Problem with WCF and SSL - wcf

I am having problems getting a web service working using SSL and WCF.
If I check in IIS the "Require SSL" seeting then I get this error:
WebHost failed to process a request.
Sender Information:
System.ServiceModel.ServiceHostingEnvironment+HostingManager/36097441
Exception: System.ServiceModel.ServiceActivationException: The service
'/' cannot be activated due to an exception during compilation. The
exception message is: Service
'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService' has
zero application (non-infrastructure) endpoints. This might be because
no configuration file was found for your application, or because no
service element matching the service name could be found in the
configuration file, or because no endpoints were defined in the
service element.. ---> System.InvalidOperationException: Service
'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService' has
zero application (non-infrastructure) endpoints. This might be because
no configuration file was found for your application, or because no
service element matching the service name could be found in the
configuration file, or because no endpoints were defined in the
service element.
However if I uncheck it, the page loads fine in the browser but then I get this error
when I try calling it.
Service 'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService'
has zero application (non-infrastructure) endpoints. This might be
because no configuration file was found for your application, or
because no service element matching the service name could be found in
the configuration file, or because no endpoints were defined in the
service element.
This is the configuration:
<system.serviceModel>
<services>
<service name="ISS.MS.WebServices.MessageDispatchWcfService">
<endpoint
address=""
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_MS2"
contract="ISS.MS.WebServices.IMessageDispatchWcfService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceDebug includeExceptionDetailInFaults="False" />
<serviceMetadata httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_MS2" >
<readerQuotas maxStringContentLength="1048576" />
<security mode="Transport">
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
</system.serviceModel>
I can get it working perfectly using normal HTTP, but HTTPs doesn't work.
I am guessing its either an IIS setting or WCF configuration issue?

I figured it out, the name of the service and contract was not correct...how embarrassing.
Anyone know why it would still work over HTTP even it these are incorrect?

(About "multipleSiteBindingsEnabled"): To enable multiple IIS bindings per site for a service, set this property to true. Notice that multiple site binding is supported only for the HTTP protocol.
ref: http://msdn.microsoft.com/en-us/library/system.servicemodel.configuration.servicehostingenvironmentsection.multiplesitebindingsenabled.aspx
try this
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false">
</serviceHostingEnvironment>

Related

WCF/SSL error: Failed to lookup a channel to receive an incoming message

I've been having a difficult time getting a WCF call in Silverlight to work when using SSL. I've gotten it to a point where WCF tracing says the endpoint is listening but when my code tries to call a function on it WCF Tracing shows the error:
Failed to lookup a channel to receive an incoming message. Either the endpoint or the SOAP action was not found.
If I browse to the services URL I properly get the service page, but calling it in code it always fails. Again, this only happens on HTTPS, not before when I was using HTTP. Of course there were a number of config changes to add to use SSL. I should note that the WCF Domain Services functions work fine over SSL, just not the WCF Service. Below are my various config file sections
Web.config
<system.serviceModel>
<domainServices>
<endpoints>
<add name="OData" type="System.ServiceModel.DomainServices.Hosting.ODataEndpointFactory, System.ServiceModel.DomainServices.Hosting.OData, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</endpoints>
</domainServices>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<behaviors>
<endpointBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding" maxReceivedMessageSize="20000" maxBufferSize="20000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
<readerQuotas maxArrayLength="20000" maxStringContentLength="20000" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="PictureService">
<endpoint address="https://MyServer/AdvisorDev/PictureService.svc"
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="PictureService.IPictureService"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
ServiceReferences.ClientConfig:
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IPictureService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://MyServer/AdvisorDev/PictureService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IPictureService"
contract="PictureService.IPictureService" name="BasicHttpBinding_IPictureService" />
</client>
</system.serviceModel>
</configuration>
Create client:
PictureService.PictureServiceClient client = new PictureService.PictureServiceClient();
I am running this on my Dev machine using VS 2012 and using IIS as my web server. IIS is using a self-signed certificate. When my site first loads I do get the "There is a problem with this website's security certificate" error, click continue, and the rest of the application runs fine again including the Domain Service calls which use a dynamically created proxy. I create my proxy for this failing WCF service using "Add Service Reference"
One of my sources for SSL is this:
http://msdn.microsoft.com/en-us/library/hh556232(v=vs.110).aspx
This is the service I implemented:
http://www.silverlightshow.net/items/Uploading-and-downloading-images-from-WCF-in-Silverlight.aspx
I appreciate all advice on this, thank you.
It turns out this error was caused by an incorrect namespace in the Service name and contract attributes in the web.config for this service.
Just in case anyone else is having this issue as well, I was receiving the same error. The fix turned out to be removing inheritance from three of my classes.
My WCF service was returning a List<MyObject> and three classes inherited from the "MyObject" class. This error was thrown when one of the inheriting classes was included in the list.
Ex:
public class MyObject
public class MyObjectTwo : MyObject
...
List<MyObject> returnList;
MyObjectTwo addingThisBreaksTheService = new MyObjectTwo();
returnList.Add(addingThisBreaksTheService);
return returnList; // Exception thrown after this statement

How to Resolve EndpointNotFound exception in WCF

I have been trying to resolve a problem that I am having with a WCF service hosted on our cloud platform. Service is written targeting .NET 4.0. I can access the service using both wsHttpBinding and basicHttpBinding over just plain http. However, when I try and access the service over a https end point it consistently gives me an endpoint not found exception which is odd because on the client I add a service reference pointing at the https end point and this should be sufficient to build a compatible proxy?
The web site has a SSL certificate setup which is valid, and the site hosting the service has a binding in IIS that uses this certificate. I can browse to the https URL from within the IIS snap-in and it finds the service with no problems, and I can use the same url from my desktop and get the normal "you have created a service page". IIS has anonymous authentication enabled only.
Here is where I get a bit hazy on what I have to do in terms of the WCF configuration.
In the server web.config I have security mode of Transport and
client credentials of None (Think I need this because of the
anonymous authentication on the host service)
Also in the server web.config I have set up mex end points for each
of the server's end points that are defined.
Is there anything else I need to do here?
On the client side
I have created a basic console app, and create a service
reference pointing at the https url and this is found
In the code I instantiate the proxy and call a method that invokes
the service.
When I run the code I get the end point not found exception.
I have created a really basic ASP.NET web site on my local IIS that hosts a really simple service. I have added a self-signed certificate and in the mmc snap-in I have imported this as a trusted certificate. I have set up a wsHttp end point for both secure and non-secure and when I create a simple client that references the service I get the same problem when using a https end point.So I can replicate the problem I am seeing in the live environment.
The event viewer doesn't shed any light on anything untoward happening.On my various searches I found references to re-registering asp.net and the WCF runtime components. Tried all this to no avail. Getting really stuck. I've included the config from my local asp.net web site, and the client config so people can scan what I have. Any suggestions on what else I could try would be great. I'm hoping I have overlooked something obvious that another pair of eyes with more experience with WCF can spot.
Thanks in advance.
Server config:
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" maxMessagesToLog="500" />
</diagnostics>
<services>
<service name="NorthwindServices.ProductService">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8732/Design_Time_Addresses/NorthwindServices/ProductService/" />
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" contract="NorthwindServices.IProducts">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="wsHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="Secure">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic">
</transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</
==================================================================================
Client config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IProducts">
<security mode="Transport"></security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/Northwind.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IProducts" contract="ProductProxy.IProducts"
name="WSHttpBinding_IProducts">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
BindingConfiguration is optional since an endpoint is primarily composed of address, binding and contract. If no wsHttpBinding is defined under bindings, the default configuration will be used; if there's one under wsHttpBinding without name or with empty name, the binding configuration will be used if the endpoint does not declare a named one. And you may have multiple named binding configuration under wsHttpBinding, and each endpoint may pick one accordingly. The problems so far according to your config files listed has nothing to do with bindingConfiguration as they all look fine. However, the baseAddress in service side and the client endpoint address do not seem to match, and I presume you are using svc files for service activation. Then you need to make sure the svc files are located in the right place through proper routing. Alternatively you may use config activation without using svc files.

WCF Service over HTTPS giving errors

I have made a WCF service with configuration as follows:
<!-- This is the binding for SSL-->
<wsHttpBinding>
<binding name="SSLBinding">
<security mode="Transport" >
<transport clientCredentialType="None" ></transport>
</security>
</binding>
</wsHttpBinding>
<!-- SSL Binding Ends here.-->
</bindings>
<behaviors>
<serviceBehaviors>
<!-- This is the behavior we have defined for SSL configuration-->
<behavior name="SSLBehavior">
<serviceMetadata httpsGetEnabled="True"/>
</behavior>
<!-- SSL Behavior Ends here -->
</serviceBehaviors>
</behaviors>
<services>
<!-- Service configured alongwith its Mex Endpoint-->
<service name="CalculatorService.Service1" behaviorConfiguration="SSLBehavior">
<endpoint contract="CalculatorService.IService1" name="SSLAddress" binding="wsHttpBinding" bindingConfiguration="SSLBinding"></endpoint>
<endpoint name="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="false" />
I have used the following tutorial to host SSL on WCF service on IIS 5.1
http://www.codeproject.com/Articles/36705/7-simple-steps-to-enable-HTTPS-on-WCF-WsHttp-bindi
I am getting the error as
A binding instance has already been associated to listen URI
'https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc'. If two endpoints want to share the same ListenUri, they must also share the same binding object instance. The two conflicting endpoints were either specified in AddServiceEndpoint() calls, in a config file, or a combination of AddServiceEndpoint() and config.
In endpoint named "SSLAddress" I added "address" as 'https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc', but was not able to add service reference with this URL, and had to specifically give WSDL path.
Even after providing WSDL path and adding service reference successfully to console application, when the client proxy was executing the methods, it was giving error. So I removed the address attribute from endpoint and now this issue is coming. I am not sure what is wrong in current configuration? Thanks for help.
try adding
address="mex"
to your meta data endpoint.
the address specified ends up being a relative path, so it will be given
https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc/mex
as an address. The other endpoint will remain at
https://wd-xpa7kyy12d3.XXXX.com/CalculatorService/Service1.svc

Wcf Http and Https

Help please!!
I had the following set up working perfectly:-
WCF Service Library hosted in web site on local IIS 7
Silverlight Application on a web site on local IIS 7 using above services
The solution I am writing is for intranet and not internet use, however I have been told by my bosses that it needs to be over Https. I am using Windows Authentication.
Below is a chunk of the config file for one of the service endpoints (changed to remove company info etc):-
<services>
<service behaviorConfiguration="stdHttpBehavior" name="WcfServiceLibrary.StaticDataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="windowsHttpBinding"
name="StaticDataService" contract="WcfServiceLibrary.ServiceContracts.IStaticDataService" />
<endpoint address="mex" binding="mexHttpBinding" name="" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/WcfServiceLibrary/StaticDataService/" />
</baseAddresses>
</host>
</service>
<behaviors>
<serviceBehaviors>
<behavior name="stdHttpBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
To experiment with Https I created a 'Self-Signed Certificate'. I then added https to the Default Web Site bindings and changed the two web sites to require SSL and also changed the relvant URIs in the config files. I managed to get this to work but now I want to go back to standard Http and finish the project in that mode as it was easier to work with. I changed all the settings back (and I have checked these extremely carefully).
Now I get this error if I try to downoad the Service definition in the Silverlight project: -
'Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].'
If I put back the certificate and binding in IIS. The Service definition appears to download OK, however it references an https URI and therefore none of the actual service calls work as they are http adresses!
I tried adding a new web site to host the service but got the same errors.
I have been trying to solve this for the last couple of days but cannot find an answer. It seems as though there is a hidden reference somewhere and not in my project as it continued with a new web site added to IIS.
To use SSL over HTTP under Basic HTTP binding, you need to switch your endpoint to use Transport-level security. In your case you will also want to indicate the client credential type:
<bindings>
<basicHttpBinding>
<binding name="windowsHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
<message />
</security>
</binding>
</basicHttpBinding>
</bindings>
It may seem obvious, but did you change the security mode on the windowsHttpBinding binding configuration to BasicHttpSecurityMode.None?
<bindings>
<basicHttpBinding>
<binding name="windowsHttpBinding">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
Related resources:
Transport Security Overview
BasicHttpSecurityMode Enumeration

How can I generate a client proxy for a WCF service with an HTTPS endpoint?

Might be the same issue as this previuos question: WCF Proxy but not sure...
I have an HTTPS service connfigured to use transport security and, I hope, Windows credentials. The service is only accessed internally (i.e. within the intranet). The configuration is as follows:
<configuration>
<system.serviceModel>
<services>
<service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior">
<host>
<baseAddresses>
<add baseAddress = "https://localhost:8000/WCFTest/CalculatorService/" />
</baseAddresses>
</host>
<endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType = "Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.CalculatorBehavior">
<serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="UseWindowsGroups" />
<serviceCredentials >
<windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
When I run the service I can't see the service in IE. I get a "this page can not be displayed" error. If I try and create a client in VS2008 via the "add service reference" wizard I get this error:
There was an error downloading
'https://localhost:8000/WCFTest/CalculatorService/'.
There was an error downloading
'https://localhost:8000/WCFTest/CalculatorService/'.
The underlying connection was closed:
An unexpected error occurred on a
send. Authentication failed because
the remote party has closed the
transport stream. Metadata contains a
reference that cannot be resolved:
'https://localhost:8000/WCFTest/CalculatorService/'.
An error occurred while making the
HTTP request to
https://localhost:8000/WCFTest/CalculatorService/.
This could be due to the fact that the
server certificate is not configured
properly with HTTP.SYS in the HTTPS
case. This could also be caused by a
mismatch of the security binding
between the client and the server. The
underlying connection was closed: An
unexpected error occurred on a send.
Authentication failed because the
remote party has closed the transport
stream. If the service is defined in
the current solution, try building the
solution and adding the service
reference again.
I think I'm missing some fundamental basics here. Do I need to set up some certificates? Or should it all just work as it seems to do when I use NetTcpBinding?
Thanks
ng5000,
Seems like you may have another issue here (maybe IIS). Do you have any issues with transport-level security off? I would also make sure you can get to the web address in IE before checking the WCF stuff. Sounds like a IIS setting that's not correct in the security tab.
If its still a problem try building the proxy with transport-level security off and then go back and change both configs to transport level windows security and see what happens.
-Bryan
...
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<issuedTokenParameters keyType="SymmetricKey" tokenType="" />
...
here is my workaround. I got above config file and changed authenticationMode from "IssuedTokenOverTransport" to "UserNameOverTransport". It resolved issue on my environment.
Change
<endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>
to
<endpoint address ="basicHttpEP" binding="basicHttpsBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>