WCF configuration with https - wcf

I'm not having any success setting up HTTPS in my development environment on an existing WCF service. The service has been fine with http. I'm using the hosts file to redirect to localhost, which has been working for http.
My web service configuration
<services>
<service name="EnfieldWebService">
<endpoint address="https://enfieldwebservice.devserver.int/EnfieldWebService.svc"
binding="basicHttpBinding" bindingConfiguration="transportSecurity" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="transportSecurity">
<security mode="Transport">
</security>
</binding>
</basicHttpBinding>
</bindings>
Client configuration
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IEnfieldWebService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://enfieldwebservice.devserver.int/EnfieldWebService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IEnfieldWebService"
contract="HttpsEnfieldService.IEnfieldWebService" name="BasicHttpBinding_IEnfieldWebService" />
</client>
And Unit Test Results:
System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at
https://enfieldwebservice.devserver.int/EnfieldWebService.svc that
could accept the message. This is often caused by an incorrect address
or SOAP action. See InnerException, if present, for more details. --->
System.Net.WebException: The remote server returned an error: (404)
Not Found.

Used WCF Configuration Editor to rewrite essentially the same configuration. All that it removed was
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
Turns out this feature is only compatible with http, and breaks https.

Related

WCF Error with TCP

I have a website which connects to a WCF service deployed in IIS on two application servers behind a load balancer & firewall. When I use HTTP endpoints the website is able to connect to the WCF service successfully. However on switching to TCP protocol, I am seeing the following error.
More data was expected, but EOF was reached.
[InvalidDataException: More data was expected, but EOF was reached.]
[ProtocolException: Error while reading message framing format at position 0 of stream (state: ReadingUpgradeRecord)]
[ProtocolException: The server at net.tcp:///SecurityService.svc rejected the session-establishment request.]
The website application pool is running under a local user account, while the WCF services are running under default ApplicationPoolIdentity. No trace logs are getting generated at the service end. Trace logs are getting generated at the client end with the same error.
The WCF service is hosted under the default port 808 in the application server, but it is not being shared by any other application/service.
Environment: Win2k8, IIS 7.5
I have verified the TCP connectivity to the application server from the web server and it is fine.
Please let me know if any other information is needed from my side. Really appreciate any guidance as I have spent a lot of time on this.
The snippet from the config files are below:
WCF Service
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_Configuration" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="2147483647" maxConnections="100" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None"/>
</binding>
</netTcpBinding>
</bindings>
<services>
<service name="<namespace>.ServiceImplementation.Security">
<endpoint address="net.tcp://<servername>/SecurityService.svc"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding_Configuration"
contract="<namespace>.ServiceInterface.ServiceContracts.ISecurity" name="NetTcpBinding_Security">
<identity>
<servicePrincipalName value="host/<servername>" />
</identity>
</endpoint>
</service>
</services>
Website Client
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_Configuration" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<netTcpBinding>
<binding name="NetTcpBinding_Configuration" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="http://<servername>/SecurityService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Configuration" contract="SecurityService.Security" name="BasicHttpBinding_Security" />
<endpoint address="net.tcp://<servername>/SecurityService.svc" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_Configuration" contract="SecurityService.Security" name="NetTcpBinding_Security">
<identity>
<servicePrincipalName value="host/<servername>" />
</identity>
</endpoint>
</client>
If I was you, I would Wireshark the traffic going from the client to the server. You just want to make sure that your traffic is not getting blocked somewhere along the way. If you can confirm that this is NOT the case, then it has to be a WCF service configuration issue.
Before you attempt to debug WCF config, try to remove the load balancer out of the picture(if you can), and hit the WCF service directly. Most of the load balancers will support HTTP by default; but will need special configuration for any other protocols.

The remote server returned an error: (413) Request Entity Too Large

I know this is a redundant question, I am getting the error while I am uploading the a file which is more than 100 KB.
The remote server returned an error: (413) Request Entity Too Large.
I am posting the content to a WCF Service (64 bit environment). Am aware this should have been resolved with managing maxReceivedMessageSize and relevant behaviours but unfortunately its not.
Below is my configurations :-
Client
<binding allowCookies="false" bypassProxyOnLocal="false" closeTimeout="00:01:00" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" name="BasicHttpBinding_ICandidateManagementService" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:11:00" textEncoding="utf-8" transferMode="Streamed" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message algorithmSuite="Default" clientCredentialType="UserName"/>
</security>
</binding>
<behavior name="CandidateBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
<endpoint address="http://localhost:62368/CandidateManagementService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ICandidateManagementService" contract="MMJ.ServiceContracts.ServiceContract.ICandidateManagementService" name="BasicHttpBinding_ICandidateManagementService" behaviorConfiguration="CandidateBehavior" />
Service
<services>
<service name="BasicHttpBinding_ICandidateManagementService" behaviorConfiguration="CandidateBehavior">
<endpoint contract="MMJ.ServiceContracts.ServiceContract.ICandidateManagementService" binding="basicHttpBinding" address="" bindingConfiguration="BasicHttpBinding_ICandidateManagementService"/>
</service>
I have seen possibly everything available and still cant solve this issue. have also tried using below configuration, but still no change...
<serverRuntime uploadReadAheadSize="500000000" maxRequestEntityAllowed="500000000"/>
Kindly help!
Service binding Config (its same as client)
<binding allowCookies="false" bypassProxyOnLocal="false" closeTimeout="00:01:00" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" name="BasicHttpBinding_ICandidateManagementService" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:11:00" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="32" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647"/>
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
<message algorithmSuite="Default" clientCredentialType="UserName"/>
</security>
</binding>
To give more insight below is the fiddlers finding :-
Request Count: 1 Bytes Sent: 85,719 (headers:697; body:85,022)
Bytes Received: 10,129 (headers:254; body:9,875)
At last my problem is resolved after struggling a lot. I had a flaw in my Service config, which was not giving me any runtime or compile time error as it was not even recognizing the config.
My Service Config was :-
<services>
<service name="BasicHttpBinding_ICandidateManagementService" behaviorConfiguration="CandidateBehavior">
<endpoint contract="MMJ.ServiceContracts.ServiceContract.ICandidateManagementService" binding="basicHttpBinding" address="" bindingConfiguration="BasicHttpBinding_ICandidateManagementService"/>
</service>
I have the "Name" property which is not fully qualified name of my service, and thus the configuration I used was not even considered and thus was taking default 65KB for maxReceivedMessageSize.
I have updated it and its working like a charm.
<services>
<service name="MMJ.Services.CandidateManagementService">
<endpoint contract="MMJ.ServiceContracts.ServiceContract.ICandidateManagementService" binding="basicHttpBinding" address="" bindingConfiguration="BasicHttpBinding_ICandidateManagementService"/>
</service>
Also, have a look at this post for more reference. I know this was a silly mistake, and thanks everyone for putting an effort to fix.
You're posting the data to the server, so updating the client settings won't help. The client is not the one receiving the large message, the server is.
Looking at your client endpoint:
Shouldn't the bindingConfiguration be
bindingConfiguration="BasicHttpBinding_ICandidateManagementService"
Instead of
bindingConfiguration="BasicHttpBinding_IAdminService"

WCF Binding Transport/Windows Binding Security Not Being Enforced

I'm in the process of adding SSL security with Windows authentication to a formerly unsecured IIS hosted WCF service application. To my surprise, I found that two of the service endpoints were already using a Binding with Transport and Windows security. This is confusing because the client applications consuming this service are not configured to use Transport security or Windows credentials. Here is the service config:
<binding name="LargeBuffer" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
...
<service behaviorConfiguration="WebServices.GCServiceBehavior"
name="WebServices.GCService">
<endpoint address="" binding="basicHttpBinding" name="GCSecuredEndpoint"
bindingName="largeBuffer" contract="WebServices.IGCService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
When I use Visual Studio to generate the client proxy and configuration, it creates this:
<binding name="GCSecuredEndpoint" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
...
<endpoint address="http://devservices.mysite.com/GCService/GCService.svc"
binding="basicHttpBinding" bindingConfiguration="GCSecuredEndpoint"
contract="GCSvc.IGCService" name="GCSecuredEndpoint" />
Notice it's security mode="None" and Transport ClientCredentialType is None instead of Windows. When I call a method on the GCService it succeeds. I would expect it to first complain that I'm trying to access over http instead of https, but it doesn't. Next I would expect it to not authenticate or complain that the client endpoint doesn't match the service in terms of authentication, but it doesn't.
I have another service in the same application that I had just setup with Transport/Windows security just without all the buffer/readquota stuff. For starters, when I generate the client proxy/config in VS for this service, it automatically uses the https address, transport security, and windows authentication. If I manually change it to use None for both, as above, a call to one of the service methods does not succeed, as expected. Why is the GCService above working?
The server config has
bindingName="largeBuffer"
instead of
bindingConfiguration="LargeBuffer"
The LargeBuffer binding configuration was never being used.

Problems with WCF reliable session (reliable messaging)

In our WCF application I am trying to configure reliable sessions.
Service:
<wsHttpBinding>
<binding name="BindingStabiHTTP" maxBufferPoolSize="524288"
maxReceivedMessageSize="2097152"
messageEncoding="Text">
<reliableSession enabled="true" ordered="true"
inactivityTimeout="00:10:00"/>
<readerQuotas maxDepth="0" maxStringContentLength="0"
maxArrayLength="0" maxBytesPerRead="0"
maxNameTableCharCount="0" />
</binding>
</wsHttpBinding>
Client:
<wsHttpBinding>
<binding name="BindingClientWsHttpStandard" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8"
useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192"
maxArrayLength="16384" maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="true" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows"
negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
Unfortunately I get an error which is as follows:
No signature message parts were specified for messages with the 'http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence' action.
If I disable the reliableSession on the client I get this message:
The action is not supported by this endpoint. Only WS-ReliableMessaging February 2005 messages are processed by this endpoint.
So it seems that the server is configured correctly for RM.
I cannot find anything valuable about the error I get so I don't know how to fix this. Any ideas what can be wrong?
Thank in advance,
Rob
After starting a new test project that worked fine with RM I finally found the problem by comparing the configuration files. It appeared that our service configuration did not specify the correct binding configuration:
<service behaviorConfiguration="somebehavior"
name="somename">
<endpoint address="" binding="wsHttpBinding"
bindingConfiguration="SomeBinding"
name="http"
contract="somecontract" />
<endpoint address="mex"
binding="mexHttpBinding"
bindingConfiguration=""
name="mex"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8731/Design_Time_Addresses/somelibrary/someservice/" />
</baseAddresses>
</host>
</service>
This bindingConfiguration was empty. It then takes the default wsHttpBinding which is something different then the one specified (even if there is only 1).
I think the security settings for client and server don't match.
The client has:
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
and the server has nothing at all.....
Can you try to have the same settings for both client and server? Does it work then??

WCF Service Name & Binding Name

Scenario
I have two WCF Services combined in a single App.Config file.
I can't get the thing to run (the application compiles but fails at initialization of the services).
Question
I'm wondering whether I need to set the service name to be the same as something else that is also defined as part of the service overall?
ERROR
TypeInitializationException
{"Service 'MurexUploadObjects.ResponseService' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element."}
CODE
<system.serviceModel>
<configuration>
<behaviors>
<serviceBehaviors>
<behavior name="Service1Bevhavior">
</behavior>
<behavior name="Service2Bevhavior">
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="tcpBloombergServiceEndPoint" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions"
hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288"
maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:05:00"
enabled="true" />
<security mode="None">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
</binding>
<binding name="TransactedBinding">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<services>
<!--SERVICE ONE-->
<service name="INSERT NAME HERE">
<endpoint address="net.tcp://AP434190:8732/BloombergService/"
binding="netTcpBinding"
contract="BloomberPriceListenerService.IBloombergPriceListenerService"
bindingConfiguration="tcpBloombergServiceEndPoint"
name="tcpBloombergServiceEndPoint" />
</service>
<!--SERVICE TWO-->
<service name="INSERT NAME HERE">
<endpoint address="net.tcp://localhost:8735/private/MurexUploadObjects/ResponseService"
binding="netTcpBinding"
contract="MurexUploadObjects.IResponseService"
bindingConfiguration="TransactedBinding"
name="TransactedBinding"/>
</service>
</services>
</system.serviceModel>
</configuration>
The service name must be the fully qualified name of your service class, including the namespace, e.g.
<service name="YourServiceNamespace.YourService">
It can't be just anything - the name of the service class is used by ServiceHost to find the right service configuration.