securing a wcf with https - wcf

I hosted a WCF .svc file in IIS 6.0 under a virtual directory secured with https. When requesting the wsdl through my browser I get a http 400 error. Here's a chunk of my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="AuthWorkStation_Extranet.App_Code.AwsService" behaviorConfiguration="ServiceBehavior">
<endpoint name="" address="https://extlpo01.srr.fr/Sphinx/Service.svc" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthWorkStation_Extranet.App_Code.IAwsService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceCredentials>
<serviceCertificate storeName="Root" findValue="CA_SRR_DISTRIB" x509FindType="FindBySubjectName" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
anyone knows what's wrong with my setup ?

If you just want HTTPS, you need to update your web.config. Change the following:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
To:
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>

Related

Calling Action: ContractFilter mismatch at the EndpointDispatcher

I'm looking on this issue for hours. I try to get a WCF service running and now it comes down to a ContractFilter-Mismatch-Error wit the Action "http://tempuri.org/ISystemService/LogIn". Here is the relevant part of the client config:
<bindings>
<netTcpBinding>
<binding name="netTcpBindingConfig_TimeRegistrationSystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="netTcpBindingConfig_SystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.TimeRegistrationSystemService.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_SystemService" contract="SystemService.ISystemService" name="NetTcpBindingBinding_ISystemService" />
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_TimeRegistrationSystemService" contract="TimeRegistrationSystemService.ITimeRegistrationSystemService" name="NetTcpBindingBinding_ITimeRegistrationSystemService" />
</client>
and here the server's config - binding configuration:
<bindings>
<netTcpBinding>
<binding name="netTcpBindingConfig_OtherInterfaceService">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="netTcpBindingConfig_TimeRegistrationSystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="netTcpBindingConfig_SystemService" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
server's config - services:
<service name="MyCompany.Services.EasyLogicInterfaceService" behaviorConfiguration="release">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_EasyLogicInterfaceService" contract="MyCompany.Services.IEasyLogicInterfaceService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.EasyLogicInterfaceService.svc/" />
</baseAddresses>
</host>
</service>
<service name="MyCompany.Services.TimeRegistrationSystemService" behaviorConfiguration="release">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_TimeRegistrationSystemService" contract="MyCompany.Services.ITimeRegistrationSystemService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc/" />
</baseAddresses>
</host>
</service>
<service name="MyCompany.Services.SystemService" behaviorConfiguration="release">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="netTcpBindingConfig_SystemService" contract="MyCompany.Services.ISystemService">
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc/" />
</baseAddresses>
</host>
</service>
and the behaviors:
<serviceBehaviors>
<behavior name = "debug">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name = "release">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
I first thought it might be a typo but I don't find it (am I blind?!?). I already updated my service references in the client solution and published both, the server code and the client code, afterwards. And also, I already put all relevant strings in the client config from the server config (binding configuration, endpoint addesses etc.) by copy'n'paste to avoid a typo.
Than I run through a lot of answers here on stackoverflow without finding any solving my problem.
I can run the client and the server code locally without problems. The problems occur only after deployment.
Tracking the call by system.diagnostics doesn't reveal something else than this error message.
Do you see more than I do or do you know any issues wich triggers this errors? When this error comes up, a connection between the client and the server already is succesfully established, right? So it cannot be a problem with Kerberos or something...
I apologize in advance if it turns out that it really is just a typo. But I don't find any...
Best regards!
<client>
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.TimeRegistrationSystemService.svc"... contract="SystemService.ISystemService" name="NetTcpBindingBinding_ISystemService" />
<endpoint address="net.tcp://mysrv.myteam.local:54520/MyCompany.Services.SystemService.svc"... contract="TimeRegistrationSystemService.ITimeRegistrationSystemService" name="NetTcpBindingBinding_ITimeRegistrationSystemService" />
</client>
The client config endpoints have reverse contract.
As per your service.config, For the TimeRegistrationSystemService.svc the contract should be ITimeRegistrationSystemService and for SystemService.svc the contract should be ISystemService.

WCF SOAP service returns Not Found for a large request and works OK for a smaller one

I have a SilverLight application that calls WCF service by POST via SSL and sends large request. Everything works OK on a local machine with a self-signed certificate. Moreover, it works on a remote server but only for a small request. When the application make a POST request (using SOAP) for a big scope of data I get a CommunicationException: "The remote server returned an error: NotFound." The same use case on the local machine with absolutely the same web.config file (except of the sql connection string) works without the issue. It seems that the problem in the IIS configuration. I tried to investigate IIS logs but did not find any information about the requests as something before the logging kernel rejected the request. I have read a lot of articles where people propose different settings of the endpoints bindings, tried them but have not achieved success.
My configuration of the services is the next:
<system.web>
<httpRuntime maxRequestLength="2097151"/>
<!--...(other settings) -->
</system.web>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483647" />
</requestFiltering>
</security>
</system.webServer>
<system.serviceModel>
<services>
<!--... (other services)-->
<service name="SD.Web.Services.ClientUser.UserLayersService">
<endpoint address="soap"
binding="basicHttpBinding"
contract="SD.Web.Services.ClientUser.IUserLayersService" />
<endpoint address="json"
behaviorConfiguration="SD.Web.Services.AspNetAjaxBehavior"
binding="webHttpBinding"
contract="SD.Web.Services.ClientUser.IUserLayersService" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<security mode="Transport" />
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="SD.Web.Services.AspNetAjaxBehavior">
<webHttp defaultBodyStyle="Bare"
defaultOutgoingResponseFormat="Json"
automaticFormatSelectionEnabled="false"
faultExceptionEnabled="true" />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
I found the answer using Fiddler 4. Reader quotas have to be set.
<bindings>
<webHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="Transport" />
</binding>
</webHttpBinding>
<basicHttpBinding>
<binding maxReceivedMessageSize="2097152"
maxBufferSize="2097152"
maxBufferPoolSize="2097152">
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"/>
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>

WCF webHttpBinding for both HTTP and HTTPS?

I'm having a really hard time finding how to host a WCF service in an IIS site that works on both HTTP and HTTPS. I've done about 10 hours of research including just about every link on StackOverflow that relates to this issue and tried many different combinations and have not yet been able to get both working at the same time. Right now only HTTPS works with the below configuration:
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="http">
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
<binding name="https">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="MyWcfServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
<services>
<service name="MyWcfService">
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="http" contract="IMyWcfService" />
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="https" contract="IMyWcfService" />
</service>
</services>
</system.serviceModel>
I think you need to specify different endpoint "address" values in your service configuration.
For example:
<services>
<service name="MyWcfService">
<endpoint address="" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="http" contract="IMyWcfService" />
<endpoint address="secure" behaviorConfiguration="MyWcfServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="https" contract="IMyWcfService" />
</service>
</services>

How to enable SSL/HTTPS in WCF Service?

I want to enable SSL/HTTPS in my WCF Service.
So I have found a site of Microsoft: http://msdn.microsoft.com/en-us/library/hh556232.aspx
But it doesn't function.
Is there something missing?
This is what I have:
<system.serviceModel>
<services>
<service name="Service.Service">
<endpoint address="" binding="webHttpBinding" contract="Service.IService" bindingConfiguration="webHttpsBinding" behaviorConfiguration="restBehavior"></endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="restBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpsBinding" closeTimeout="00:00:20">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
I want to call the service from jquery. Use ajax and getjson.

Calling an HTTPS WCF service with Anonymous authentication?

Even though anonymous access is enabled on the Virtual Directory of the WCF service and Integrated Authentication is disabled, I still get the error:
The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'Negotiate,NTLM'.
This is what the security definition on client binding configuration looks like:
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="None" negotiateServiceCredential="false" />
</security>
And the endpoint definition:
<endpoint address="https://url.com/Service.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
contract="IService" name="WSHttpBinding_IService">
<identity>
<servicePrincipalName value="spn" />
</identity>
</endpoint>
I've already tried adding:
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
But it doesn't seem to have any effect.
Is there something on IIS that I need to change?
[EDIT]
Service configuration:
<behaviors>
<endpointBehaviors>
<behavior name="defaultBehavior"/>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="metadataSupport">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl=""/>
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="https" port="443" />
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="ServiceLibrary.Service"
behaviorConfiguration="metadataSupport">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="wsSecureBinding"
contract="ServiceLibrary.IService"/>
<endpoint address="mex"
binding="wsHttpBinding"
bindingConfiguration="wsSecureBinding"
name="mexHttps"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsSecureBinding">
<security mode="Transport"/>
</binding>
</wsHttpBinding>
</bindings>
Modify your binding configuration in service to:
<bindings>
<wsHttpBinding>
<binding name="wsSecureBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
It expects Windows credentials by default.