We are calling a third-party service using Windows Identity Foundation. The service is called between 30-40 times successfully. But memory usage of the client application is strange. The application is consuming more and more memory at each service call. I profiled the client application and I found that there are many Dictionary<object,MruSecurityTokenCache.CacheEntry>.Entry[]
instances and each instance consumes memory. If possible then I don't want to use the cache. Is this possible?
Thank you.
The problem is solved using the configuration below:
<system.ServiceModel>
<behaviors>
<endpointBehaviors>
<behavior name="Client">
<clientCredentials>
<issuedToken cacheIssuedTokens="false" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.ServiceModel>
Related
I'm currently investigating WCF for implementing a RESTful service that will run through IIS.
Currently our software offers the ability to authenticate users against a range of sources
Our own internal user accounts stored in the database
A specified windows active directory where if authentication is
successful, a lookup is done to find which internal account the
winows one is linked to
Another LDAP server e.g Novell
So the way I want this to work is that a client sends an http(s) request with an
authentication header (basic for now) over SSL, then the service will use custom
authentication to implement the process described above.
For the moment I am self-hosting the service and trying to get the custom authentication
example working, it starts up correctly but all I get when I try to make a request from a browser
or a tool where i can attach an authentication header is
"Error 101 (net::ERR_CONNECTION_RESET): The connection was reset."
I have set a breakpoint in the custom authentication class an it is never reached, so I'm guessing its a problem with the
configuration.
My app.config;
<configuration>
...
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="secure">
<security mode="Transport">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="CELCAT.RegisterMarker.RegisterMarker" behaviorConfiguration="myServiceBehavior">
<endpoint address="https://mymachine:8001/servicename"
binding="webHttpBinding"
bindingConfiguration="secure"
contract="myServiceContract" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="myServiceBehavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
<serviceAuthorization serviceAuthorizationManagerType="MyServiceAuthorizationManager, authenticatonassembly" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="servicenamespace, serviceassembly" />
<serviceCertificate findValue="certname"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I have read a post that said what I am trying to do is impossible out of the box with WCF
and to achieve this I will need to write a custom module or request interceptor as describe below;
authentication via custom module;
http://custombasicauth.codeplex.com/
authentication via request interceptor;
http://www.codeproject.com/KB/WCF/BasicAuthWCFRest.aspx
This seems like it should be possible to me, so my questions are
Is what i'm trying to do possible?
If so what have I got wrong? or if not which work around is best?
OK after much googling and prompting from Andrew Church (Thanks Andrew) I've figured this out.
The problem was although I had generated a certificate, I hadn't bound it to a port. Steps to help generate certificates and binding them can be found at;
http://www.codeproject.com/Articles/24027/SSL-with-Self-hosted-WCF-Service
This however asks you to use httpcfg, this tool doesn't exist on Windows Vista or 7 (my OS), so a further Google revealed this article;
http://msdn.microsoft.com/en-us/library/ms733791.aspx
Which tells me to use netsh, perfect! Well not quite, because this requires a parameter called appid, I didn't know where I could find this so a further search lead back here;
What appid should I use with netsh.exe?
So I followed all of the steps, commented out the certificate part of my app.config and hey presto I hit my break point in the custom config.
Hope this helps anyone else with the same problem
I am not sure whether this will work, but what I've done in the past is use a custom HTTP module. Our API uses access tokens, so we use the module to inspect headers for the presence of a token, if it doesn't exist we redirect to an Authentication endpoint in the api. The endpoint expects Basic authentication. Hope this helps.
I have hosted a WCF service on Azure at http://voraservice.cloudapp.net/MyPushService.svc. The problem is when I connect through client, it gives me that no endpoint found at the given address:
http://rd00155d3425e0/MyPushService.svc
I dont know how this random servername came here and am trying to figure out since few hours how to remove this random server name and put the actual location of the WCF hosted on the cloud. Any pointers to solutions are appretiated!
Update: I saw this KB article - http://support.microsoft.com/kb/971842/
But when I try to update for Win7 its says hte update is not for my computer.
Initially I was redirected to this KB - http://support.microsoft.com/kb/971842/ but this dint help me on my Windows 7 machine.
Finally I was able to resolve this by adding useRequestHeadersForMetadataAddress tag inside serviceBehaviors tag.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ShoutboxWebRole.ShoutsBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<useRequestHeadersForMetadataAddress/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
...
</services>
</system.serviceModel>
May sound like a manual instruction, but please check the config of consuming application. Often it is pointing to wrong direction. Here is a similar problem discussed in this blog post http://junooni.wordpress.com/tag/azure-incorrect-address-no-endpoint-listening/
All the best.
I have a WCF service running on a net.tcp port inside a hosting application running on my computer - Windows 2003 64 bit.
The application will accept connections from a colleague's machine and locally from the WCF Test Client and sends back the appropriate information. I can also use my client to connect to the service running on my colleague's machine.
Unfortunately it won't allow me to connect to the service from the client running on my machine. Client on my colleague's machine with server on colleague's machine also fails.
Confusingly, the app also runs another service which works fine locally and remotely.
This works: net.tcp://localhost:8736/EchoExcelServices/
This doesnt: net.tcp://localhost:8736/EchoExcelServices/Uploader
The exception given in the client app is a SecurityNegotiatanException with the message
The server has rejected the client credentials
Inside it (a couple of layers down) is a Win32Exception with the message
The logon attempt failed
EDIT: The behaviours section is as follows:
<behaviors>
<serviceBehaviors>
<behavior name="EchoExcelLibrary.MetadataBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ImpersonationBehavior">
<clientCredentials>
<windows allowedImpersonationLevel="Impersonation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
EDIT 2
altered behaviours secion:
<endpointBehaviors>
<behavior name="ImpersonationBehavior">
</behavior>
</endpointBehaviors>
This was a problem with the setup of DTC on our machines. It is now resolved
I have created wcf service and planning to make it accessible from the internet. The page 'You have created a service' seems to be some stub which should be replaced before putting service on production. Is it a bad practice to have this welcome page on production? What do you do with that welcome page when you publish wcf services on the internet?
Thanks
On production you can turn off this page by adding:
<behaviors>
<serviceBehaviors>
<behavior name="ProductionService">
<serviceDebug includeExceptionsInDetail="false" httpHelpPageEnabled="false" />
</behavior>
<serviceBehaviors>
</behavirs>
Also think about publishing WSDL / Metadata. If you don't want to publish WSDL but you want to use mex endpoint use following configuration:
<behaviors>
<serviceBehaviors>
<behavior name="ProductionService">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionsInDetail="false" httpHelpPageEnabled="false" />
</behavior>
<serviceBehaviors>
</behavirs>
Your services must use those behavior in their behaviorConfiguration attribute.
Yes, it's bad. It says potential attackers that the system is non-configured completely, so they would try to attack it. Also, it's not very professional.
Well, print something useful there or hide it:-)
I am trying to generate a client proxy from a WCF service library. I am using VS2005, .NET 3.0 on a Windows XP Pro workstation. The WCF service is hosted in a windows service. When I run the windows service as a console application, there are no problems. I can run svcutil.exe against that address and it generates the proxy. However, when I compile that service in release mode, and install it on the workstation using InstallUtil, I get an error "Error: Cannot obtain Metadata from net.tcp://localhost:9090/Service2 ". These are the settings I am using the app.config for the service
<behaviors>
<endpointBehaviors>
<behavior name="Test2">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="serviceBehaviour">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata />
<!--<serviceMetadata httpGetEnabled="true" />-->
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="TestBinding2" inactivityTimeout = "00:30:00" openTimeout="00:30:00"
receiveTimeout="00:30:00"
sendTimeout="00:30:00">
<binaryMessageEncoding />
<tcpTransport transferMode="StreamedResponse" />
</binding>
</customBinding>
</bindings>
A couple of shots in the dark...
Is your Windows service running? Beyond that, is your WCF service running within the Windows service? My project is also hosting a WCF service in a Windows service (you can see the general step-by-step here). Even though I have the Windows service marked to start automatically, I still have to manually start it the first time. Perhaps there is a command-line option of InstallUtil.exe that I'm not aware of that will do this for me. But the point is, if your Windows service or your WCF service inside is not running, you obviously can't see the MEX endpoint.
The other thing I noticed. Your error says that the metadata cannot be obtained from net.tcp://localhost:9090/Service2, but the base address you posted in your comment shows
net.tcp://localhost:9090/Service_2. Perhaps this is just a type-o, but it wouldn't hurt to double-check that everything is spelled correctly, especially if the add.config is hand-generated.