How to Call .NET AuthenticationService from json client without ASP.NET - wcf

I have a WCF 4 service which is in a Secure subfolder, accessible after the client has authenticated using Forms authentication using the .NET AuthenticationService.
This WCF service is for a mobile app client which communicates via json but is not an ASP.NET app. I have successfully configured the service to use json and the AuthenticationService has the standard configuration as documented in many places e.g. http://msdn.microsoft.com/en-us/library/bb398990.aspx
The docmentation for the AuthenticationService says "The application must be able to send and consume a SOAP message". However I want the client to be able to use json for authentication as well. Is this possible? What's the configuration required?
I found this article http://weblogs.asp.net/asptest/archive/2008/12/09/working-with-the-asp-net-ajax-authentication-service.aspx so it looks like the AuthenticationService can handle json but it uses Client Application Services. The mobile app client is not an ASP.NET app.

Yes the AuthenticationService can handle JSON. There are a couple of ways to do. Here is a sample configuration I've used in the past using the element.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<services>
<service name="System.Web.ApplicationServices.AuthenticationService" behaviorConfiguration="MyServiceBehavior">
<endpoint address="" behaviorConfiguration="ajaxBehavior"
contract="System.Web.ApplicationServices.AuthenticationService"
binding="webHttpBinding" bindingConfiguration="webHttpBindingSecure"
bindingNamespace="http://asp.net/ApplicationServices/v200"/>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="ajaxBehavior">
<enableWebScript/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingSecure">
<security mode="Transport"/>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>

The question is old for long time but I think it will help someone if I post my answer.
For sure you can return json for AuthenticationService.
The solution is very simple like Garret answer, you only need configure another endpoint like this but you need add 2 addition attributes for endpoint behaviors: defaultOutgoingResponseFormat="Json" and defaultBodyStyle="Wrapped" to overwrite default soap response.
<system.serviceModel>
<services>
<service behaviorConfiguration="AuthenticationServiceBehaviors" name="System.Web.ApplicationServices.AuthenticationService">
<endpoint address="" behaviorConfiguration="ajaxBehavior"
contract="System.Web.ApplicationServices.AuthenticationService"
binding="webHttpBinding" bindingConfiguration="RestBinding"
bindingNamespace="http://asp.net/ApplicationServices/v200"/>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="RestBinding" />
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ajaxBehavior">
<webHttp helpEnabled="true" defaultOutgoingResponseFormat="Json" defaultBodyStyle="Wrapped" />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="AuthenticationServiceBehaviors">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
I hope this help someone who want to expose asp.net membership as json format to use in mobile app.

Related

WCF in windows phone security transport

WP supports only basicHttpBinding. My app sends sensitive data through WCF and store them in DB. Data are sent as plain text and this is inacceptable. I found some solutions but it isn't working. I've set securityMode to Transport but I've got exception. Here is my web.config file:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="baseBinding" >
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="serviceBehavior" name="TestWCF.WcfNotificationService.WcfNotificationService">
<endpoint address="base" binding="basicHttpBinding" bindingConfiguration="baseBinding"
contract="TestWCF.WcfNotificationService.IWcfNotificationService" />
<host>
<timeouts openTimeout="00:05:00" />
</host>
</service>
</services>
when I update service reference in client I get error:
Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].
Could you help me, what I have to do?
Thanks

basicHttpBinding security mode not successfully inferred by wcf test client

I have a WCF Service programmed in VB.NET that is exhibiting strange behavior. The web.config has the following xml:
<system.serviceModel>
<services>
<service behaviorConfiguration="CentricBasicHttpBehavior" name="OnbaseService">
<endpoint binding="basicHttpBinding" bindingConfiguration="CentRicBasicHttpServerBinding" contract="IOnbaseService">
<identity>
<servicePrincipalName value="HTTP/JFOLKENDT7E" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CentricBasicHttpBehavior">
<serviceAuthorization impersonateCallerForAllOperations="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
<serviceThrottling maxConcurrentCalls="100" maxConcurrentSessions="100" maxConcurrentInstances="100" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="CentRicBasicHttpServerBinding" maxReceivedMessageSize="5000000">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
When I configure the service in wcf test client, both the Binding Mode and TransportClientCredentialType are coming across as "None". I expected for them to be "TransportCredentialOnly" and "Windows" respectively.
Can someone please share with me how WCF Test Client infers the binding configuration, and how I should go about correcting this issue? The end result is that within the source code of the service, the WindowsIdentity isn't impersonating the user like I expected.
Thanks,
Jason
I work with Jason and we looked at this together. The service configuration needed the name and contact properties to match the fully qualified service class name and fully qualified contact interface name. Otherwise, we were getting the fun new .Net 4.0 defualt bindings for a default service.
In my own experience with WCF, I had modified session Timeouts and connection Timeout settings in the config file but WCF Test Client was not respecting those settings. Seems like WCF Test client just takes up the default values for communicating with WCF services. Hence I test my WCF services using my own custom WCF Test Clients by generating app.config and proxy. cs through svcutil.exe .

WCF service not accessible in Windows Server 2008

I recently built a WCF Service, and now I'm deploying it to Windows Server 2008. Right now, we don't have secure protocol turned on. But we will. I'd like to get it working either way. In the site, I've had Anonymous authentication enabled as well as Forms authentication. The reason I did this was to prevent the authentication popup on the iPad, Android and Internet Explorer. So now they just get to the Login screen. Oh and I did activate WCF in Windows features. If you're also knowledgeable about making this https ready, I'd also like to figure that out. Thanks!!
I'm getting this error when I try pasting in the *.svc PATH into the URL.
System.ServiceModel.ServiceActivationException:
The service
'/WCFServices/Accessioning/QuickDataEntryService.svc'
cannot be activated due to an
exception during compilation
Here is my web.config configuration thus far.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true">
<!--<baseAddressPrefixFilters>
<add prefix="http://localhost/" />
</baseAddressPrefixFilters>-->
</serviceHostingEnvironment>
<behaviors>
<endpointBehaviors>
<behavior name="AspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
</behavior>
<!-- Watch this section when adding a new WCF Service! New behaviors will be added; just delete them and use "ServiceBehavior" -->
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceBehavior" name="A.LIMS.UI.Web.WCFServices.Accessioning.QuickDataEntryService">
<endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding"
contract="A.LIMS.UI.Web.WCFServices.Accessioning.QuickDataEntryService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
<!--<service name="A.LIMS.UI.Web.WCFServices.Accessioning.IQuickDataEntryService"
behaviorConfiguration="ServiceBehavior">
<endpoint behaviorConfiguration="AspNetAjaxBehavior"
binding="webHttpBinding"
contract="A.LIMS.UI.Web.WCFServices.Accessioning.IQuickDataEntryService" />
</service>-->
<!-- Watch this section when adding a new WCF Service! Duplicate the "QuickDataEntryService" above for an example, but change the fully qualified name -->
</services>
</system.serviceModel>
I have no clue what caused the exception above, but here was the final verdict. There were a lot of things required for WCF and using an SSL certificate (HTTPS protocol). Pardon the formatting.. I don't like how Stack Overflow sometimes puts the code into a block and sometimes it doesn't.
The following were required for the web.config on HTTPS:
Here are some places that required the "requireSSL" attribute:
<authentication mode="Forms">
<forms loginUrl="Login.aspx" timeout="30" protection="All" requireSSL="true" />
</authentication>
<httpCookies httpOnlyCookies="false" requireSSL="true" domain="" />
Notice the "s" in "httsGetEnabled" below:
<behaviors>
<endpointBehaviors>
<behavior name="AspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpsGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
Bindings (missing in non-SSL web.config):
<bindings>
<webHttpBinding>
<binding name="webBinding">
<security mode="Transport">
</security>
</binding>
</webHttpBinding>
</bindings>
Services (notice the "s" in "mexHttpsBinding"):
<services>
<service behaviorConfiguration="ServiceBehavior" name="A.LIMS.UI.Web.WCFServices.Accessioning.QuickDataEntryService">
<endpoint behaviorConfiguration="AspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="A.LIMS.UI.Web.WCFServices.Accessioning.QuickDataEntryService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
Last but not least. I'm not using .NET 4.0, but I did try .NET on a different machine. With .NET 4.0 I couldn't get the WCF services to work without having this configured to the actual URL being used. If there were two domains for the same IP, WCF only worked with the domain in this block inside the system.ServiceModel XML block in the web.config. I did not test https in the .NET 4.0, so I'm assuming the protocol on the URL would be https below:
<serviceHostingEnvironment aspNetCompatibilityEnabled="true">
<baseAddressPrefixFilters>
<add prefix="http://subdomain.domain.com/" />
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
Oh, I also had to turn on WCF on the Windows Server 2008 box. And it required a server reboot!

Both http and https for one service

I'm tackling with an issue but couldn't sort out it.
I have one service which is worked inside asp.net 4.0 app.
The site is available both over http and https.
Issue is that the service with below provided config snipped can work either over http or over https.
What is wrong in my config?
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="HMS.DataServices.PaymentsServiceBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="HMS.DataServices.PaymentsServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="HMS.DataServices.PaymentsService">
<!--HTTP-->
<endpoint address="" binding="webHttpBinding" contract="HMS.DataServices.IPaymentsService"
behaviorConfiguration="HMS.DataServices.PaymentsServiceBehavior" />
<!--HTTPS-->
<endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttpsBinding"
contract="HMS.DataServices.IPaymentsService" behaviorConfiguration="HMS.DataServices.PaymentsServiceBehavior" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
this config works over https but not nttp
In the windows log I see next error
The exception message is: Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]..
Thanks in advance!

WCF MetaData not working

I have tried several times to have my WCF service expose MetaData. Instead, I keep keeping the exception:
The contract name 'IMetadataExchange'
could not be found in the list of
contracts implemented by the service
SecurityBroker. Add a ServiceMetadataBehavior to the
configuration file or to the
ServiceHost directly to enable support
for this contract.
... when manually browsing to the service using IE.
(I am presuming this is the same reason why my client application isn't able to generate a service reference. Baby steps and all)
And yet my web.config looks okay:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<behaviors>
<endpointBehaviors>
<behavior name="webHttpEnablingBehaviour">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="webHttpEnablingBehaviour">
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="IWW.MIGTurbo2.WCF.Security.SecurityBroker">
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
<endpoint address=""
binding="webHttpBinding"
bindingConfiguration="default"
contract="IWW.MIGTurbo2.WCF.Security.ISecurityBroker"
behaviorConfiguration="webHttpEnablingBehaviour">
</endpoint>
</service>
</services>
<client />
<bindings>
<webHttpBinding>
<binding name="default" />
</webHttpBinding>
</bindings>
</system.serviceModel>
So I have my IMetadataExchange contract defined with mex fine, and hooked up, as far as I can see. Have I missed something daft?
Edit
My Service definition is shown below, if this is useful:
<%# ServiceHost Language="C#" Debug="true" Service="IWW.MIGTurbo2.WCF.Security.SecurityBroker" Factory="System.ServiceModel.Activation.WebScriptServiceHostFactory" %>
Your config file has the behaviorConfiguration attribute on the "endpoint" element, but you also need it on the "service" element.
I am using NetTcpBinding for all. In my case I was having the same issue and resolved it by adding:
(a) a behaviorConfiguration="" to the mex endpoint
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" behaviourConfiguration="" />
(b) a behaviorConfiguration="mex" to the service definition:
<services>
<service name="AcmeService" behaviorConfiguration="mex">
(c) The behaviour entry
<behaviors>
<serviceBehaviors>
<behaviour name="mex">
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceMetadata />
</behavior>
</serviceBehaviors>
</behaviors>