WCF Service over HTTPS giving errors - wcf

I have made a WCF service with configuration as follows:
<!-- This is the binding for SSL-->
<wsHttpBinding>
<binding name="SSLBinding">
<security mode="Transport" >
<transport clientCredentialType="None" ></transport>
</security>
</binding>
</wsHttpBinding>
<!-- SSL Binding Ends here.-->
</bindings>
<behaviors>
<serviceBehaviors>
<!-- This is the behavior we have defined for SSL configuration-->
<behavior name="SSLBehavior">
<serviceMetadata httpsGetEnabled="True"/>
</behavior>
<!-- SSL Behavior Ends here -->
</serviceBehaviors>
</behaviors>
<services>
<!-- Service configured alongwith its Mex Endpoint-->
<service name="CalculatorService.Service1" behaviorConfiguration="SSLBehavior">
<endpoint contract="CalculatorService.IService1" name="SSLAddress" binding="wsHttpBinding" bindingConfiguration="SSLBinding"></endpoint>
<endpoint name="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="false" />
I have used the following tutorial to host SSL on WCF service on IIS 5.1
http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
I am getting the error as
A binding instance has already been associated to listen URI
'https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config.
In endpoint named "SSLAddress" I added "address" as 'https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc', but was not able to add service reference with this URL, and had to specifically give WSDL path.
Even after providing WSDL path and adding service reference successfully to console application, when the client proxy was executing the methods, it was giving error. So I removed the address attribute from endpoint and now this issue is coming. I am not sure what is wrong in current configuration? Thanks for help.

try adding
address="mex"
to your meta data endpoint.
the address specified ends up being a relative path, so it will be given
https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc/mex
as an address. The other endpoint will remain at
https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc

Related

Problem with WCF and SSL

I am having problems getting a web service working using SSL and WCF.
If I check in IIS the "Require SSL" seeting then I get this error:
WebHost failed to process a request.
Sender Information:
System.ServiceModel.ServiceHostingEnvironment+HostingManager/36097441
Exception: System.ServiceModel.ServiceActivationException: The service
'/' cannot be activated due to an exception during compilation. The
exception message is: Service
'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService' has
zero application (non-infrastructure) endpoints. This might be because
no configuration file was found for your application, or because no
service element matching the service name could be found in the
configuration file, or because no endpoints were defined in the
service element.. ---> System.InvalidOperationException: Service
'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService' has
zero application (non-infrastructure) endpoints. This might be because
no configuration file was found for your application, or because no
service element matching the service name could be found in the
configuration file, or because no endpoints were defined in the
service element.
However if I uncheck it, the page loads fine in the browser but then I get this error
when I try calling it.
Service 'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService'
has zero application (non-infrastructure) endpoints. This might be
because no configuration file was found for your application, or
because no service element matching the service name could be found in
the configuration file, or because no endpoints were defined in the
service element.
This is the configuration:
<system.serviceModel>
<services>
<service name="ISS.MS.WebServices.MessageDispatchWcfService">
<endpoint
address=""
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_MS2"
contract="ISS.MS.WebServices.IMessageDispatchWcfService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceDebug includeExceptionDetailInFaults="False" />
<serviceMetadata httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_MS2" >
<readerQuotas maxStringContentLength="1048576" />
<security mode="Transport">
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
</system.serviceModel>
I can get it working perfectly using normal HTTP, but HTTPs doesn't work.
I am guessing its either an IIS setting or WCF configuration issue?
I figured it out, the name of the service and contract was not correct...how embarrassing.
Anyone know why it would still work over HTTP even it these are incorrect?
(About "multipleSiteBindingsEnabled"): To enable multiple IIS bindings per site for a service, set this property to true. Notice that multiple site binding is supported only for the HTTP protocol.
ref: http://msdn.microsoft.com/en-us/library/system.servicemodel.configuration.servicehostingenvironmentsection.multiplesitebindingsenabled.aspx
try this
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false">
</serviceHostingEnvironment>

Wcf Http and Https

Help please!!
I had the following set up working perfectly:-
WCF Service Library hosted in web site on local IIS 7
Silverlight Application on a web site on local IIS 7 using above services
The solution I am writing is for intranet and not internet use, however I have been told by my bosses that it needs to be over Https. I am using Windows Authentication.
Below is a chunk of the config file for one of the service endpoints (changed to remove company info etc):-
<services>
<service behaviorConfiguration="stdHttpBehavior" name="WcfServiceLibrary.StaticDataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="windowsHttpBinding"
name="StaticDataService" contract="WcfServiceLibrary.ServiceContracts.IStaticDataService" />
<endpoint address="mex" binding="mexHttpBinding" name="" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/WcfServiceLibrary/StaticDataService/" />
</baseAddresses>
</host>
</service>
<behaviors>
<serviceBehaviors>
<behavior name="stdHttpBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
To experiment with Https I created a 'Self-Signed Certificate'. I then added https to the Default Web Site bindings and changed the two web sites to require SSL and also changed the relvant URIs in the config files. I managed to get this to work but now I want to go back to standard Http and finish the project in that mode as it was easier to work with. I changed all the settings back (and I have checked these extremely carefully).
Now I get this error if I try to downoad the Service definition in the Silverlight project: -
'Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].'
If I put back the certificate and binding in IIS. The Service definition appears to download OK, however it references an https URI and therefore none of the actual service calls work as they are http adresses!
I tried adding a new web site to host the service but got the same errors.
I have been trying to solve this for the last couple of days but cannot find an answer. It seems as though there is a hidden reference somewhere and not in my project as it continued with a new web site added to IIS.
To use SSL over HTTP under Basic HTTP binding, you need to switch your endpoint to use Transport-level security. In your case you will also want to indicate the client credential type:
<bindings>
<basicHttpBinding>
<binding name="windowsHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
<message />
</security>
</binding>
</basicHttpBinding>
</bindings>
It may seem obvious, but did you change the security mode on the windowsHttpBinding binding configuration to BasicHttpSecurityMode.None?
<bindings>
<basicHttpBinding>
<binding name="windowsHttpBinding">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
Related resources:
Transport Security Overview
BasicHttpSecurityMode Enumeration

Getting an Security setting exception while accessing a WCF service

Following are binding configurations of my WCF service.
Anonymous access: off
Basic authentication: on
Integrated Windows authentication: off !!
support HTTP protocol .
I am getting an following exception while accessing my WCF service:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType ="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WMWcfWebServiceLib.Service1Behavior"
name="WMWcfWebServiceLib.WMWcfWebService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding"
contract="WMWcfWebServiceLib.IWMWebService">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8731/Design_Time_Addresses/WMWcfWebServiceLib/Service1/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WMWcfWebServiceLib.Service1Behavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
Please Help!!
Edit
I am able to access the WCF service through the web browser with the following changes:
Changes the security mode to TransportCredentialOnly and Removed the Mex Endpoint, but now as obvious I am not able to create the proxy on the client side.
Please let me know where I am wrong ?
If you want to support HTTP only your configuration is not used at all because mode="Transport" demands HTTPS. First find why config is not used (probably wrong type name in service element). Next change security mode to TransportCredentialOnly. But be aware that TransportCredentialOnly + Basic authentication means that HTTP requests will contain plain text Windows user name and password. In most cases such implementation will not pass any security audit.
Edit:
You can create proxy without mex endpoint if you still support httpGetEnabled in service metadata behavior.

Setting Transport level security on webHttp WCF service

I am trying to set transport level security on a webHttp binding WCF service my current config looks like this
<system.serviceModel>
<client>
<endpoint binding="webHttpBinding" bindingConfiguration="webHttp"
contract="PrimeStreamInfoServices.IService1" name="Client" />
</client>
<bindings>
<webHttpBinding>
<binding name="webHttp" maxBufferPoolSize="1500000" maxReceivedMessageSize="1500000" maxBufferSize="1500000">
<security mode="Transport">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="string" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="PrimeStreamInfoServices.Service1" behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttp" contract="PrimeStreamInfoServices.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrimeStreamInfoServices.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="true" />
</diagnostics>
however when i run my service i get an exception:
Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http].
I know im missing something, and I have been trying various things I cant figure it out, anyone got some input on what i have to do?
Yes - switch to HTTPS, with a suitable certificate. Transport security, in the case of HTTP is provided by an SSL channel. You can't have WS* transport security over plain HTTPS
Ignore my previous answer, I was thinking wsHttpBinding not webHttpBinding.
It is the address that you use to call the service that must start with https.
https://machineName/ServiceName
Can you try to add a base address (inside the <host> element of your service config) which is https ? Are you adding a (or multiple) base address(es) in code?
<service name="PrimeStreamInfoServices.Service1"
behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior">
<host>
<baseAddresses>
<add baseAddress="https://localhost:8080/YourService.svc" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint ......
</service>
Not 100% sure if that works with the webHttpBinding, but give it a try!
Marc
Remember that besides the right WCF config, you also need to configure IIS property to enable SSL on it (including setting the right X.509 certificate for SSL). The docs have some decent information on how to do it.

IIS hosted WCF-service + Windows auth in IIS + TransportCredentialOnly/Windows auth in basicHttpBinding

I want to create a WCF-service hosted in IIS6 and disable anonymous authentication in IIS. And don't use SSL.
So only way I have is to use basicHttpBinging with TransportCredentialOnly, itsn't it?
I create a virtual directory, set Windows Integrated Auth and uncheck "Enable Anonymous Access".
Here's my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="Samples.ServiceFacadeService" behaviorConfiguration="ServiceFacadeServiceBehavior">
<endpoint address="" binding="basicHttpBinding" bindingName="MyBinding"
contract="Samples.IServiceFacadeService">
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceFacadeServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
You can see that I even haven't included MEX-enpoint for metadata exchange. Just one endpoint and one binding for it with TransportCredentialOnly security.
But when I tries to start service (invoking a method throught client proxy) I got such exception in the EventLog:
Exception:
System.ServiceModel.ServiceActivationException:
The service
'/wcftest/ServiceFacadeService.svc'
cannot be activated due to an
exception during compilation. The
exception message is: Security
settings for this service require
'Anonymous' Authentication but it is
not enabled for the IIS application
that hosts this service.. --->
System.NotSupportedException: Security
settings for this service require
'Anonymous' Authentication but it is
not enabled for the IIS application
that hosts this service.
I have no idea why my service require Anonymous auth? Why?
The answer found jezell. Thanks.
I mixed up bindingName and bindingConfiguration :
<endpoint address="" binding="basicHttpBinding" bindingName="MyBinding"
contract="Samples.IServiceFacadeService">
</endpoint>
That's right:
<endpoint address="" binding="basicHttpBinding" **bindingConfiguration**="MyBinding"
contract="Samples.IServiceFacadeService">
</endpoint>
The MEX endpoint may still be the problem (see this post). Try disabling MEX like this:
<services>
<!-- Note: the service name must match the configuration name for the service implementation. -->
<service name="MyNamespace.MyServiceType" behaviorConfiguration="MyServiceTypeBehaviors" >
<!-- Add the following endpoint. -->
<!-- Note: your service must have an http base address to add this endpoint. -->
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceTypeBehaviors" >
<!-- This disables it. -->
<serviceMetadata httpGetEnabled="false" />
</behavior>
</serviceBehaviors>
</behaviors>
Here is a good post on securing MEX.
Use basicHttpBinding for your mex endpoint and apply the same bindingConfiguration:
To get VS wcf service project (new sample project) to work with authentication under IIS, you have to:
1) Allow Anonymous access in IIS
2) Prefix your public methods with a attribute like this:
[PrincipalPermission(SecurityAction.Demand, Role = "MyADGroup")]
public string SendMyMessage(string Message)
{...}