I am attempting to create a dummy security token service using the WCF Security Token Service website template. When creating the website, if I specify a file system URI and host the site in the ASP.NET Development Web Server then everything appears to be fine. However, I want the STS to use SSL and I would also like to avoid the cross-domain issues that arise when using the dynamic ports assigned by the ASP.NET Development Web Server. So I recreated the same website but specify an HTTPS URI to a preconfigured web application in IIS 7.5 (e.g. https://localhost/SecurityTokenService/) instead of a file system URI. Now all attempts to navigate to the Service.svc file result in a forceful connection reset.
Below is my web.config file although the fact that it works when hosted in the ASP.NET Development Web Server makes me think the problem is with an IIS setting. What are some things I might try to figure out what's going on?
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<configSections>
<section name="microsoft.identityModel" type="Microsoft.IdentityModel.Configuration.MicrosoftIdentityModelSection, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</configSections>
<appSettings>
<add key="IssuerName" value="ActiveSTS"/>
<add key="SigningCertificateName" value="CN=STSTestCert"/>
<add key="EncryptingCertificateName" value=""/>
</appSettings>
<connectionStrings />
<location path="FederationMetadata">
<system.web>
<authorization>
<allow users="*"/>
</authorization>
</system.web>
</location>
<system.web>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<authentication mode="None"/>
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</controls>
</pages>
</system.web>
<system.web.extensions>
<scripting>
<webServices>
</webServices>
</scripting>
</system.web.extensions>
<system.serviceModel>
<services>
<service name="Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract" behaviorConfiguration="ServiceBehavior">
<endpoint address="https://localhost/SecurityTokenService/Service.svc/IWSTrust13" binding="ws2007HttpBinding" contract="Microsoft.IdentityModel.Protocols.WSTrust.IWSTrust13SyncContract" bindingConfiguration="ws2007HttpBindingConfiguration"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost/SecurityTokenService/Service.svc" />
</baseAddresses>
</host>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<ws2007HttpBinding>
<binding name="ws2007HttpBindingConfiguration">
<security mode="TransportWithMessageCredential">
<message establishSecurityContext="false" clientCredentialType="UserName" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<microsoft.identityModel>
<service>
<securityTokenHandlers>
<remove type="Microsoft.IdentityModel.Tokens.WindowsUserNameSecurityTokenHandler, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
<add type="CustomUserNamePasswordTokenHandler, App_Code"/>
</securityTokenHandlers>
</service>
</microsoft.identityModel>
</configuration>
UPDATE: I can navigate to other files in the web application. Just not the *.svc file. I don't have anything to work with except for the 101 statuc code so this is kind fo frustrating.
UPDATE: Further experimentation indicates that the problem only exists with WCF services that are STSs and hosted in IIS. If I host a regular WCF service in IIS there is no problem. I downloaded a variety of example projects containing custom STSs and they all exhibit the same behavior. This leads me to believe that there is something wrong with the configuration of my IIS that prevents it from playing nice with an STS. Beats me how I might figure out what the problem is ...
The base address in your service is configured to be HTTP not HTTPS. Also, if you are browsing to it using HTTPS and expecting to see the service definition I think you would need httpsGetEnabled not httpGetEnabled. Could these be the problem?
I opened a support case with Microsoft about this. After digging through a lot of log and trace files, we determined that the physical path of the virtual directory in IIS was not correct. This is weird because Visual Studio created the virtual directory on my behalf when I added the project to my solution. I deleted and recreated the virtual directory manually and everything started working.
Related
I've a WCF service which is referenced into an assembly. This Assembly has been referenced in a BizTalk project.
While calling the WCF method via Orchestration it gave following error:
Could not find default endpoint element that references contract 'SubscriberService.ISubscriber' in the ServiceModel client configuration section.
I've googled it and it is a known issue if you try to call the WCF via assembly in a Window project or web application. This can be resolved if we adds configuration in the project which is calling the assembly. And I've tested the scenario in sample project and copying the client configuration to my test project resolves the issue but this is not working in BIZTALK project.
Configuration in App.Config file of assembly:
<configuration>
<configSections>
<sectionGroup name="applicationSettings" type="System.Configuration.ApplicationSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >
<section name="CustomerMain.HelperAssembly.CoreProcess.Properties.Settings" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</sectionGroup>
</configSections>
<system.serviceModel>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISubscriber" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:81/SubscriberService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISubscriber"
contract="SubscriberService.ISubscriber" name="BasicHttpBinding_ISubscriber" />
</client>
</system.serviceModel>
</configuration>
Configuration in Biztalk Project's App.Config file:
<configuration>
<system.serviceModel>
<protocolMapping>
<add binding="basicHttpBinding" scheme="http" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISubscriber" bypassProxyOnLocal="true" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:81/SubscriberService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISubscriber"
contract="SubscriberService.ISubscriber" name="BasicHttpBinding_ISubscriber" />
</client>
</system.serviceModel>
</configuration>
Thanks
Because this is a BizTalk project, the answer begins with do not do this.
While you can, it is not the correct way to call a Service in a BizTalk app.
So, the correct way to address this is to add that Service to your app using the BizTalk WCF Adapter.
If anyone on you team raises any objections, we're happy to help you address those. There is no scenario where what you describe is the right thing to do.
it's my first try to make a WCF service that uses Asp.Net Membership provider for Authentication , what i try to do is very simple :
1- The default Asp web app where users will register and create accounts (using Asp.Net Membership provider)
2- WCF service that can be used only by the members registered
so i tried this example : Configuring an ASP.NET Application to Use Membership
I created a default Asp web app, Membership works fine.
My problem is configuring the WCF App.Config :
So please guys correct me if I'm wrong
1- is it the right example (cause i want to use that WCF service later for Asp.Net Membership Authentication from Winform App, everybody say don't use it from the winform, it's not secure use WCF Service)
2- if yes, correct me here : what i need to put in the App.Config of the WCF is
Connectionstring : pointing to the ASPNETDB.MDF database base file where the users are saved
Membership/Profiles/Roles Provider
Behavior
Bindings : wsHttpBinding
3- If by miracle i'm right until here, this is my App.Config File :
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<!--_______________________________________ Connection String-->
<connectionStrings>
<add name="ApplicationServices"
connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=E:\DOCUMENTS\CODE\WCFwsHttpBindingTest\WebAppWsHttpBinding\App_Data\aspnetdb.mdf;User Instance=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" />
<!--_________________________________________ Provider-->
<membership>
<providers>
<clear/>
<add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider"
connectionStringName="ApplicationServices"
enablePasswordRetrieval="false"
enablePasswordReset="true"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="false"
maxInvalidPasswordAttempts="5"
minRequiredPasswordLength="6"
minRequiredNonalphanumericCharacters="0"
passwordAttemptWindow="10"
applicationName="/" />
</providers>
</membership>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="MyServiceBehavior"
name="WCFwsHttpBinding.Service1">
<endpoint address =""
binding="wsHttpBinding"
bindingConfiguration="MembershipBinding"
name="ASPmemberUserName"
contract="WCFwsHttpBinding.IService1">
</endpoint>
</service>
</services>
<!--__________________________________________ Behavior-->
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="AspNetSqlMembershipProvider"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<!--__________________________________________ Binding-->
<bindings>
<wsHttpBinding>
<binding name="MembershipBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
when i try debug, i get this Error:
Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding. Registered base address schemes are [].
Thank you so much for helping.
I'm trying to deploy a WCF service as a Windows Azure Role using wsHttpBinding.
When the client tries to connect to it, it keeps getting the following exception:
[SynchronizingContextState.Process] [System.Net.WebException: The remote server returned an error: (415) Cannot process the message because the content type 'application/soap+xml; charset=utf-8' was not the expected type 'text/xml; charset=utf-8'..]
at System.Net.HttpWebRequest.GetResponse()
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
This would seem to indicate that the service is using basicHttpBinding instead. However, I checked my Web.config many times and can't seem to find anything wrong. Plus, the same service works perfectly when being hosted outside Azure.
I connected to the Azure VM and confirmed that the correct Web.config is deployed, but it looks as if it's just being ignored, because I cannot get the service metadata either, even though it's supposedly enabled.
Here's my Web.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
<section name="entityFramework" type="System.Data.Entity.Internal.ConfigFile.EntityFrameworkSection, EntityFramework, Version=4.4.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" requirePermission="false" />
</configSections>
<entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />
</entityFramework>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="BackendServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="BackendServiceBinding" maxReceivedMessageSize="655360">
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service name="MyNamespace.BackendService" behaviorConfiguration="BackendServiceBehavior">
<endpoint name="Backend" address="" binding="wsHttpBinding" bindingConfiguration="BackendServiceBinding" contract="MyNamespace.IBackendService" />
<endpoint name="BackendMex" address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/BackendService.svc" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
Am I missing something here? Thank you very much.
Did you try adding to the endpoint behavior?
<behavior name="web">
<webHttp />
</behavior>
(if you want MEX to be working do it for it to too)
Ok, I finally fixed it, it was a bad case of PEBKAC. =/
I've seen somebody have the same problem because he didn't include the namespace in the service name so I suspected it was a namespace issue, but I've looking at the wrong place all the time.
Turns out the Azure implementation for the service was defined in the wrong namespace. I corrected it and voilá, now it works.
Hope this is useful to somebody else, at least.
yet another failed attempted to get a WCF Rest (no svc file) service using basicHttpBinding deployed to IIS 7.5. I believe I have the website configured properly along with IIS. I'm sure the problem resides in my config. The response I'm receiving is a 500 Error. I have a MVC 3 web running fine on this box.
The WCF Rest service is using basicHttpBinding with security mode of Transportcredentialonly. Here is my config;
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</modules>
<handlers>
<add name="UrlRoutingHandler" preCondition="integratedMode" verb="*" path="UrlRouting.axd" type="System.Web.HttpForbiddenHandler, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</handlers>
</system.webServer>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="AuthBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="NamedService">
<endpoint contract="Namespace.IService" binding="basicHttpBinding" bindingConfiguration="AuthBinding"></endpoint>
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<standardEndpoints>
<webHttpEndpoint>
<standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true" />
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
Current web and IIS config based on other posts;
I have a v4.0 app pool created for the web
I have a website created associated with the above app pool
I have both 32bit and 64bit .NET v4 ISAPI filters enabled
I register v4 again with Aspnet_regiis.exe -i
I have HTTP Redirect installed
I have basic authentication enabled
Any help would be greatly appreciated. I've been at this for a day now. BTW... I'm not seeing any event messages. I know DNS is configured properly because I can strip away the WCF stuff and put a temp html page in the web and it works.
---------------- UPDATE ---------------------
Still having issues even after using this stripped down config. The couple things I left out is this is a x64 OS and I'm using castle as an IoC. I did run the Frameword64/aspnet_regiis.exe.
<?xml version="1.0"?>
<configuration>
<configSections>
<section name="castle" type="Castle.Windsor.Configuration.AppDomain.CastleSectionHandler, Castle.Windsor"/>
</configSections>
<connectionStrings>
<add name="Main.ConnectionString" connectionString="data source=blah;initial catalog=newdatabase;User ID=web;Password=testing;persist security info=False;packet size=4096;" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation targetFramework="4.0" />
<httpModules>
<add name="PerRequestLifestyle" type="Castle.MicroKernel.Lifestyle.PerWebRequestLifestyleModule, Castle.Windsor" />
</httpModules>
</system.web>
<castle>
<properties>
<myConnStr>data source=blah;initial catalog=newdatabase;User ID=web;Password=testing;persist security info=False;packet size=4096;" providerName="System.Data.SqlClient</myConnStr>
</properties>
<components>
<component id="RestService" service="Namespace.Rest.IRestService, Namespace.Rest" type="Namespace.Rest.RestService, Namespace.Rest" lifestyle="PerWebRequest"/>
<component id="Repository" service="Namespace.Domain.Interfaces.IRepository, Namespace.Domain" type="Namespace.Domain.Repository, Thumbfound.Domain" lifestyle="PerWebRequest">
<parameters>
<connectionString>#{myConnStr}</connectionString>
</parameters>
</component>
</components>
</castle>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="UrlRoutingModule" type="System.Web.Routing.UrlRoutingModule, System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
</modules>
</system.webServer>
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
<standardEndpoints>
<webHttpEndpoint>
<!--
Configure the WCF REST service base address via the global.asax.cs file and the default endpoint
via the attributes on the <standardEndpoint> element below
-->
<standardEndpoint name="" helpEnabled="true" automaticFormatSelectionEnabled="true"/>
</webHttpEndpoint>
</standardEndpoints>
</system.serviceModel>
</configuration>
yet another failed attempted to get a
WCF Rest (no svc file) service using
basicHttpBinding deployed to IIS 7.5.
There's your problem right there - WCF REST must use the webHttpBinding - not basicHttpBinding (that's a SOAP binding).
Turns out this was a Castle Windsor configuration issue.
The resolution to my problem was removing the <httpmodules> section within <system.web> and placing my PerRequestLifestyleModule config in the <modules> section of <system.webServer>. I guess IIS 7 doesn't like httpmodules in integrated mode.
I'm developping a WPF application that needs authentification. I want to use the client application services to use the ASP.Net Membership Provider (see this link if you don't know what I'm talking about). Actually, I made my own provider based on the MembershipProvider. It works perfectly with a ASP.Net projet.
But now, I don't want my authentification to be hosted in a ASP.Net projet anymore, but to be in WCF.
So, I did a WCF service and used a WebHttpBinding. Everything is ok, until the login is entered. The call is made to the service, no doubt about it, but nothing happens. In fact, it's like the call has been made but isn't served.
I can confirm it because I used the service trace viewer to log all the messages to the service.
Eventually, I receive a timeout with the message :
The incoming HTTP request's URI 'http://localhost:21200/Authentication_JSON_AppService.axd/Login' does not match any service operation.
It's like if the Provider isn't taking the call or receive it. I really don't know where to look. I've done my research but I did'nt find similar examples. Here's my settings :
1. Config file for the Membership Provider (working in a ASP.NET project)
<system.web.extensions>
<scripting>
<webServices>
<authenticationService enabled="true" />
<roleService enabled="true" />
</webServices>
</scripting>
</system.web.extensions>
<system.web>
<authentication mode="Forms" />
<authorization>
<allow users="*"/>
</authorization>
<membership defaultProvider="FooMembershipProvider">
<providers>
<add name="FooMembershipProvider" type="Foo.Web.Security.FooMembershipProvider, Foo.Web" />
</providers>
</membership>
</system.web>
2. Config file for my application, section service (working if I use the ASP.NET project)
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<behaviors>
<endpointBehaviors>
<behavior name="WebBehavior">
<webHttp />
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WebBehavior">
<serviceMetadata httpGetEnabled="true" httpGetUrl="" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicHttpMode">
<security mode="None" />
</binding>
</basicHttpBinding>
<webHttpBinding>
<binding name="webHttpMode">
<security mode="None" />
</binding>
</webHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WebBehavior"
name="Foo.Security.Business.Manager.Wcf.Host.SecurityManager">
<endpoint address=""
binding="webHttpBinding"
contract="Foo.Security.Business.Contract.ISecurityContract"
behaviorConfiguration="WebBehavior"
bindingConfiguration="webHttpMode" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:21200" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
3. Config file for my application, section call of the service (working if I use the ASP.NET project)
<membership defaultProvider="ClientAuthenticationMembershipProvider">
<providers>
<add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
serviceUri="http://localhost:21200/Authentication_JSON_AppService.axd"
credentialsProvider="Foo.Windows.LoginWindow, Foo.Windows" />
<add name="FooMembershipProvider"
type="Foo.Security.Business.Provider.FooMembershipProvider, Foo.Security.Business"
serviceUri="http://localhost:21200/Authentication_JSON_AppService.axd"
credentialsProvider="Foo.Windows.LoginWindow, Foo.Windows" />
</providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
<providers>
<add name="ClientRoleProvider"
type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
serviceUri="http://localhost:21200/Role_JSON_AppService.axd"
cacheTimeout="86400" />
</providers>
</roleManager>
If anyone could give me some hints where to look, it would be appreciated. Thanks.
One thing that you could try, is to use https.
In this case you are sending a password over the network in clear text. Sometimes the technology will save you, in that if you try that it will not work.
I am not sure if this is the case here, but since it is only the login that does not work, it is worth a try.
Maybe this will help:
http://underground.infovark.com/2008/03/21/wcf-webhttp-binding-and-authentication/