WCF SSL Rest based web service with basic authetication - wcf

I have a simple WCF REST based service deployed (development ofcourse) using SSL. I am trying to make it work with basic authentication but quite frankly am getting nowhere with it.
IIS 6.0
REST based - Using webHttpBinding
Here is what my web.config looks like ... just the relevant portions:
<system.serviceModel>
<services>
<service behaviorConfiguration="ThisTestService.MyTestServiceBehavior"
name="ThisTestService.MyTestService">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="Secure" behaviorConfiguration="WebBehavior" contract="ThisTestService.IMyTestService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration="Secure" contract="IMetadataExchange"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ThisTestService.MyTestServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="Secure">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
I have Anonymous authentication turned off in IIS on the virtual directory for the WCF service and Basic authentication is turned on.
When I try to access it say using https://localhost/ThisTestService/MyTestService.svc, I cannot get to it. It gives the "Could not find a base address that matches scheme http for the endpoint with binding WebHttpBinding. Registered base address schemes are [https].".
I've googled a lot but so far all my attempts to understand and fix the issue have been in vain. If I use anonymous authentication then I have no issues however I need to use basic authentication.
Any help is greatly appreciated. Thanks.

You need to turn on https for the virtual directory in which you are hosting the service. (As explained in the last para of this article: http://msdn.microsoft.com/en-us/library/aa751792.aspx)

Related

Unable to get MEX to work with my WCF service

I think it may be due to not having/requiring any base address to be specified in the config. Everything else works fine, including publishing WSDL, calling the service, etc. but when I add a MEX endpoint and try to access it, it returns 503 service unavailable.
My web.config looks like this:
<system.serviceModel>
<bindings>
<basicHttpsBinding>
<binding name="ServiceBinding" />
</basicHttpsBinding>
</bindings>
<services>
<service name="MyServices.CatService" behaviorConfiguration="MyBehavior">
<endpoint address="" binding="basicHttpsBinding" bindingConfiguration="ServiceBinding" contract="MyServices.ICatService"></endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
When I browse to my service, I get the message:
You have created a service.
To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from
the command line with the following syntax:
svcutil.exe http://[mypc]/MyServices/CatService.svc/mex
I'm reasonably sure it's to do with the way the endpoints are defined, but I don't know how to fix it. Any ideas?
Solved - the mex example above that I copied and pasted in is http, not https. I changed it mexHttpsBinding and it worked great. I think http didn't work due to some configuration of running http locally but I am not sure.

installing WCF on mod_mono with mono 2.10.2

i want hosting a WCF service on a opensuse 11.2 with apache 2.2.13 and mono 2.10.2, but i don't have found anything that explain me how in detail, and all my tentative are wrong. Someone may help me?
Thanks in advance
F.
i have partially resolved my problem using visual studio for creating the service and generating in another project the proxy. Then publishing on linux machine the service with this web.config configuration:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="NewBinding0" />
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WcfService2.Service1Behavior"
name="WcfService2.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="NewBinding0"
contract="WcfService2.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService2.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
and adding this two lines to mod_mono.conf
MonoServerPath "/usr/bin/mod-mono-server4"
ddType application/x-asp-net .svc
The problem i mean is only that on mono the mechanism of wsdl doesn't work. But calling normally the service works.
This is the error if i call from my prowser the service:
<Fault><Code><Value>a:InternalServiceFault</Value></Code><Reason><Text xml:lang="">The server was unable to process the request due to an internal error. The server may be able to return exception details (it depends on the server settings).</Text></Reason></Fault>

Getting an Security setting exception while accessing a WCF service

Following are binding configurations of my WCF service.
Anonymous access: off
Basic authentication: on
Integrated Windows authentication: off !!
support HTTP protocol .
I am getting an following exception while accessing my WCF service:
Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="MyBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType ="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WMWcfWebServiceLib.Service1Behavior"
name="WMWcfWebServiceLib.WMWcfWebService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding"
contract="WMWcfWebServiceLib.IWMWebService">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8731/Design_Time_Addresses/WMWcfWebServiceLib/Service1/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WMWcfWebServiceLib.Service1Behavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
Please Help!!
Edit
I am able to access the WCF service through the web browser with the following changes:
Changes the security mode to TransportCredentialOnly and Removed the Mex Endpoint, but now as obvious I am not able to create the proxy on the client side.
Please let me know where I am wrong ?
If you want to support HTTP only your configuration is not used at all because mode="Transport" demands HTTPS. First find why config is not used (probably wrong type name in service element). Next change security mode to TransportCredentialOnly. But be aware that TransportCredentialOnly + Basic authentication means that HTTP requests will contain plain text Windows user name and password. In most cases such implementation will not pass any security audit.
Edit:
You can create proxy without mex endpoint if you still support httpGetEnabled in service metadata behavior.

WCF Service netTCPbinding

I want to use netTCPbinding, so I've changed my web config as below. I'm experiencing this error:
Could not find a base address that matches scheme net.tcp for the endpoint with binding NetTcpBinding. Registered base address schemes are [http].
How can this be solved?
<services>
<service name="DXDirectory.DXDirectoryService" behaviorConfiguration="DXDirectory.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="netTcpBinding" bindingConfiguration="WindowsSecured" contract="DXDirectory.IDXDirectoryService">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:2582/DXDirectoryService" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DXDirectory.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<!--<serviceCredentials>-->
<!--<userNameAuthentication userNamePasswordValidationMode="Custom"
membershipProviderName="CustomUserNameValidator"/>-->
<!--</serviceCredentials>-->
</behavior>
</serviceBehaviors>
</behaviors>
HMm... you've added the base address to your services/host section ok.
Quick question: are you self-hosting, or hosting in IIS ?? Which version of IIS ??
IIS5/6 only support HTTP connections - you cannot host a NetTCP in IIS 5/6.
In IIS7, you have to manually go through a series of steps to enable non-HTTP bindings, but it's possible. See this MSDN article on how to achieve this.
Self-hosting is the best option - you get all bindings and are in total control of your service being hosted.
Marc
Here is a NetTcpBinding basic example from msdn. See if this can help you.
EDIT:
And here is a related SO question.
I cant see section in your config file, can u please
please add this
<netTcpBinding>
<binding name="WindowsSecured">
<security mode="none"/>
</binding>
</netTcpBinding>

WCF - changing endpoint address results in securityexception

My WCF Service uses wsHttpBinding and works fine from the client when the service is gerenated by the client using the default options as follows:
RServiceClient R = new RServiceClient();
However, at some point I'll need to be able to specify the location of the service, presumably by changing the endpoint address as follows:
RServiceClient R = new RServiceClient();
R.Endpoint.Address = new EndpointAddress(new Uri "http://xxx.xxxx.xxx:80/RServer/RService.svc"));
However, when I do specify the exact endpoint, I get a SecurityNegotiationException:
System.ServiceModel.Security.SecurityNegotiationException was unhandled
Message="The caller was not authenticated by the service."
Source="mscorlib"....
The WCF service runs on IIS and has anonymous access enabled under IIS admin. Also, this error occurs when the client is run from the same machine as the service under an admin account - I havn't got to the scary part of running it over the net yet!
Any Ideas?
By default, wsHttpBinding uses Windows authentication. I'm not sure how hosting in IIS affects that scenario.
If you don't want security turned on, you can add an element for security and set the mode element to "None" to the config on both ends to turn off the default setting.
I think this may do the trick -- I've added the section for wsHttpBinding and set the bindingConfiguration of your service to point to the newly added binding properties:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBind">
<security mode="None">
<transport clientCredentialType="None" protectionLevel="EncryptAndSign" />
<message clientCredentialType="None" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior"
name="RService">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="wsHttpBind"
name="RService"
contract="IRService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexHttpBinding"
name="MetadataExchange"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
check this from your config :
...
<identity>
<dns value="localhost" />
</identity>
...
afaik wsHttpBinding has message security turned on by default.
and when it checks against the dns value "localhost" it fails.
Are you using MessageSecurity with certificates? this could be a certificate issue (wrong hostname, self-signed certificate not installed, etc..)
Here is my Service configuration information, i'm using wshttpbinding:
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior" name="RService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
name="RService" contract="IRService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" name="MetadataExchange"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Deleting the identity block didn't work, although did give me an idea:
If I change the endpoint address from:
R.Endpoint.Address = new EndpointAddress(new Uri("http://bigpuss.homeip.net/RServer/RService.svc"));
to
R.Endpoint.Address = new EndpointAddress(new Uri("http://localhost/RServer/RService.svc"));
then everything works fine! Soo, its obviously upset about the nonlocal url address. Are there any other areas in the configuration where security is set up?