I have added the maxClockScrew to my WCF service config file because it gives me an error when I try to call it over the internet but when I changed the my client time zone to server time zone it works fine(when both in UTC +10.00 it works that means no time difference) or if I set both time to be sync from internet then it works fine.
This is my service config file,
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="Data Source" value="WIN-HDG2"/>
<add key="Initial Catalog" value="DEV"/>
<add key="User ID" value="sa"/>
<add key="Password" value="ssa"/>
<add key="Major version" value="1"/>
<add key="Minor Build" value="1"/>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0">
</compilation>
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="ABService.ServiceBehavior"
name="ABService.Service">
<endpoint address="" binding="wsHttpBinding" name="ValidatorEndpoint" bindingConfiguration="ABService.ServiceBehavior"
contract="ABService.IService">
<identity>
<dns value="localhost" />
</identity >
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ABService.ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="AB548"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="ABService.Validator.UserNamePassValidator,ABService" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="ABService.ServiceBehavior" >
<readerQuotas maxDepth="320" maxStringContentLength="8192000" maxArrayLength="16384000" maxBytesPerRead="999930473" maxNameTableCharCount="16384000"/>
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
<customBinding>
<binding name="ABService.ServiceBehavior">
<textMessageEncoding />
<security authenticationMode="Kerberos">
<localClientSettings maxClockSkew="00:07:00" />
<localServiceSettings maxClockSkew="00:07:00" />
<secureConversationBootstrap>
<localClientSettings maxClockSkew="00:30:00" />
<localServiceSettings maxClockSkew="00:30:00" />
</secureConversationBootstrap>
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
please some one help me with this issue....
Related
I could use some help writing the config file for my WCF. Everything was working till I tried to include the use of throttling and quotas. Not sure if I am using tags correctly or in the correct place. Below is my App.config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
<appSettings>
<add key="baseAddress" value="http://localhost:8000" />
</appSettings>
<system.serviceModel>
<services>
<service behaviorConfiguration="mexBehaviour" name="StringManipulationService.StringManipulation">
<endpoint address="StringManipulationService" binding="basicHttpBinding"
contract="StringManipulationService.IStringManipulation" />
<endpoint address="StringManipulationService" binding="netTcpBinding"
contract="StringManipulationService.IStringManipulation" />
<endpoint address="" binding="wsHttpBinding"
contract="StringManipulationService.IStringManipulation" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/" />
<add baseAddress="net.tcp://localhost:8090/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="mexBehaviour">
<serviceMetadata httpGetEnabled="true"/>
</behavior>
<behavior name="Throttled">
<serviceThrottling
maxConcurrentCalls="1"
maxConcurrentSessions="1"
maxConcurrentInstances="1"
/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttp" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding>
</bindings>
</configuration>
i am getting this
- ERROR: An unhandled exception of type
'System.Configuration.ConfigurationErrorsException' occurred in
System.Configuration.dll Additional information: The binding at
system.serviceModel/bindings/basicHttpBinding does not have a
configured binding named 'BasicHttpBinding_IService1'. This is an
invalid value for bindingConfiguration.
this is my my web.config file
<?xml version="1.0"?>
<configuration>
<configSections>
</configSections>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" maxBufferSize="1000000000" maxBufferPoolSize="1000000000" maxReceivedMessageSize="100000000">
<readerQuotas maxDepth="32" maxStringContentLength="2097152 "
maxArrayLength="2097152" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WcfService1.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration=""
contract="WcfService1.IService1" />
<endpoint address="web" behaviorConfiguration="WebBehaviour" binding="webHttpBinding"
bindingConfiguration="" name="WebEndPoint" contract="WcfService1.IService1" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="WebBehaviour" >
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="DefaultBehaviour">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment minFreeMemoryPercentageToActivateService="0" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
So I'm trying to consume a WCF service from a website and pass the IClaimsIdentity the site got from an STS through to the service.
When I try to invoke a service method through an ActAs channel, I get the following error on the client (looking at trace logs, it never gets to the service, and the STS sends through all tokens correctly):
The identity check failed for the outgoing message. The expected
identity is
'identity(http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty:
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/thumbprint)' for
the 'http://localhost/MyWCFHost/MyService.svc' target endpoint.
I've got a custom IssuedTokenForCertificate binding and all the certificates are OK as far as I can see, it should work, but no dice. I'd appreciate another pair of eyes looking over my config and helping:
Consuming Web Site config:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IMyService">
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenForCertificate"
requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
requireSignatureConfirmation="true">
<issuedTokenParameters tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
<additionalRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:TokenType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</trust:TokenType>
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</trust:KeyType>
</trust:SecondaryParameters>
</additionalRequestParameters>
<issuer address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc"
binding="ws2007HttpBinding" bindingConfiguration="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc">
</issuer>
<issuerMetadata address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc/mex" />
</issuedTokenParameters>
<localClientSettings detectReplays="true" />
<localServiceSettings detectReplays="true" />
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
<ws2007HttpBinding>
<binding name="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc">
<security>
<message establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/MyWCFHost/MyService.svc" binding="customBinding"
bindingConfiguration="CustomBinding_IMyService" contract="MyService.IMyService"
name="CustomBinding_IMyService">
<identity>
<!--<certificate encodedValue="AwAAAAEAAAAUAAAAV2ILlfzl9NIHEiGv1rUCSitq8I0gAAAAAQAAAP8BAAAwggH7MIIBaKADAgECAhBTTBmG1HyUkEDVFmVUxfDLMAkGBSsOAwIdBQAwFTETMBEGA1UEAxMKRXRhbmEgUm9vdDAeFw0xMjA5MjExMjE2MDRaFw0zOTEyMzEyMzU5NTlaMB8xHTAbBgNVBAMTFEV0YW5hIFNUUyBFbmNyeXB0aW9uMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC0lbzr1b1aNiXGhwKMTO58QbLbbKoUtTRkA4egMlmip1Vm46BnscWAMvXA5kyzuqK6Cw/5bel15i0pZXR4kjByKbSr65V0/ODGrkUHaYb5vT8RzCczYcgzJmPGWawMYYJT8PXLXHkFmZZGXFZhiUBzyNMWh8YH16I/wFtUgmaBAQIDAQABo0owSDBGBgNVHQEEPzA9gBAV68U+Vhoc0Nu9qPJXfJSRoRcwFTETMBEGA1UEAxMKRXRhbmEgUm9vdIIQgnOTDbZVCaJFTK8PPAGynTAJBgUrDgMCHQUAA4GBACHLr32oqkFjKGN/fqk2VnsNNIs9niHQ4Q6UbJ252YWf4wFIz9Ho/+ZdFxC4tSHxa/IMH0kzYpRL5p61Zd8/QeryWCStqvoNPwyapaY3g0Pkm6dy6NJ82kX5eJxLjdJp8MVadPJs4VA7Smf+e9lMMoONAGP07AvzAVhtiYK2yMmH" />-->
<certificateReference findValue="57620B95FCE5F4D2071221AFD6B5024A2B6AF08D" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</identity>
</endpoint>
</client>
</system.serviceModel>
WCF Service config:
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<services>
<service name="RPWCFApp.MyService" behaviorConfiguration="MyServiceBehaviour">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration_IssuedTokenOverTransport" contract="RPWCFApp.IMyService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceBehaviour">
<federatedServiceHostConfiguration />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate findValue="81A5DB3796F48B00FAC37CE67D7D8CA43078B996" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<extensions>
<behaviorExtensions>
<add name="federatedServiceHostConfiguration" type="Microsoft.IdentityModel.Configuration.ConfigureServiceHostBehaviorExtensionElement, Microsoft.IdentityModel, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</behaviorExtensions>
</extensions>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration_IssuedTokenOverTransport">
<security authenticationMode="IssuedTokenForCertificate" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
<issuedTokenParameters keyType="SymmetricKey" tokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1">
<issuer address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc" binding="ws2007HttpBinding" bindingConfiguration="IssuedTokenBinding" />
<issuerMetadata address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc/mex" />
</issuedTokenParameters>
</security>
<textMessageEncoding />
<httpTransport />
</binding>
</customBinding>
<ws2007HttpBinding>
<binding name="IssuedTokenBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Windows" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
</system.serviceModel>
Sorted out my problem by changing the binding in the service config to ws2007FederationHttpBinding instead of CustomBinding and update my client service reference.
<bindings>
<ws2007FederationHttpBinding>
<binding name="serviceBinding" receiveTimeout="05:00:00" sendTimeout="05:00:00">
<security mode="Message">
<message>
<issuerMetadata address="http://localhost/MyCompany.SecurityTokenService/ActAsIssuer.svc/mex"/>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
</bindings>
Then because I'm using self-signed certificates, I had to change the certificateValidationMode using the following endpoint behaviour in the client config:
<behaviors>
<endpointBehaviors>
<behavior name="MyServiceBehavior" >
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
And finally I just had to ensure my certificate was in the Trusted People store and finally I get the correct IClaimsIdentity when invoking the service :)
Hope this helps someone out there, because it drove me nuts for a while...
I'm trying to set the maxClockSkew of my WCF Service to something higher than 5 minutes(default)but I'm not succeding. It looks that there's something wrong when I want to set it together with the authenticationMode="UserNameOverTransport". I need this because my server is running under https and I will authenticate the user using a custom authentication Provider. There's no errors on the server initialization, but the value does not change from 5 minutes(00:05:00)... And I always get the annoying message from the client side saying
The security timestamp is invalid because its creation time ('2011-06-24T15:31:22.338Z') is in the future. Current time is '2011-06-24T15:21:30.923Z' and allowed clock skew is '00:05:00'.
Here you can see my whole Service config file:
<?xml version="1.0"?> <configuration>
<system.web>
<compilation debug="true"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
<services>
<service name="MYSERVICE">
<endpoint address="" binding="customBinding" bindingConfiguration="HTTP" contract="MYCONTRACT">
<identity>
<dns value="https://localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="https://localhost/service"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="False" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="CUSTOMServiceCredentialsValidator, ASSEMBLY" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="HTTP">
<transactionFlow />
<textMessageEncoding>
<readerQuotas maxStringContentLength="2147483647"/>
</textMessageEncoding>
<security authenticationMode="SecureConversation">
<localClientSettings maxClockSkew="00:10:00"/>
<localServiceSettings maxClockSkew="00:10:00"/>
<secureConversationBootstrap authenticationMode="UserNameOverTransport">
<localClientSettings maxClockSkew="00:10:00"/>
<localServiceSettings maxClockSkew="00:10:00"/>
</secureConversationBootstrap>
</security>
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
</binding>
</customBinding>
</bindings>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
What Am I missing? Does anyone faced this issue? I did not found many people facing this situation.
Thanks In Advance
Pedro
You need to set up explicitly a new binding:
http://msdn.microsoft.com/en-us/library/aa738468.aspx
HTH
I am trying to set the binding setting maxRetryCount="Integer" but it states "The maxRetryCount attribute is not allowed".
I see it being referenced/used in many examples.
What am I doing wrong?
Want to set this attribute(setting)to see if it stops an error I am getting: The maximum retry count has been exceeded with no response from the remote endpoint. The reliable session was faulted. This is often an indication that the remote endpoint is no longer available.
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<services>
<service name="dedicated_servers.dedicated_servers.DedicatedServerApi">
<endpoint address="User" binding="wsHttpBinding" contract="dedicated_servers.dedicated_servers.IDedicatedServerApiUser" bindingConfiguration="NoSecurityConfig">
</endpoint>
<endpoint address="Server" binding="wsHttpBinding" contract="dedicated_servers.dedicated_servers.IDedicatedServerApiServer" bindingConfiguration="NoSecurityConfig">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="NoSecurityConfig" openTimeout="00:05:00" closeTimeout="00:05:00" sendTimeout="00:05:00"
receiveTimeout="00:05:00">
<security mode="None">
<transport clientCredentialType="None" />
<message establishSecurityContext="false" />
</security>
<reliableSession enabled="true" inactivityTimeout="00:10:00" maxRetryCount="8" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
See this answer. To paraphrase, you can't set the maxRetryCount on wsHttpBinding but you can do some custom binding trickery to make it work.