for http-based client authentication.
Related
I ran my WCF service on the server without SSL enabled and now I moved it to one with SSL enabled and I am getting the following error:
Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].
Below are my settings:
<bindings>
<basicHttpBinding>
<binding name="basicHTTP">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows">
</transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="basicBehavior" name="ProjectName.MyService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHTTP" contract="ProjectName.IMyService"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="basicBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
How can I fix this error?
You need to define a binding for basicHttps. This is a very simple settings that works for SSL:
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="BasicHttpBinding_IMyService" />
</basicHttpsBinding>
</bindings>
<client>
<endpoint
name="BasicHttpBinding_IMyService"
address="https://MyURL/MyService.svc/soap/"
binding="basicHttpsBinding"
bindingConfiguration="BasicHttpBinding_IMyService"
contract="ClientServiceReference.IMyService" />
</client>
</system.serviceModel>
Note: The endpoint needs to be defined and its URL is https.
Also, make sure that in production environment, you are not sending the exception details back to the caller (that would be considered a security hole in your system because exceptions can reveal too much information to hackers). You must change this line:
<serviceDebug includeExceptionDetailInFaults="false"/>
Fixed the issue by specifying security mode as Transport and using webHttpBinding
I have a WCF Service, using the basichttpbinding and windows authentication (no anonymous),
The WCF service is hosted in the domain server
I need to consume the service from a server which is out of the domain, that server doesn't join domain, that is a workgroup. Is that possible? please help for a code snippet.
The configuration like below
<bindings>
<basicHttpBinding>
<binding name="defaultBinding" receiveTimeout="01:00:00" sendTimeout="01:00:00" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="defaultServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="defaultServiceBehavior" name="namespace.MyService">
<endpoint binding="basicHttpBinding" bindingConfiguration="defaultBinding" contract="namespace.IMyService">
<identity>
<dns value="abc.xyz.com"/>
</identity>
</endpoint>
</service>
</services>
Edited: here is my client code
_securityServiceClient = new SecurityServiceClient();
_securityServiceClient.ClientCredentials.UserName.UserName = "lto3";
_securityServiceClient.ClientCredentials.UserName.Password = "Lydowe#1982";
I got this error
An exception of type 'System.ServiceModel.Security.MessageSecurityException' occurred in mscorlib.dll but was not handled in user code
Additional information: The HTTP request is unauthorized with client
authentication scheme 'Basic'. The authentication header received from
the server was 'Negotiate,NTLM'.
Try using:
_securityServiceClient.ClientCredentials.Windows.ClientCredential =
new NetworkCredential("lto3", "Ludowe#1982");
As per the msdn documentation ClientCredentials.Windows is how you specify the credentials to use when using windows authentication.
I want to create a WCF service hosted in IIS 7.5 and I want to use digest authentification over http.
I have setup digest on virtual directory but when I try to access the service I always get error:
this service require 'Anonymous' Authentication but it is not enabled
for the IIS application that hosts this service
This is my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_IServisTest">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Digest"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="ServisService.ServisTest"
behaviorConfiguration="ServisService.ServisTestBehavior">
<endpoint
address=""
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IServisTest"
contract="ServisService.IServistest" >
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServisService.ServisTestBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I'm using http not https.
For this I guess Security Mode should be transport
<security mode="Transport">
This post might help you.
Unlike ASMX Web services, WCF Web services seem to break the WSDL up into a number of files.
My problem is that when I try to generate a proxy from a server that isn't the server, it'll get to the WSDL but then inside the WSDL's it'll have a number of imports, that it cannot access from the outside the server.
eg. this is one of the imports in my WSDL
http://alumninetworkservice.hha.test.idc:1315 is an internal address - I cannot access it from outside the server. Is there a way I can set up my service so that these WSDL references will be pointing to their internet URL?
Thanks
EDIT : I have pasted the configuration settings below.
This is on the server side.
<system.serviceModel>
<services>
<service name="Alumni.WebService.IAlumniWebService">
<endpoint binding="wsHttpBinding"
contract="Alumni.WebService.IAlumniWebService">
</endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding maxReceivedMessageSize="2000000" >
<readerQuotas maxStringContentLength="2147483647" />
<security mode="Transport">
<!--<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="None" algorithmSuite="Default" />-->
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false"/>
<useRequestHeadersForMetadataAddress />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Use useRequestHeadersForMetadataAddress behavior in the configuration of your service to overcome the problem. By default WCF always uses local address / dns name defined for the endpoint in WSDL. The behavior should enforce using the name from incoming host header (public address).
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<useRequestHeadersForMetadataAddress />
</behavior>
</serviceBehaviors>
</behaviors>
Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding?
(I can’t use the wsHttpBinding-binding)
The site is hosted on IIS 7, with the following authentication set up:
Anonymous access: OFF
Basic authentication: ON
Integrated Windows authentication: OFF
Service Config:
<services>
<service name="NameSpace.SomeService">
<host>
<baseAddresses>
<add baseAddress="https://hostname/SomeService/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding"
bindingNamespace="http://hostname/SomeMethodName/1"
contract="NameSpace.ISomeInterfaceService"
name="Default"
/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<exceptionShielding/>
</behavior>
</serviceBehaviors>
</behaviors>
I tried 2 types of bindings with two different errors:
1. IIS Error:
'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].
<bindings>
<basicHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
2. IIS Error:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
<bindings>
<basicHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Does anyone know how to configure this correctly? (if is it possible?)
After some digging and asking some questions to a few colleagues, we finally solved the problem.
Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.
IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication.
(Of course, create a windows account/group and set the permissions on your application in IIS.)
WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.
The binding configuration of the service:
<bindings>
<basicHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.
Deleted:
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>