IS basicHttpbinding and transport security mutually exclusive? - wcf

I need to authenticate a WCF service using windows authentication. I have used the bellow configurations
End Points at server
<endpoint binding="basicHttpBinding" bindingConfiguration="Secured" contract="TestWCFSecurity.IService1" address="" />
<endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="Secured" />
Binding Configurations
<bindings>
<basicHttpBinding>
<binding name="Secured">
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</Bindings>
While I generate the proxy for the client side, I get the following endpoint
<client>
<endpoint address="https://FQNoftheSystem/TestWCF/Service1.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
contract="IService1" name="BasicHttpBinding_IService1" />
</client>
Issues
The client configuration is https, while at the server it is http
because of which the endpoints do not match. Using "Transport"
security would mean a https flow. why am I getting http endpoint at
the server?
I have used basichttpbinding with transport security. is this allowed?
using basichttpbinding with transport generates https for client and http at the server.
Any pointers would really help. Thanks

According to this basicHttpBinding supports transport security.
This seems more like a IIS configuration problem than WCF problem.
See here for information on how to setup SSL on IIS

Related

MSMQ WCF hosted in IIS

I am stuck in the following case - I have two web applications – A and B. They are both running on the same computer. B is hosting a netMsmqBinding WCF Service. Also, B’s application pool has just recycled itself. A calls B’s WCF service. I see that the message has arrived in the private MSMQ queue which I have created. But until I don’t browse the *.svc URL the message is not proceed by B.
Am I missing something required by this technology? What is the clean way to implement such a functionality?
These are the configuration that I am using. If I missed some helpful info, please, tell me and I will provide it:
The service (B):
<system.serviceModel>
<services>
<service name="MyProject.Web.Services.EmsListener">
<endpoint address="net.msmq://localhost/private/myQueue"
binding="netMsmqBinding" bindingConfiguration="MyMsmqBinding"
contract="MyProject.Abstraction.IEmsListener">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<netMsmqBinding >
<binding name="MyMsmqBinding"
durable="true"
receiveRetryCount="2"
maxRetryCycles="2"
retryCycleDelay="00:01:00"
receiveErrorHandling="Move" >
<security mode="None">
<message clientCredentialType="None"/>
<transport msmqAuthenticationMode="None" msmqProtectionLevel="None" />
</security>
</binding>
</netMsmqBinding>
The client(A):
<system.serviceModel>
<bindings>
<netMsmqBinding>
<binding name="MyBinding ">
<security mode="None" />
</binding>
</netMsmqBinding>
</bindings>
<client>
<endpoint address="net.msmq://localhost/private/myQueue" binding="netMsmqBinding"
bindingConfiguration=" MyBinding " contract="EmsListener.IEmsListener"
name=" MyBinding " />
</client>
</system.serviceModel>
Thanks in advance :)
This may be because IIS is not starting your application after recycled.
Possible solution is to configure auto-start. Then IIS will start your service immediately without waiting for the first request.
The possible solution of Imortist works!!
But first you need to add AppFabric to your ISS, then you need be sure you have the "Start Mode" option in your pool advance settings.
Note: In my windows 7 IIS7 didnt work, but in my windows server 2012 R2 IIS8 Works perfectly

Error: The HTTP request is unauthorized with client authentication scheme 'Negotiate'

I keep getting the above error when my client program tries to call my WCF service method. It is passing credentials via ClientCredential.UserName.
I am not able to figure out what's happening here and all the posts related to this kind of issue are not solving this problem.
Mine is a shared hosting Environment on Godaddy server where my WCF service is hosted.
Configuration is as follows:
<endpoint
name="wsBinding"
address=""
binding="wsHttpBinding"
contract="ServiceLib.IBooking"
bindingConfiguration="myWSSettings"/>
<bindings>
<wsHttpBinding>
<binding name="myWSSettings">
<security mode="Transport">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
Would really appreciate any help.
Thanks
Sandeep

How do I add a binding and endpoint that utilizes SSL for a WCF Workflow Service?

I have a need to secure my WCF service using SSL. The problem I'm running into is that this is a WCF Workflow service, and I can't seem to override the default bindings that it sets up behind the scenes.
There must be something that I'm missing in the configuration file, as whatever I do, the binding always comes back as: BasicHttpBinding_IService at address : http://myurl.com/biz/MyService.xamlx
It should be: https://myurl.com/biz/MyService.xamlx.
These are the bindings and endpoint sections:
<bindings>
<basicHttpBinding>
<binding name="basicBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyNamespace.MyService">
<endpoint address="https://myurl.com/biz/MyService.xamlx"
binding="basicHttpBinding"
bindingConfiguration="basicBinding"
contract="IService" />
</service>
</services>
Thanks for any help!
A few things to try:
change the binding to wsHttpBinding and that will force SSL.
change clientCredentialType to Certificate.
use this example and set the httpsGetEnabled to true:
http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/

How can I use WCF with the basichttpbinding only , SSL and Basic Authentication in IIS?

Is it possible to setup a WCF service with SSL and Basic Authentication in IIS using only the BasicHttpBinding-binding?
(I can’t use the wsHttpBinding-binding)
The site is hosted on IIS 7, with the following authentication set up:
Anonymous access: OFF
Basic authentication: ON
Integrated Windows authentication: OFF
Service Config:
<services>
<service name="NameSpace.SomeService">
<host>
<baseAddresses>
<add baseAddress="https://hostname/SomeService/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="" binding="basicHttpBinding"
bindingNamespace="http://hostname/SomeMethodName/1"
contract="NameSpace.ISomeInterfaceService"
name="Default"
/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<exceptionShielding/>
</behavior>
</serviceBehaviors>
</behaviors>
I tried 2 types of bindings with two different errors:
1. IIS Error:
'Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https].
<bindings>
<basicHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
2. IIS Error:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
<bindings>
<basicHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Does anyone know how to configure this correctly? (if is it possible?)
After some digging and asking some questions to a few colleagues, we finally solved the problem.
Important to understand is there are 2 aspects of security in this case. The IIS security and the WCF security.
IIS security: Enable SSL & enable Basic Authentication. Disable Anonymous Authentication.
(Of course, create a windows account/group and set the permissions on your application in IIS.)
WCF security: Because the binding is only a BasicHttpBinding, the service doesn't require to valid anything. IIS is responsible for this.
The binding configuration of the service:
<bindings>
<basicHttpBinding>
<binding>
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
And finally, to resolve the first error, we deleted the mex Endpoint. This endpoint requires a HTTP binding.
Deleted:
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>

WCF Error: Stream Security is required at http://www.w3.org/2005/08/addressing/anonymous, but no security context was negotiated

We have a windows service that we are trying to use as WCF host for a WPF application. It works fine in development but when we have tried to move to our production environment we have had nothing but problems. From reading posts from others, we figured out how to turn on WCF logging and this was a big help. It turned out that our security bindings on the service and the client did not match. We set them both to use windows security but still no luck now we are trying to set the security mode to 'None' but it still is not working. Here is the bindings section of our service config file:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcp">
<security mode='None'>
</security>
</binding>
</netTcpBinding >
</bindings>
<services>
<service name="CompanyService">
<endpoint
address= "our.url.com/CompanyService"
binding="netTcpBinding"
contract="CompanyServices.ICompanyService" />
</service>
</services>
</system.serviceModel>
Here is the serviceModel section of our client app config:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_Config" >
<security mode="None">
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="our.url.com/CompanyService" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_Config" contract="CompanyServiceProxy.ICompanyService" name="NetTcpBinding_ICompanyService" />
</client>
</system.serviceModel>
If I need to supply additional infor please tell me what I need to supply.
Thanks
Standard net.tcp binding uses Windows credentials by default, and those really require client and service to be in the same Windows domain. Is this the case here??
OK, sorry, you mentioned security=None (your listings weren't properly formatted so I only saw a fraction of the actual config).
I guess your problem really lies in the addresses used:
address= "our.url.com/CompanyService"
When using net.tcp binding, you have to specify that before the address, so change this on both the client and the server to:
address= "net.tcp://our.url.com/CompanyService"
Also, what I don't quite understand is your title: it mentions "streaming" - have you specified streaming mode anywhere? In your config or your service contracts?
Marc