I have a WCF service that needs to hosted using basicHttpBinding using SSL.
So my team has installed a SSL certificate with Anonymous authentication enabled and a hardcoded username and password given in IIS.
I tried giving this binding
<binding name="SecurityByTransport">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
But it still doesnt work. I get this error "Could not find a base address that matches scheme http for the endpoint with binding BasicHttpBinding. Registered base address schemes are [https]. "
ServiceModel section:
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<customBinding>
<binding name="netTcp">
<binaryMessageEncoding>
<readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" maxDepth="64" />
</binaryMessageEncoding>
<security authenticationMode="UserNameOverTransport" />
<windowsStreamSecurity />
<tcpTransport portSharingEnabled="true" maxBufferPoolSize="52428800" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
<basicHttpBinding>
<binding name="Https">
<security mode="Transport">
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name ="Https">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Asi.Soa.ServiceModelEx.NullUserNamePasswordValidator, Asi.Soa.ServiceModelEx" />
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="Asi.Soa.ServiceModelEx.ClaimsAuthorizationPolicy, Asi.Soa.ServiceModelEx" />
</authorizationPolicies>
</serviceAuthorization>
<exceptionShielding/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="SoapBehavior">
</behavior>
<behavior name="RestBehavior">
</behavior>
<behavior name="AjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="Asi.Soa.Core.Services.EntityService" >
<endpoint address="https://10.42.150.122/imis15/EntityService.svc" binding="basicHttpBinding" contract="Asi.Soa.Core.ServiceContracts.IEntityService"
bindingConfiguration="Https" />
</service>
</services>
Any help would be appreciated.
Thanks
Try to add to service behavior setting
<serviceMetadata httpsGetEnabled="true"/>
Also you should check that endpoind has a setting
bindingConfiguration="SecurityByTransport"
If you are hosting your service in IIS, please try to remove the http binding from the site bindings.
HTH
Since you are using the web service on IIS, use HTTPS binding for it considering that you are using SSL certificate.
Related
I'm having truble with configuration around my WCF service and WS-Seciurity.
I don't have access to the client side, so far I'm trying to use SoapUI as a client with WS-A adressing, userName, Password and WSS Password Type 'PasswordDigest' options.
I use IIS and https with a simple certificate, .NET 4.7.
I've tried many versions, but without success. I just want to find simplest, working solution to read 'Seciurity' header from SoapUI/client request with WS-Seciurity PasswordDigest options enabled.
The current error with the current config file 'InvalidSecurity' 'An error occurred when verifying security for the message'
<system.serviceModel>
<protocolMapping>
<add scheme="https" binding="wsHttpBinding"/>
</protocolMapping>
<services>
<service name="SoapService" behaviorConfiguration="SoapServiceConf">
<!--<endpoint address="SoapService" binding="wsHttpBinding" contract="MPA.SoapService.References.ServiceReference.SentSOAP" /> -->
<endpoint address="" binding="wsHttpBinding" contract="Interfaces.ISoap" bindingConfiguration="wsHttpBind"/>
<endpoint contract="IMetadataExchange" binding="mexHttpsBinding" address="mex" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding maxReceivedMessageSize="10485760" name="wsHttpBind">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic"/>
<message clientCredentialType="UserName" algorithmSuite="Default" establishSecurityContext="false" />
</security>
<reliableSession enabled="false" />
<readerQuotas maxArrayLength="10485760" maxDepth="1024" maxStringContentLength="10485760" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SoapServiceConf">
<serviceCredentials>
<serviceCertificate findValue="soapservice"
storeName="My"
x509FindType="FindByIssuerName" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
<behavior name="MyServiceTypeBehaviors" >
<!-- Add the following element to your service behavior configuration. -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Thanks.
I have created my first WCF service and it works perfectly, in https in Postman.
Now, I moved on to work with the Service in my VB.NET website and I can't get it to work.
Here is the Web.config from the Service
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<behaviors>
<serviceBehaviors>
<behavior name="inculdeExceptionDetails">
<serviceDebug includeExceptionDetailInFaults="true " />
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior>
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="https">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
<add binding="webHttpBinding" scheme="https" bindingConfiguration="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
I have tried numerous things on the client. But the point I am at now, I can initialize the class, but when I go to call a Function on it, I get:
The provided URI scheme 'https' is invalid; expected 'http'.
Here is my current web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_ICustomZendeskWrapper">
<security mode="None">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www.myDomain.info/Webservices/WCF/CustomZendeskWrapper.svc" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_ICustomZendeskWrapper" contract="CustomZendeskWrapper.ICustomZendeskWrapper" />
</client>
</system.serviceModel>
Can someone point me in the right direction?
Here is my corrected settings:
Service Web.Config:
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<behaviors>
<serviceBehaviors>
<behavior name="inculdeExceptionDetails">
<serviceDebug includeExceptionDetailInFaults="true " />
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior>
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="https">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
<add binding="webHttpBinding" scheme="https" bindingConfiguration="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Client Web.Config:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBinding_ICustomZendeskWrapper">
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="webhttp">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://www.myDomain.info/Webservices/WCF/CustomZendeskWrapper.svc" binding="webHttpBinding" bindingConfiguration="webHttpBinding_ICustomZendeskWrapper" behaviorConfiguration="webhttp" contract="CustomZendeskWrapper.ICustomZendeskWrapper" />
</client>
</system.serviceModel>
First, your configuration file creates the service by using WebHttpBinding, hence your service works properly over http and https in REST style. we are supposed to use WebHttpBinding to call the service or send http request to the proper URL instead of using BasicHttpBinding.
Under this circumstance, if you want to call the service by adding the service reference, just like your configuration. I suggest you make the following changes.
Use WebHttpBinding instead of BasicHttpBinding in client’s
webconfig.
Add the appropriate attribute to the auto-generated operation. [WebGet], [WebInvoke]
Add the webhttp endpoint behavior to the client endpoint.
This could work, but I don’t think it is you want. As you know, we call the service succesfully only when the wcf binding type between the server and the client is consistent. Another solution for this case is we create the service by using BasicHttpBinding. It also works well over http and http.
Please refer to my following configuration.
Server end.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http"/>
<add binding="basicHttpsBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Client end
//use self-signed certificate
ServicePointManager.ServerCertificateValidationCallback += delegate
{
return true;
};
ServiceReference2.Service1Client client = new ServiceReference2.Service1Client("BasicHttpsBinding_IService1");
var result=client.GetData(234);
Console.WriteLine(result);
Configuration file.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" />
<binding name="BasicHttpsBinding_IService1">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://vabqia593vm:11024/Service1.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IService1" contract="ServiceReference2.IService1"
name="BasicHttpBinding_IService1" />
<endpoint address="https://localhost:11025/Service1.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpsBinding_IService1" contract="ServiceReference2.IService1"
name="BasicHttpsBinding_IService1" />
</client>
</system.serviceModel>
In addition, we are supposed to add http binding and https binding in IIS binding module.
Feel free to let me know if there is anything I can help with.
I have a WCF service that works using basicHttpBinding, I'm trying to configure it to go over https and authenticate with a SQL membership provider, and to do this I'm trying to convert it to use wsHttpBinding.
However, with the updated config I get the following error when I try to connect with the client:
Could not find default endpoint element that references contract 'KFileService.IKFileWcfService' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.
Here's the relevant portion of the web.config for the server:
<system.serviceModel>
<protocolMapping>
<remove scheme="http" />
<add scheme="https" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_IKFileWcfServiceBinding" />
</protocolMapping>
<behaviors>
<serviceBehaviors>
<behavior name="KFileWcfServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="SqlMembershipProvider" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="KFileWcfServiceBehavior" name="KFileWcfService">
<endpoint address="https://localhost:36492/KFileWcfService.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_IKFileWcfServiceBinding"
name="wsHttpBinding_IKFileWcfService" bindingName="wsHttpBinding_IKFileWcfServiceBinding"
contract="KFileWcfService.IKFileWcfService">
<identity>
<certificateReference storeLocation="CurrentUser" />
</identity>
</endpoint>
</service>
</services>
<serviceHostingEnvironment minFreeMemoryPercentageToActivateService="0" multipleSiteBindingsEnabled="true"/>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_IKFileWcfServiceBinding" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="100000" maxArrayLength="2147483647"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
And here's the client side:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_IKFileWcfService" />
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost:36492/KFileWcfService.svc"
binding="wsHttpBinding" bindingConfiguration="wsHttpBinding_IKFileWcfService"
contract="KFileWcfService.IKFileWcfService" name="wsHttpBinding_IKFileWcfService" />
</client>
</system.serviceModel>
I've done my best to go through all the existing questions and examples already, but haven't had any luck. Can anyone tell me what I'm doing wrong?
Edit:
For further reference, here's the server side configuration that works with basicHttpBinding:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="KFileWcfService">
<endpoint address="https://localhost:36492/KFileWcfService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IKFileWcfService" contract="KFileService.IKFileWcfService" name="BasicHttpBinding_IKFileWcfService" />
</service>
</services>
<serviceHostingEnvironment minFreeMemoryPercentageToActivateService="0" multipleSiteBindingsEnabled="true"/>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IKFileWcfService" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" transferMode="Streamed">
<readerQuotas maxDepth="32" maxStringContentLength="100000" maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
And client:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IKFileWcfService" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost:36492/KFileWcfService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IKFileWcfService"
contract="KFileService.IKFileWcfService" name="BasicHttpBinding_IKFileWcfService" />
</client>
</system.serviceModel>
The type of the service contract on the client which you're trying to use, based on your error messsage:
KFileService.IKFileWcfService
The type of the service contract interface which you have on your client config:
KFileWcfService.IKFileWcfService
They should be the same. Change the client config to
... contract="KFileService.IKFileWcfService" ...
And it should work.
I know this is a very common scenario, but I've still, after two days of searching, not found a solution to this problem.
I've got a WCF Service and a client (web site), using SSL and a client certificate.
Relevant service config section:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="HOLBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HOLServiceBehaviour">
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine" />
</clientCertificate>
</serviceCredentials>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<services>
<service name="HOL.Core.Service.HOLService" behaviorConfiguration="HOLServiceBehaviour">
<endpoint address="bh" bindingConfiguration="HOLBinding" binding="basicHttpBinding" contract="HOL.Core.Service.IHOLService" />
<endpoint address="wb" behaviorConfiguration="WebBehaviour" binding="webHttpBinding" contract="HOL.Core.Service.IHOLService" />
</service>
</services>
Relevant client service config:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="HOLServiceEndpointBehaviour">
<clientCredentials>
<clientCertificate storeLocation="LocalMachine"
findValue="mythumbprint"
x509FindType="FindByThumbprint" storeName="TrustedPeople" />
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IHOLService" maxBufferPoolSize="20000000" maxReceivedMessageSize="20000000">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www.myhttpsite.co.uk/Service/HOLService.svc/bh" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IHOLService" contract="HOLCoreService.IHOLService"
name="BasicHttpBinding_IHOLService" behaviorConfiguration="HOLServiceEndpointBehaviour">
</endpoint>
</client>
</system.serviceModel>
My certificate is being found, so that's not the problem (took me a day to fix that problem too!)
I believe the error is that the client calling the WCF Service simply isn't sending through the correct details to authenticate... but why?
I've a wcf config as shown below and I'm trying the run the service on https.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttps">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Username" />
<message />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="serviceBehavior" name="MyService">
<endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration=""
bindingNamespace="http://mydomain.com" contract="IMetadataExchange" />
<endpoint binding="basicHttpBinding" bindingConfiguration="basicHttps"
name="basicTest" bindingNamespace="http://mydomain.com"
contract="IMyContract" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="MySqlMembershipProvider" />
</serviceCredentials>
</behavior>
<behavior>
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
WCFSTORM error out with this:
*
The provided URI scheme 'https' is invalid; expected 'http'.
Could someone please help me point out my bug on above config please?
I also tried with this but same error:
<basicHttpBinding>
<binding name="basicHttps">
<security mode="Transport">
<transport clientCredentialType="None" />
<message />
</security>
</binding>
</basicHttpBinding>
My Service Class looks like below:
namespace Service
{
[ServiceBehavior(AddressFilterMode = AddressFilterMode.Any, Namespace = "http://mydomain.com")]
class MyService : IMyContract
{
}
}
Thank you all who put some comments on my question. finally I figured out myself. The config was all OK.
The problem was with WCF Storm, the Authentication Type should be set to NONE on Config dialog (WCF STORM).
Thank you again.
or use wsHttpBinding instead of basicHttpBinding and no need to change something on WCFStorm side