We Keep Coding

How to configure service reference to point to Https, with MutualSSL setup?

In my project I recently changed my WCF service to use Https. It is configured to be a mutual ssl setup and the client and server certificates are both installed appropriately. Server side looks fine and even started fine in the browser as shown below.
However, when trying to configure the service reference from the WPF client side (service proxy that was previously added and generated). I get a 403 forbidden error code as shown below. Any idea why?
Here are my configurations.
WCF Server Side Config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" x509FindType="FindByIssuerName" findValue="QuickFire Root Authority" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="PushNotification_SignalR_PoC.WCF.PushNotificationService">
<endpoint binding="wsHttpBinding" bindingConfiguration="MutualSslLargeMessageBinding" contract="PushNotification_SignalR_PoC.WCF.IPushNotificationService" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MutualSslLargeMessageBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
WPF Client Side Config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_IPushNotificationService"
closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:30:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost:44367/PushNotificationService.svc"
binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_IPushNotificationService"
contract="ServiceProxy.IPushNotificationService" name="WsHttpBinding_IPushNotificationService" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="MutualSslBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" x509FindType="FindBySubjectName" findValue="QuickFire Test Client"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

If we want to call the service by adding service reference, we should add the MEX endpoint in the service endpoints on the server side. It could exchange metadata of the service over all platforms.
Like below,
<services>
<service name="PushNotification_SignalR_PoC.WCF.PushNotificationService">
<endpoint binding="wsHttpBinding" bindingConfiguration="MutualSslLargeMessageBinding" contract="PushNotification_SignalR_PoC.WCF.IPushNotificationService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
For details,
https://learn.microsoft.com/en-us/dotnet/framework/wcf/extending/how-to-configure-a-custom-ws-metadata-exchange-binding
Feel free to let me know if there is anything I can help with.

WCF streaming large file

I read this article http://www.codeproject.com/Articles/166763/WCF-Streaming-Upload-Download-Files-Over-HTTP to upload large file via WCF.
I've created the same configuration but I've just upload file 48kb even I added attribute maxReceivedMessageSize ="2147483647". When I try to upload file over 48kb I got an error
The remote server returned an error: (413) Request Entity Too
Large.
Did I get wrong or miss something? Below is my config
Server config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime executionTimeout="4800" maxRequestLength="2097150"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<!--BINDING-->
<bindings>
<basicHttpBinding>
<binding name="TransferService"
closeTimeout="00:10:00"
maxBufferPoolSize="2147483647"
maxBufferSize="2147483647"
maxReceivedMessageSize ="2147483647"
openTimeout="00:10:00"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
messageEncoding="Text"
transferMode="Streamed"
>
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"
maxArrayLength="2147483647"/>
</binding>
</basicHttpBinding>
</bindings>
<!--SERVICE-->
<services>
<service name="TransferService.TransferService"
behaviorConfiguration="TransferServiceBehavior" >
<endpoint
address=""
binding="basicHttpBinding"
bindingConfiguration="TransferService"
contract="TransferService.ITransferService" >
</endpoint>
</service>
</services>
<!--BEHAVIOR-->
<behaviors>
<serviceBehaviors>
<behavior name="TransferServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceThrottling maxConcurrentCalls="500" maxConcurrentSessions="500" maxConcurrentInstances="500" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="500000000"></requestLimits>
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Web client config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ITransferService" />
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpBinding_ITransferService"
address="http://localhost/transfer/TransferService.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_ITransferService"
contract="TransferService.ITransferService" />
</client>
</system.serviceModel>
Please suggest any solutions.
Thanks in advance
Now I've changed config as your suggest but it's still raise the same error 400 or 413. Below is my test project. I don't know reason why? (Environment: Window 7 Pro 64 bit, IIS7 , WCF 4.0)
https://skydrive.live.com/redir?resid=BFE92959302FBAA0!105&authkey=!ANO_URChpql9gKE
I'm spent two week to research and but it's the same error.
Please help me. Thanks in advance.

Well, the client config must also define the same binding configuration (with the larger transfer size), and specify that binding configuration in its endpoint configuration!
So change your client side config to:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransferService"
closeTimeout="00:10:00"
maxBufferPoolSize="2147483647"
maxBufferSize="2147483647"
maxReceivedMessageSize ="2147483647"
openTimeout="00:10:00"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
messageEncoding="Text"
transferMode="Streamed"
>
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"
maxArrayLength="2147483647"/>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpBinding_ITransferService"
address="http://localhost/transfer/TransferService.svc"
binding="basicHttpBinding"
bindingConfiguration="TransferService"
contract="TransferService.ITransferService" />
</client>
</system.serviceModel>
and then you should have the same settings on the client and the server, and then those settings would become useful !

I checked your project, replace your webconfig with this and update the service reference try again,
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime executionTimeout="4800" maxRequestLength="2097150"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<!--BINDDING-->
<bindings>
<basicHttpBinding>
</basicHttpBinding>
<customBinding>
<binding name="LargeSilverlight" closeTimeout="00:21:00" openTimeout="00:20:00"
receiveTimeout="00:20:00" sendTimeout="00:50:00">
<textMessageEncoding maxReadPoolSize="2147483647" maxWritePoolSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</textMessageEncoding>
<httpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
</client>
<!--SERVICE-->
<services>
<service name="TransferService.TransferService" behaviorConfiguration="SilverlightWCFLargeDataApplication" >
<endpoint address="" binding="customBinding" bindingConfiguration="LargeSilverlight" behaviorConfiguration="SilverlightWCFLargeDataApplication" contract="TransferService.ITransferService" >
</endpoint>
</service>
</services>
<!--BEHAVIOR-->
<behaviors>
<serviceBehaviors>
<behavior name="SilverlightWCFLargeDataApplication">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="SilverlightWCFLargeDataApplication">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="500000000"></requestLimits>
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>

I am facing Same Problem. and I am used this code in config File then I am able to upload 25MB file
try this
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="webserviceMOSSuiteSoap"
closeTimeout="00:01:00"
maxBufferPoolSize="20000000"
maxBufferSize="20000000"
maxReceivedMessageSize="20000000"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
messageEncoding="Text"
transferMode="Buffered"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
textEncoding="utf-8"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32"
maxStringContentLength="20000000"
maxArrayLength="20000000"
maxBytesPerRead="20000000"
maxNameTableCharCount="20000000"/>
<security mode="None">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm=""/>
<message clientCredentialType="UserName"
algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/WebServiceConnect/webservice.asmx"
binding="basicHttpBinding"
bindingConfiguration="webserviceMOSSuiteSoap"
contract="ServiceReference1.webserviceMOSSuiteSoap"
name="webserviceMOSSuiteSoap"/>
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true"/>
</system.serviceModel>

wcf soap service web.config error

Hi I want to create a soap service. When i run it, the service starts properly, but i cant connect to it from php, because i get the following error:
Fatal error: Maximum execution time of 30 seconds exceeded in C:\xampp\htdocs\soaptest\soaptest.php on line 6
line 6 is: $client = new SoapClient('http://localhost:1741/TopicService.svc?wsdl');
here is my web.config
<system.web>
<compilation debug="true" targetFramework="4.0" />
<trace enabled="false"/>
<httpRuntime maxRequestLength="100000000" />
</system.web>
<system.serviceModel>
<services>
<service name="PptxToTopicWebService.TopicService">
<endpoint address="soap" behaviorConfiguration="PptxToTopicWebService.ITopicService" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding1" contract="PptxToTopicWebService.ITopicService" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="PptxToTopicWebService.ITopicService">
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" minFreeMemoryPercentageToActivateService="0" />
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding1" maxReceivedMessageSize="10000000" maxBufferSize="10000000">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
What am i doing wrong?

Modify your end point as mentioned below. It will work. Seems service is taking more time to respond.
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding1" maxReceivedMessageSize="10000000" maxBufferSize="10000000" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binding>
</basicHttpBinding>
</bindings>

WCF - The security protocol cannot verify the incoming message.

I am trying to create a WCF service that uses certificate authentication over SSL to create a Business to Business gateway. I have created a CA and a client certificate and put them in the Trusted root and personal folders respectively. I have set up the SSL routing but I keep getting the following error ‘The security protocol cannot verify the incoming message.’ And I can’t figure out why.
Below is my service configuration:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="B2BGateway.SSOBackChannel" behaviorConfiguration="B2B">
<endpoint binding="wsHttpBinding"
bindingConfiguration="WSCertificateSecurity"
contract="B2BGateway.Contracts.ISSOBackChannel"
address="https://blah.com/SSOBackChannel.svc"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="B2B">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="None"></serviceAuthorization>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="B2B">
<clientCredentials>
<clientCertificate findValue="2e2ecba0f33265085cc53cb53c0b00977aaa9e9e" storeName="My" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSCertificateSecurity">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
<system.diagnostics>
<sources>
<!-- See here for recommended diagnostics settings: http://msdn.microsoft.com/en-us/library/aa702726.aspx -->
<source name="System.ServiceModel" switchValue="Warning,Information,ActivityTracing,Verbose" propagateActivity="true">
<listeners>
<add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="d:\logs\gah.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.webServer>
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
And the client configuration is just the autogenerated code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ISSOBackChannel" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://blah.com/SSOBackChannel.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISSOBackChannel"
contract="SSOBackChannelService.ISSOBackChannel" name="WSHttpBinding_ISSOBackChannel" />
</client>
</system.serviceModel>
</configuration>
I wrote a unit test to see if the thing works which is where I’m getting the error...
[TestMethod]
public void Should_Call_Service_As_Machine_Does_Have_x509Certificate()
{
SSOBackChannelClient service = new SSOBackChannelClient();;
service.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "2e2ecba0f33265085cc53cb53c0b00977aaa9e9e");
var result = service.CheckBackChannelToken("123456789");
}
Any help would be so greatly appreciated!!
Josh

You are using wsHttpBinding but you havent specified the certificate it needs to use to secure your transport channel. Try to specify a certificate it needs to use. i.e. for SSL
Also try enabling tracing on your service. See here how to enable tracing.

Change clientCredentialType to UserName, but using x509 certificate

I have made a wcf application, and a client. WCF app. have to know what user and password had accessed the service operation. That is what i done:
Server web config:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="Auth">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</clientCertificate>
<serviceCertificate findValue="WCfServer"
storeLocation="CurrentUser"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="Auth" name="Service">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding" contract="IService"/>
</service>
</services>
</system.serviceModel>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
Client config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="WcfClient" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" />
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:30341/WCFAuthTest/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
contract="Service.IService" name="WSHttpBinding_IService" behaviorConfiguration="CustomBehavior">
<identity>
<dns value="WcfServer" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
How i generated certificates: http://www.codeproject.com/KB/WCF/9StepsWCF.aspx
Service operation:
public string TestAccess()
{
return OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name;
}
Client:
ServiceClient client = new ServiceClient();
client.ClientCredentials.UserName.UserName = "Admin";
client.ClientCredentials.UserName.Password = "123";
Console.WriteLine(client.TestAccess());
Console.ReadLine();
And program must return Admin but it doesn't:
http://img27.imageshack.us/img27/3104/returnz.png
I know that i have to change the clientCredentialType to UserName, but it gaves me an error

If you want to pass user name and password you must set client credential type to UserName. Setting it to certificate is for using client certificates. Here is some how to article.