I have a WCF service endpoint that uses WsHttpBinding and BasicHttpBinding with different addresses to allow them to share the endpoint. There is no security on the BasicHttpBinding. The BasicHttpBinding works fine when my service and client are on the same machine. When they are on different machines the BasicHttpBinding fails and I get this error in the service's trace log: The service certificate is not provided. Specify a service certificate in ServiceCredentials.
The error stops happening if I remove the WsHttpBinding from the service's config.
Service's web.config:
<bindings>
<basicHttpBinding>
<binding name="MyBasicBinding"
maxBufferPoolSize="5242880"
maxReceivedMessageSize="5242880" />
</basicHttpBinding>
<wsHttpBinding>
<binding name="MyWsBinding"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="5242880"
maxReceivedMessageSize="5242880"
allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="MyService">
<endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="MyBasicBinding"
contract="MyFramework.IMyService" bindingNamespace="http://MyFramework/Services/"/>
<!-- The basic binding fails when the WS binding is present.
If I remove the WS binding, the basic binding will work. -->
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyWsBinding"
contract="MyFramework.IMyService" bindingNamespace="http://MyFramework/Services/"/>
</service>
</services>
FYI I'm using a different address for the basic binding which allows the 2 bindings to share the same endpoint. The URL for WsHttpBinding is http://server/MyService.svc and for BasicHttpBinding is http://server/MyService.svc/basic.
Why does the presence of the WsHttpBinding force the BasicHttpBinding to expect a certificate?
When the service goes up it needs to ensure all endpoints are valid. Since one of the endpoints (The WSHttp one) uses certificate authentication, the server will not go up if this certificate is not defined. So the error is not related to the BasicHttp. That still does not explain why everything works if on the same machine, check if the exact same configuration is used.
Related
I installed a windows application, it uses a WCF service, I just go through the config file for WCF service with net tcp binding hosted in Windows service with the following configuration, I am wondering how the clients are able to consume this WCF service. Application consumes this service to populate data in the UI, and it works. When I try to consume this I am not able to do so through WCF test client. Then how the application consumes this service?
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_FirstBindingServiceContract" closeTimeout="00:10:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10"
maxBufferPoolSize="999999999" maxBufferSize="999999999" maxConnections="10"
maxReceivedMessageSize="999999999">
<readerQuotas maxDepth="999999999"
maxStringContentLength="999999999"
maxArrayLength="999999999"
maxBytesPerRead="999999999"
maxNameTableCharCount="999999999" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehaviors">
<serviceMetadata />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="MyService.DataAccessService" behaviorConfiguration="MyServiceBehaviors">
<endpoint bindingConfiguration="NetTcpBinding_FirstBindingServiceContract"
name="firstBinding" address="net.tcp://localhost:25488/MyDataAccessService/MyFirstBindingAddress"
binding="netTcpBinding"
contract="MyDataService.IMyDataAccessService">
</endpoint>
</service>
</services>
</system.serviceModel>
You need to know three things to call a WCF service:
Address - where to call to - in your case net.tcp://localhost:25488/MyDataAccessService/MyFirstBindingAddress
Binding - what protocol and parameters to use (in your case: netTcpBinding)
Contract - the service contract (the public interface IMyDataAccessService) to define the service methods and parameters needed
Once you have these things, you can easily set up a client in code:
NetTcpBinding binding = new NetTcpBinding(NetTcpBinding.None);
EndpointAddress address = new EndpointAddress("net.tcp://localhost:25488/MyDataAccessService/MyFirstBindingAddress");
ChannelFactory<IMyDataAccessService> channelFactory = new ChannelFactory<IMyDataAccessService>(binding, address);
IMyDataAccessService _clientProxy = channelFactory.CreateChannel();
and now your _clientProxy can easily call up the methods on the server, passing in the parameters etc.
Of course, for this to work, you must have the contract! E.g. you must have access to the file that define the service contract (and possibly the data contracts, too - the data types being sent back and forth). Since you're using the netTcpBinding, I'm assuming both ends of the wire are built using .NET here.
Those items can easily be included into a separate class library project that both the service developers as well as the client-side developers can share and use.
I have a wcf service that will only work once I deploy it to a server and configure through IIS. there error message I get when running it through IIS express is:
The authentication schemes configured on the host ('Ntlm, Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Negotiate'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
My web.config services binging looks like this:
<services>
<service name="LMS.Services.Services.AppService" behaviorConfiguration="LargeDataRequestBehavior">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="LMS.Services.Services.AppService" />
<endpoint address="mex" binding="basicHttpBinding" bindingConfiguration="basicHttp_LargeDataRequestBinding" contract="IMetadataExchange" />
</service> </services>
and my binding looks like this:
<bindings>
<basicHttpBinding>
<binding name="basicHttp_LargeDataRequestBinding" receiveTimeout="01:00:00" sendTimeout="01:00:00" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" >
</transport>
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<basicHttpBinding>
</bindings>
Any Help would be greatly appreciated.
Try changing this part. The issue is that the enum for Credential Type Windows maps to a protocol called Negotiate. IIS is informing you that Negotiate has not been enabled on your website, only Basic (no security) and Ntlm (another form of Windows Security) is allowed.
<bindings>
<basicHttpBinding>
<binding>
<security >
<transport clientCredentialType="Ntlm" >
</transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
The WTF here is that there is a mismatch between "Negotiate" and "Windows".
Updating IIS Authentication settings as below fixed it in my case:
Anonymous Authentication: Disabled
Windows Authentication: Enabled
My call to my WCF web service is failing with System.Net.WebException: The request failed with HTTP status 413: Request Entity Too Large.
Checking Fiddler, I see that I'm sending:
Content-Length: 149839
Which is over 65KB.
Enabling WCF tracing on the server, I see:
System.ServiceModel.ProtocolException: The maximum message size quota
for incoming messages (65536) has been exceeded. To increase the
quota, use the MaxReceivedMessageSize property on the appropriate
binding element.
Adding this property doesn't solve the issue.
I've tried with just that property, and (later) with various others that posts have suggested. Here's what I have currently (on the server):
<basicHttpBinding>
<binding name="PricerServiceSoap"
closeTimeout="00:10:00" openTimeout="00:10:00"
receiveTimeout="00:10:00" sendTimeout="00:10:00"
maxBufferSize="2147483647"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
My sole endpoint (under <client>) is:
<endpoint address="/NetPricingService/Service.asmx"
binding="basicHttpBinding" bindingConfiguration="PricerServiceSoap"
contract="Pricing.PricerService.PricerServiceSoap"
name="PricerServiceSoap" />
I've also added:
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
under <behavior>.
I've even run (for IIS 7):
%windir%\system32\inetsrv\appcmd set config "WebServicesDev/PricingService"
-section:requestFiltering -requestLimits.maxAllowedContentLength:104857600
-commitpath:apphost
Nothing makes any difference.
One catch is that this is a WCF service meant to replace an older ASMX service. The service skeleton was generated with svcutil from existing WSDL. I can't change the client configurations (and the clients are in multiple languages). My test client project imported the service with Add Web Reference (under Add Service Reference / Advanced), so I have no WCF configuration. However, the test client works if I point it at the older ASMX service.
How can I fix or diagnose this?
Additional info
If I use the Microsoft Service Configuration Editor to generate the config (setting maxReceivedMessageSize and maxBufferSize), it works. The problem is that the endpoint is then specified under <service>, and it won't let me specify the /NetPricingService/Service.asmx relative address. If I edit the bindings in the svcutil-generated config (where the endpoint is under <client>), it doesn't work with large requests.
The answer was staring me in the face.
The config generated by svcutil was for the client. I was using it on the server.
I was editing the bindings for the endpoints specified under <client>, which made absolutely no difference to the service.
Adding a proper <service> endpoint and setting the maxReceivedMessageSize and maxBufferSize on its binding resolved the issue.
I had a similar problem.
For me, the problem was that my endpoint did not explicitly name the binding using bindingConfiguration and so must have been using some default one somewhere.
I had:
<webHttpBinding>
<binding
name="myXmlHttpBinding"
maxReceivedMessageSize="10485760"
maxBufferSize="10485760">
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="None"/>
</binding>
</webHttpBinding>
and my endpoint defined as:
<service
name="blah.SomeService">
<endpoint
address=""
behaviorConfiguration="WebHttpBehavior"
binding="webHttpBinding"
contract="blah.ISomeService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
It worked once I changed the endpoint to:
<service name="blah.SomeService">
<endpoint address=""
behaviorConfiguration="WebHttpBehavior"
binding="webHttpBinding"
bindingConfiguration="myXmlHttpBinding"
contract="blah.ISomeService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
I also had this problem and realized in fiddler that the max Content-Length that was working ended up being 30000000.
After verifying that my WCF configuration was correct I found an article suggesting a modification to the IIS setting, Request Filtering.
Large file upload failure for Web application calling WCF service – 413 Request entity too large
Open IIS Manager
Select your application
Select the Request Filtering icon.
Select Edit Feature Settings... (Right Panel)
Adjust the Maximum allowed content length (Bytes) Default Appears to be 30000000
or web.config file example
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="50000000" />
</requestFiltering>
</security>
</system.webServer>
tried things from 10 different blogs and my coworker figured it out.
we had to add a basicHttpsBinding section inside of in addition to the basicHttpBinding section. We have a webapi service calling wcf. the webapi method was catching the entity too large error when it called the wcf service method. This change was applied in the web.config file of the wcf service.
None of the suggestions worked for me. What solved the issue was to increase the MaxReceivedMessageSize in System.ServiceModel.Channels.HttpTransportBindingElement
There are two different MaxReceivedMessageSize parameters:
MaxReceivedMessageSize in
System.ServiceModel.Configuration.BasicHttpBindingElement
MaxReceivedMessageSize in
System.ServiceModel.Channels.HttpTransportBindingElement
In the dump file, I saw that it was failing because of the limitation in HttpTransportBindingElement
Adding this to my web.config fixed the issue:
<customBinding>
<binding closeTimeout="00:10:00" openTimeout="00:10:00" sendTimeout="00:10:00">
<httpTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" useDefaultWebProxy="true" transferMode="Buffered" />
</binding>
</customBinding>
Source: WCF service shows 413 Request Entity Too Large error when uploading files over 64 KB
Add this solve it for me:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_Example"
maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
</binding>
</basicHttpBinding>
</bindings>
I have deployment of WCF service on IIS 7 with support for Non-HTTP enabled
Under one project, I have exposed 8 different services with wsHttp endpoints which works fine.
I want to also expose NetNamedPipe bindings for the same services.
My sample NetNamedPipe bindings . . .
<netNamedPipeBinding>
<binding name="PassportIPCBasicEndpoint"
closeTimeout="00:05:00" openTimeout="00:05:00" receiveTimeout="00:10:00"
sendTimeout="00:05:00"
maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647" transferMode="Buffered"
hostNameComparisonMode="Exact" >
<readerQuotas
maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="Transport">
<transport protectionLevel="None" />
</security>
</binding>
</netNamedPipeBinding>
And my Service tags
<service behaviorConfiguration="default" name="MyAccountService.AccountService">
<host>
<baseAddresses>
<add baseAddress="http://localhost/MyAccountService/v1.0/AccountService.svc" />
</baseAddresses>
</host>
<endpoint name="PassportIPCBasicEndpoint"
address="net.pipe://localhost/MyAccountService/v1.0/AccountService.svc"
binding="netNamedPipeBinding"
bindingConfiguration="PassportIPCBasicEndpoint"
contract="MyAccountService.IAccountService"/>
</service>
This gives me following exception :
The protocol 'net.pipe' is not supported.
[InvalidOperationException: The protocol 'net.pipe' is not supported.]
System.ServiceModel.Activation.HostedTransportConfigurationManager.InternalGetConfiguration(String
scheme)
[InvalidOperationException: The ChannelDispatcher at
'net.pipe://localhost/MyAccountService/v1.0/AccountService.svc' with
contract(s) '"IAccountService"' is unable to open its
IChannelListener.]
I have added entry for http,net.pipe in advanced site settings in IIS.
Non-HTTP support for WCF service is also installed and enabled through control panel settings.
out of 8 .svc services only one such service is able to get hold of port and I can browse it's .SVC endpoint
all other services when configured for netnamedPipe binding give me above errors.
Can some body guide me, what needs to be done to make them all get hold on port and be accessible.
This problem was with enabling the protocols at the correct place.
Previously i had enabled net.pipe protocol at site level.
After enabling net.pipe protocol at each virtual path of the hosted services.
It worked.
The netNamedPipe binding is only for on-the-same-machine communication - you cannot call such an endpoint from a remote machine.
Is that what you're trying to do??
netNamedPipe binding is great for intra-application communication on the same machine - but not for anything else, really.
I have a need to secure my WCF service using SSL. The problem I'm running into is that this is a WCF Workflow service, and I can't seem to override the default bindings that it sets up behind the scenes.
There must be something that I'm missing in the configuration file, as whatever I do, the binding always comes back as: BasicHttpBinding_IService at address : http://myurl.com/biz/MyService.xamlx
It should be: https://myurl.com/biz/MyService.xamlx.
These are the bindings and endpoint sections:
<bindings>
<basicHttpBinding>
<binding name="basicBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyNamespace.MyService">
<endpoint address="https://myurl.com/biz/MyService.xamlx"
binding="basicHttpBinding"
bindingConfiguration="basicBinding"
contract="IService" />
</service>
</services>
Thanks for any help!
A few things to try:
change the binding to wsHttpBinding and that will force SSL.
change clientCredentialType to Certificate.
use this example and set the httpsGetEnabled to true:
http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/