adding security binding to a wcf end point - wcf

I have added a binding to the config below:
<services>
<service name="MyNamespace.Service.ServiceName.ServiceEndPoint">
<endpoint address="http://localhost:8012/ServiceEndPoint" binding="webHttpBinding" contract="MyNamespace.Service.ServiceName.IServiceEndPoint" behaviorConfiguration="webHttp" name="ServiceName"/>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
So I've added the binding="webHttpBinding" as I'd like to secure the end point. Here's the corresponding config I have:
<bindings>
<wsHttpBinding>
<binding name="ServiceName">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
but this appears to not be securing the end point. I've tried this with Firefox to confirm IE isn't automatically authenticating and checked the headers in firebug.
Can anyone point me in the direction of the right config for doing this?
Thanks,
Matt

you forget to set bindingConfiguration
<endpoint address="http://localhost:8012/ServiceEndPoint" binding="webHttpBinding" contract="MyNamespace.Service.ServiceName.IServiceEndPoint" behaviorConfiguration="webHttp" name="ServiceNameEndpoint" bindingConfiguration="ServiceName"/>

In your binding you have configured a wsHttpBinding and in your service endpoint you have specified a webHttpBinding. I think you want your endpoint binding to be set to wsHttpBinding.
Check this link on WCF Bindings.

Related

WCF service self hosting with https

Currenlty there is a Wcf service hosted as windows service in one of our client side machine, actually currently this is working with normal http call. As we need to use https instead of http, for that we modified app.config but after starting the service the https url not working.Then we tried URL reservation by using netsh http add urlacl url=https://+:18732/Peripheral/ user=Everyone.Then we restared the service again it's not able to access the https url.
we are getting the error in the URl browser •Make sure that TLS and SSL protocols are enabled.
Is this related to any certificate issue? if so how we can able to solve this issue?
The web.config is provied below:-
<system.serviceModel>
<standardEndpoints />
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<bindings>
<basicHttpBinding>
<binding name ="soapBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="Bind1" crossDomainScriptAccessEnabled="true">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="Peripheral.Server.Impl.PeripheralServiceImpl" behaviorConfiguration="SvcBhvr">
<host>
<baseAddresses>
<add baseAddress="https://localhost:18732/Peripheral/" />
</baseAddresses>
</host>
<endpoint address="https://localhost:18732/Peripheral/" binding="webHttpBinding" behaviorConfiguration="EndPBhvr" bindingConfiguration="Bind1"
contract="Peripheral.Server.Contract.IPeripheralService">
<!--<identity>
<dns value="localhost" />
</identity>-->
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="EndPBhvr">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="SvcBhvr">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Anyone knows how to fix this and what we needed to do so that we could able to access the url as https from windows services?
You may need also to bind ssl certificate to the specific port number using netsh or HttpConfig tool depending from OS version. Detailed instructions can be found here
In your case it could be:
netsh http add sslcert ipport=0.0.0.0:18732 certhash=<certhash> appid={<guid>} clientcertnegotiation=enable
where
certhash = your certificate Thumbprint(X509Certificate2.Thumbprint)
appid = could be just Guid.NewId()

WCF Services need to be HTTPS only but only work on HTTP

I have some WCF services that have been working for a while now on HTTP.
I'm moving them to deployment server now and they need to be HTTPS only.
I got the certificate and when I initially set the up they worked over both HTTP and HTTPS.
...at this point I wanted to drop the non-secure access to the services.
So I'm trying to make amendments to my web.config to make this happen:
Service Behaviours:
<serviceBehaviors>
<behavior name="MetaEnabledBahavior">
<serviceMetadata httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
Service Endpoints:
<service name="Services.BookingService" behaviorConfiguration="MetaEnabledBahavior">
<!-- Service Endpoints -->
<clear/>
<endpoint address="https://website.com/services/BookingService.svc" binding="wsHttpBinding"
bindingConfiguration="TransportSecurity" contract="Services.IBookingService"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
Bindings:
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity" maxReceivedMessageSize="2000000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
What I have ended up with at the moment is my HTTP services are still accessible, but the HTTPS access just sends a blank page.
I need HTTP to return an error/page must be viewed by secure channel and HTTPS to be the ones that work only.
How do I fix this?
Smithy try replacing your endpoint with the following:
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="Services.IBookingService"></endpoint>
And your binding with a basicHttpBinding
<basicHttpBinding>
<binding name="TransportSecurity" maxReceivedMessageSize="2000000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
Hope this helps.
In the <protocolMapping> section of Web.Config, add a <remove scheme="http" /> element.

Accessing WCF service on AppHarbor via https

I'm trying to secure my WCF service using transport security model. I've successfully deployed my service to AppHarbor. But I'm getting the following exception when I try to access service page:
[InvalidOperationException: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].] ...
I haven't uploaded any certificates, just using piggyback SSL there. I've downloaded the build and deployed it on my machine. It works fine.
Here is my system.serviceModel section of web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<host>
<baseAddresses>
<add baseAddress="https://auth.apphb.com/AuthService.svc" />
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthService.IAuthService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I've already tried this Hosting a WCF Web API app on AppHarbor?
Can somebody please explain me what I'm doing wrong?
This issue frequently appear when you communicate with the wcf web service thru the LB (AppHarbor one of the example of it).
You should know several things about such kind of communications.
1) Communication between yours client application and LB is secured (https is in use). So you should leverage security binding on the client side.
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
2) Communication between LB and web-front uses http, so server binding should be basicHttpBinding without extra configuration.
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
Summarizing all that stuff we have
Client
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://auth.apphb.com/AuthService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IAuthService"
contract="AuthService.IAuthService" name="BasicHttpBinding_IAuthService" />
</client>
</system.serviceModel>
</configuration>
Server
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" />
</protocolMapping>
<bindings>
<basicHttpBinding/>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Your approach is not going to work right off the bat. This is because SSL is terminated at the load balancers and the app servers see http traffic. You can read more about AppHarbor load balancers here.
You might be able to fool WCF with this module.
There are also some hints in this discussion: http://support.appharbor.com/discussions/problems/829-transportwithmessagecredential-https-ssl

Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]

I know already Many of them getting this same error. I tried all the possible answers given here but i am still getting this error.
My Web.config for the service.
<serviceBehaviors>
<behavior name="AjaxServiceHttpsBehavior">
<serviceMetadata httpsGetEnabled ="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="AjaxServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service name="AjaxService" behaviorConfiguration="AjaxServiceHttpsBehavior">
<host>
<baseAddresses>
<add baseAddress="https://servername/websitefolder" />
</baseAddresses>
</host>
<endpoint address="" behaviorConfiguration="AjaxServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webHttpsBinding" contract="AjaxService" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding">
<security mode="Transport"></security>
</binding>
</webHttpBinding>
<basicHttpBinding>
The service is located at "https://servername/websitefolder/AjaxService.svc" and ssl is configured correctly.
is my Base Address is wrong? I have only one End point for this service. I tried all the possible combinations but still I am getting this error.
I ran into the same issue with wsHttpBinding, and found it wasn't a problem with my base address at all but what I had defined in my element
<wsHttpBinding><binding name="wsHttpBinding_Administration">
<security mode="Message"> <!-- changed this to "message" -->
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
Check bindings of your website inside of IIS. https binding should be added there.

WCF + SSL/HTTPS in IIS(6). How to disable HTTP access in web.config?

I have a WCF app hosted in IIS6 (and 7 in dev environment) with one wsHttp (SOAP) and two webHttp (REST) bindings.
I want to secure the services when publishing to production site and disable metadata and webHttp help page and ENABLE SSL for the bindings. At the same time i would like to have HTTP disabled. I'm aware of the option in IIS to "Require Secure Channel" but I was wondering if the same can be achieved in web.config?
I was under the impression that
<security mode="Transport">
would "disable" http access (ie. https required) but in my case it didn't.
Her is the ServiceModel part of web.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="SoapTransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
<message establishSecurityContext="false"/>
</security>
</binding>
</wsHttpBinding>
<webHttpBinding>
<binding name="RestTransportSecurityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="CustomerWcfService" behaviorConfiguration="Web.ServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="SoapTransportSecurityBinding" contract="ICustomerWcfService">
<identity>
<dns value="ws.somecompany.com"/>
</identity>
</endpoint>
</service>
<service name="SentShipmentsWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="ISentShipmentsWcfRestService"
behaviorConfiguration="RestEndpointBehavior"/>
</service>
<service name="InsuranceInfoWcfRestService" behaviorConfiguration="webHttpServiceBehavior">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="RestTransportSecurityBinding" contract="IInsuranceInfoWcfRestService"
behaviorConfiguration="RestEndpointBehavior"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Web.ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
<behavior name="webHttpServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="RestEndpointBehavior">
<webHttp helpEnabled="false"/>
</behavior>
</endpointBehaviors>
</behaviors>
It looks it couldn't be achieved in web.config. But in the binding settings you can set
<security mode="Transport">
In this case endpoints will not be valid if there is no SSL required.