I have a need to secure my WCF service using SSL. The problem I'm running into is that this is a WCF Workflow service, and I can't seem to override the default bindings that it sets up behind the scenes.
There must be something that I'm missing in the configuration file, as whatever I do, the binding always comes back as: BasicHttpBinding_IService at address : http://myurl.com/biz/MyService.xamlx
It should be: https://myurl.com/biz/MyService.xamlx.
These are the bindings and endpoint sections:
<bindings>
<basicHttpBinding>
<binding name="basicBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyNamespace.MyService">
<endpoint address="https://myurl.com/biz/MyService.xamlx"
binding="basicHttpBinding"
bindingConfiguration="basicBinding"
contract="IService" />
</service>
</services>
Thanks for any help!
A few things to try:
change the binding to wsHttpBinding and that will force SSL.
change clientCredentialType to Certificate.
use this example and set the httpsGetEnabled to true:
http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/
Related
I have created a WCF REST in .net and I am unable to upload large files on server. When I test the things it will show me error on PostMan Client.
413 Request Too Large
I have changed the web settings. to this.
<webHttpBinding>
<binding name="webHttpBinding" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" transferMode="Streamed">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
</security>
</binding>
</webHttpBinding>
This is me request stream.
Unable to paste my request stream.
A couple of things to check.
First, did you assign the "webHttpBinding" to an explicit endpoint? Something like this, in the <system.serviceModel> section:
<services>
<service name="YourServiceName">
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="webHttpBinding"
contract="FullyQualified.IContractName" />
</service>
</services>
Unless you assign the configuration "webHttpBinding" to an endpoint via the bindingConfiguration attribute, the default (smaller) values for webHttpBinding will be used.
Alternatively, you could make the configuration you specified the default for webHttpBinding by omitting the name attribute in the <binding> element.
Another thing to check is the maxRequestLength value in the <httpRuntime> element in your config file. You can specify a maximum value of 2147483647 (Int32.MaxValue, basically) in the <system.web> section of your config file, like this:
<system.web>
<httpRuntime maxRequestLength="2147483647" />
</system.web>
I have a WCF service endpoint that uses WsHttpBinding and BasicHttpBinding with different addresses to allow them to share the endpoint. There is no security on the BasicHttpBinding. The BasicHttpBinding works fine when my service and client are on the same machine. When they are on different machines the BasicHttpBinding fails and I get this error in the service's trace log: The service certificate is not provided. Specify a service certificate in ServiceCredentials.
The error stops happening if I remove the WsHttpBinding from the service's config.
Service's web.config:
<bindings>
<basicHttpBinding>
<binding name="MyBasicBinding"
maxBufferPoolSize="5242880"
maxReceivedMessageSize="5242880" />
</basicHttpBinding>
<wsHttpBinding>
<binding name="MyWsBinding"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="5242880"
maxReceivedMessageSize="5242880"
allowCookies="false">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="MyService">
<endpoint address="basic" binding="basicHttpBinding" bindingConfiguration="MyBasicBinding"
contract="MyFramework.IMyService" bindingNamespace="http://MyFramework/Services/"/>
<!-- The basic binding fails when the WS binding is present.
If I remove the WS binding, the basic binding will work. -->
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyWsBinding"
contract="MyFramework.IMyService" bindingNamespace="http://MyFramework/Services/"/>
</service>
</services>
FYI I'm using a different address for the basic binding which allows the 2 bindings to share the same endpoint. The URL for WsHttpBinding is http://server/MyService.svc and for BasicHttpBinding is http://server/MyService.svc/basic.
Why does the presence of the WsHttpBinding force the BasicHttpBinding to expect a certificate?
When the service goes up it needs to ensure all endpoints are valid. Since one of the endpoints (The WSHttp one) uses certificate authentication, the server will not go up if this certificate is not defined. So the error is not related to the BasicHttp. That still does not explain why everything works if on the same machine, check if the exact same configuration is used.
I have some WCF services that have been working for a while now on HTTP.
I'm moving them to deployment server now and they need to be HTTPS only.
I got the certificate and when I initially set the up they worked over both HTTP and HTTPS.
...at this point I wanted to drop the non-secure access to the services.
So I'm trying to make amendments to my web.config to make this happen:
Service Behaviours:
<serviceBehaviors>
<behavior name="MetaEnabledBahavior">
<serviceMetadata httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
Service Endpoints:
<service name="Services.BookingService" behaviorConfiguration="MetaEnabledBahavior">
<!-- Service Endpoints -->
<clear/>
<endpoint address="https://website.com/services/BookingService.svc" binding="wsHttpBinding"
bindingConfiguration="TransportSecurity" contract="Services.IBookingService"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
Bindings:
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity" maxReceivedMessageSize="2000000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
What I have ended up with at the moment is my HTTP services are still accessible, but the HTTPS access just sends a blank page.
I need HTTP to return an error/page must be viewed by secure channel and HTTPS to be the ones that work only.
How do I fix this?
Smithy try replacing your endpoint with the following:
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="Services.IBookingService"></endpoint>
And your binding with a basicHttpBinding
<basicHttpBinding>
<binding name="TransportSecurity" maxReceivedMessageSize="2000000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
Hope this helps.
In the <protocolMapping> section of Web.Config, add a <remove scheme="http" /> element.
I need to authenticate a WCF service using windows authentication. I have used the bellow configurations
End Points at server
<endpoint binding="basicHttpBinding" bindingConfiguration="Secured" contract="TestWCFSecurity.IService1" address="" />
<endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" bindingConfiguration="Secured" />
Binding Configurations
<bindings>
<basicHttpBinding>
<binding name="Secured">
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</Bindings>
While I generate the proxy for the client side, I get the following endpoint
<client>
<endpoint address="https://FQNoftheSystem/TestWCF/Service1.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
contract="IService1" name="BasicHttpBinding_IService1" />
</client>
Issues
The client configuration is https, while at the server it is http
because of which the endpoints do not match. Using "Transport"
security would mean a https flow. why am I getting http endpoint at
the server?
I have used basichttpbinding with transport security. is this allowed?
using basichttpbinding with transport generates https for client and http at the server.
Any pointers would really help. Thanks
According to this basicHttpBinding supports transport security.
This seems more like a IIS configuration problem than WCF problem.
See here for information on how to setup SSL on IIS
We have a windows service that we are trying to use as WCF host for a WPF application. It works fine in development but when we have tried to move to our production environment we have had nothing but problems. From reading posts from others, we figured out how to turn on WCF logging and this was a big help. It turned out that our security bindings on the service and the client did not match. We set them both to use windows security but still no luck now we are trying to set the security mode to 'None' but it still is not working. Here is the bindings section of our service config file:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcp">
<security mode='None'>
</security>
</binding>
</netTcpBinding >
</bindings>
<services>
<service name="CompanyService">
<endpoint
address= "our.url.com/CompanyService"
binding="netTcpBinding"
contract="CompanyServices.ICompanyService" />
</service>
</services>
</system.serviceModel>
Here is the serviceModel section of our client app config:
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_Config" >
<security mode="None">
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="our.url.com/CompanyService" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_Config" contract="CompanyServiceProxy.ICompanyService" name="NetTcpBinding_ICompanyService" />
</client>
</system.serviceModel>
If I need to supply additional infor please tell me what I need to supply.
Thanks
Standard net.tcp binding uses Windows credentials by default, and those really require client and service to be in the same Windows domain. Is this the case here??
OK, sorry, you mentioned security=None (your listings weren't properly formatted so I only saw a fraction of the actual config).
I guess your problem really lies in the addresses used:
address= "our.url.com/CompanyService"
When using net.tcp binding, you have to specify that before the address, so change this on both the client and the server to:
address= "net.tcp://our.url.com/CompanyService"
Also, what I don't quite understand is your title: it mentions "streaming" - have you specified streaming mode anywhere? In your config or your service contracts?
Marc