I'm writing a WCF service with some authentication and a custom error handler. However, I'm coming up against this problem: my implementation of IErrorHandler is not getting hit when the authentication throws an exception, but runs just fine with other exeptions.
Does authentication run before IErrorHandler gets built? Am I barking up the wrong tree trying to get it to catch those errors?
Yes, I have tried (and am) throwing a FaultException in my authentication, not SecurityTokenException.
So first thing is to make sure that your custom Error Handler is also implementing IServiceBehavior. IServiceBehavior requires that you implement a couple other methods but the important one is "ApplyDispatchBehavior", in which you must add the ErrorHandler to the channel dispatchers.
C#
public class CustomErrorHandler: IServiceBehavior, IErrorHandler
{
public bool HandleError(Exception error)
{
//Return True here if you want the service to continue on as if
// the error was handled
return true;
}
public void ProvideFault(Exception error,
MessageVersion version,
ref Message fault)
{
FaultException fe = new FaultException(
new FaultReason(error.Message),
new FaultCode("Service Error"));
MessageFault mf = fe.CreateMessageFault();
fault = Message.CreateMessage(version, mf, fe.Action);
}
public void ApplyDispatchBehavior(ServiceDescription serviceDescription,
ServiceHostBase serviceHostBase)
{
IErrorHandler eh = new CustomErrorHandler();
foreach (ChannelDsipatcherBase cdb in serviceHostBase.ChannelDispatchers)
{
ChannelDispatcher cd = cdb as ChannelDispatcher;
cd.ErrorHandlers.Add(eh);
}
}
public void AddBindingParameters(ServiceDescription serviceDescription,
ServiceHostBase serviceHostBase,
Collection<ServiceEndpoint> endpoints,
BindingParameterCollection bindingParameters)
{
//Add binding parameters if you want, I am not
}
public void Validate(ServiceDescription serviceDescription,
ServiceHostBase serviceHostBase)
{
//Add custom fault validation here if you want
}
}
Then you need to add the CustomErrorHandler as a service behavior and add the behavior
web.config
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="ErrorHandler"
type="ServiceNamespace.CustomErrorHandler, ServiceNamespace, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehavior1">
<!--Put other behaviors for your service here then add the next line-->
<ErrorHandler />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
This way all your thrown exceptions will be converted to faults to return back to the client.
In the case of SecurityTokenExceptions, you do not want to convert those to Fault Exceptions right away. You actually do want to throw these as SecurityTokenExceptions in the custom validation in order for the service/server to recognize that the security authorization failed, and automatically returns as a fault equiv of a "403 : Access Denied". I am not 100% but I think that the custom auth and validation pieces happen before custom service behaviors, like the error handler, are loaded. Unfortunately, if you need to troubleshoot something in your auth, you will need to turn on WCF tracing on the service, see this article titled "How to turn on WCF Tracing".
If you need to log failed auth attempts, you will probably need to put it directly in your custom validator.
Related
How to write custom trace listener to write message logs in msmq?
I have added below custom MSMQTraceListener :
public class MSMQTraceListener : TraceListener
{
string _queueName;
public MSMQTraceListener(string queueName)
: base("MSMQListener")
{
_queueName = queueName;
if (!MessageQueue.Exists(_queueName))
MessageQueue.Create(_queueName);
}
public override void Write(string message)
{
SendMessageToQueue(message);
}
public override void WriteLine(string message)
{
SendMessageToQueue(message);
}
/// <summary>
/// Send message to queue.
/// </summary>
/// <param name="message">string: message</param>
private void SendMessageToQueue(string message)
{
try
{
MessageQueue messageQueue = new MessageQueue(_queueName, QueueAccessMode.Send);
messageQueue.Label = DateTime.Now.ToString();
messageQueue.Send(message);
messageQueue.Close();
}
catch (Exception ex)
{
}
}
}
And updated below diagnostic setting in my web.config file:
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages" type="Proj.Common.Diagnostics.MSMQTraceListener,Proj.Common" initializeData=".\private$\PerformanceTesting" />
</listeners>
</source>
</sources>
</system.diagnostics>
If you are in code hosted by MSMQ and want to write a message to say a log file
All .NET applications are the same as far as System.Diagnostics is concerned. Configure the listener in app.config, and use Trace or TraceSource to write to the listener. MSDN explains this better than I can.
If you want a trace listener that sends message to MSMSQ
Get this utility library, Essential Diagnostics, that makes working with System.Diagnostics less painful
Override the one TraceEvent() method on BaseTraceListener. Inside that method, you use the available parameters to send messages to whatever you'd like, for example an MSMQ destination.
Register your custom TraceListener in the usual way.
I have a wcf (.net 4.5) with one service and multiple interfaces\end points.
This service is declared as follows:
<service name="MyService.Service1">
<endpoint address="Try1" behaviorConfiguration="restfulBehvaiour"
binding="webHttpBinding" contract="MyService.IService1" />
<endpoint address="Try2" behaviorConfiguration="restfulBehvaiour"
binding="webHttpBinding" contract="MyService.ITry" />
</service>
...
<behavior name="restfulBehvaiour">
<webHttp helpEnabled="true" />
</behavior>
I am trying to return any exception as json. I have followd the tutorial on http://zamd.net/2008/07/08/error-handling-with-webhttpbinding-for-ajaxjson/
In short:
1) On the svc file, added this (it implements both interfaces)
<%# ServiceHost Language="C#" Debug="true" Service="MyService.Service1" CodeBehind="Service1.svc.cs" Factory="MyService.CustomWebServiceHostFactory"%>
2) where CustomWebServiceHostFactory is
public class CustomWebServiceHostFactory : System.ServiceModel.Activation.WebServiceHostFactory
{
public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
{
var sh = new ServiceHost(typeof(Service1), baseAddresses);
sh.Description.Endpoints[0].Behaviors.Add(new CustomWebHttpBehavior());
return sh;
}
protected override ServiceHost CreateServiceHost(Type serviceType, Uri[] baseAddresses)
{
return base.CreateServiceHost(serviceType, baseAddresses);
}
3) and the custom CustomWebHttpHandler is
protected override void AddServerErrorHandlers(ServiceEndpoint endpoint, EndpointDispatcher endpointDispatcher)
{
// clear default error handlers.
endpointDispatcher.ChannelDispatcher.ErrorHandlers.Clear();
// add our own error handler.
endpointDispatcher.ChannelDispatcher.ErrorHandlers.Add(new ErrorHandlerEx());
}
4) and the ErrorHandlerEx is some class that handles the exceptions (returns json object).
this all work great for the first end point (Try1), but the second one (Try2) is being ignored and not going threw the CustomWebServiceHostFactry.
If I switch the order of the endpoints in web.config, the first one always works and the seconds exceptions are being handled by the default wcf handlers.
How can I fix this behaviour, so that every end point will work as the above tutorial suggests?
You only implement the behavior on one endpoint (the first one) in your custom service host.
sh.Description.Endpoints[0].Behaviors.Add(new CustomWebHttpBehavior());
Endpoints[0] is the first endpoint in the collection. You need to add it to both (or all if you have more than 2) endpoints for the service. I recommend a foreach loop:
foreach (ServiceEndpoint endpoint in sh.Description.Endpoints)
{
endpoint.Behaviors.Add(new CustomWebHttpBehavior());
}
This should resolve the issue of the behavior only being applied to the first endpoint.
I can inspect WCF messsages on both Client side and server side using IClientMessageInspector, IDispatchMessageInspector respectively. But in a Duplex comunications it is not clear how to do it in a callback from server to client (Nor much documentation on that topic).
Any ideas about how to implement this feature?
Finally I get the solution.
In a Duplex comunication scenario when a callback is made the server becomes the client and vice versa.
So on server side when implementing IServiceBehavior inject the message inspector using the CallbackClientRuntime property of the DispatchRuntime foreach EndpointDispatcher.
public void ApplyDispatchBehavior(ServiceDescription serviceDescription, System.ServiceModel.ServiceHostBase serviceHostBase)
{
foreach (ChannelDispatcher item in serviceHostBase.ChannelDispatchers)
{
foreach (EndpointDispatcher epd in item.Endpoints)
{
//injecting an inspector in normal call
epd.DispatchRuntime.MessageInspectors.Add(new MessageSizerInspector());
//injecting an inspector in callback
epd.DispatchRuntime.CallbackClientRuntime.MessageInspectors.Add(new MessageSizerInspector());
}
}
}
On client side when implementing IEndpointBehavior inject the message inspector using the CallbackDispatchRuntime.
public void ApplyClientBehavior(ServiceEndpoint endpoint, System.ServiceModel.Dispatcher.ClientRuntime clientRuntime)
{
//injecting an inspector in normal call
clientRuntime.MessageInspectors.Add(new MessageSizerInspector());
//injecting an inspector in callback
clientRuntime.CallbackDispatchRuntime.MessageInspectors.Add(new MessageSizerInspector());
}
Then apply the extension as always.
In my case I created a class like the following pseudo code
public class MessageSizer : Attribute, IServiceBehavior, IEndpointBehavior
{
.....
}
then I applied this attribute to service implementation for the server side inspection
and added a behaviorExtensions inside the app.config to setup the endpoint for message inspection on client side.
<system.serviceModel>
...........
<client>
<endpoint address="net.tcp://localhost/MinerDual.svc"
binding="netTcpBinding" bindingConfiguration="wsDualMinerNetTcp"
contract="WebApplication.IMinerDual" name="NetTcpMinerDual"
behaviorConfiguration="Default" />
</client>
<behaviors>
<endpointBehaviors >
<behavior name="Default">
<messageSizer/>
</behavior>
</endpointBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="messageSizer"
type="WCFExtensions.MessageSizerElement, WCFExtensions,
Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
</system.serviceModel>
I'd like to use an NHibernate startup module for my WCF project like the one I use for my ASP.NET MVC projects. Jeffery Palermo outlines the startup module that I use in his post ASP.NET MVC HttpModule Registration. Essentially the code boils down to adding a startup module in the web.config that looks like this:
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="StartupModule" type="Infrastructure.NHibernateModule, Infrastructure, Version=1.0.0.0, Culture=neutral" />
</modules>
</system.webServer>
This is not working when I try to run the service with the WCF Test Client or directly against the endpoint with SoapUI. What are my options for a simple startup mechanism for NHibernate in a WCF project?
You can resolve the issue by using a Message Inspector. On your NHibernateModule implement IDispatchMessageInspector. This will allow you to open your NHibernate session as each request is received and close it right before your reply is sent out.
Palermo's demo indicates that you will have extended IHttpModule. If that is the case, you will add two methods for the IDispatchMessageInspector interface:
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
context_BeginRequest(null, null);
return null;
}
and
public void BeforeSendReply(ref Message reply, object correlationState)
{
context_EndRequest(null, null);
}
This will implement the new interface using your old code. You will also need to implement the IServiceBehavior interface. This will allow you to use the module on a behavior extension in your web.config. The IServiceBehavior requires three methods, only one will actually do anything:
public void ApplyDispatchBehavior(ServiceDescription serviceDescription, ServiceHostBase serviceHostBase)
{
foreach (ChannelDispatcher cd in serviceHostBase.ChannelDispatchers)
{
foreach (EndpointDispatcher ed in cd.Endpoints)
{
ed.DispatchRuntime.MessageInspectors.Add(this);
}
}
}
This will add your new inspector to each of the endpoints.
You will then have to add a BehaviorExtensionElement. This BehaviorExtensionElement should return the type and a new instance of your NHibernateModule. This will allow you to create a new behavior that returns the NHibernateModule in your web.config.
public class NHibernateWcfBehaviorExtension : BehaviorExtensionElement
{
public override Type BehaviorType
{
get { return typeof(NHibernateModule); }
}
protected override object CreateBehavior()
{
return new NHibernateModule();
}
}
Now you have all the pieces in order, you can use them in your web.config. To apply them to all services your web.config should look like the following.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<NHibernateSessionStarter />
</behavior>
</serviceBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="NHibernateSessionStarter" type="Infrastructure.NHibernateWcfBehaviorExtension, Infrastructure, Version=1.0.0.0, Culture=neutral" />
</behaviorExtensions>
</extensions>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
I am developing WCF services with basicHttpBinding, these services should be accessible using .net 1.1 & .net 2.0, for this purpose I am using basicHttpBinding. In old ASMX web services I assed one Soap Header (AuthHeader) to authenticate the user every request.How Can I authenticate in WCF using basicHttpBinding? Any sample Or tutorial will helpfull.
nRk
You can use AuthHeader as you did before switching to WCF. Maybe it will be more convinient for you, cause the princples will remain the same.
The bad thing i see in this solution is a plain text password transfer. Anyway, it's just another option and you can encrypt/decrypt the password somehow.
In this case you should implement your own your IDispatchMessageInspector & IClientMessageInspector, like
[AttributeUsage(AttributeTargets.Class)]
public class CredentialsExtractorBehaviorAttribute : Attribute, IContractBehavior, IDispatchMessageInspector
{
#region IContractBehavior implementation.
public void ApplyDispatchBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint,
DispatchRuntime dispatchRuntime)
{
dispatchRuntime.MessageInspectors.Add(this);
}
... empty interface methods impl skipped ...
#endregion
#region IDispatchMessageInspector implementation.
public object AfterReceiveRequest(ref Message request, IClientChannel channel, InstanceContext instanceContext)
{
int i = request.Headers.FindHeader("username", "sec");
if (-1 != i)
{
string username = request.Headers.GetHeader<string>("username", "sec");
... do smth ...
}
return null;
}
public void BeforeSendReply(ref Message reply, object correlationState)
{
return;
}
#endregion
}
In a sample i placed to header only username, but you can implement your a class containing username and password and use it instead of string.
On the client:
internal class CredentialsInserter : IContractBehavior, IClientMessageInspector
{
private string m_username;
public CredentialsInserter(string username)
{
m_username = username;
}
#region IContractBehavior implementation.
... empty interface methods impl skipped ...
public void ApplyClientBehavior(ContractDescription contractDescription, ServiceEndpoint endpoint,
ClientRuntime clientRuntime)
{
clientRuntime.MessageInspectors.Add(this);
}
#endregion
#region IClientMessageInspector implementation.
public object BeforeSendRequest(ref Message request, IClientChannel channel)
{
MessageHeader<string> mh = new MessageHeader<string>(m_username);
request.Headers.Add(mh.GetUntypedHeader("username", "sec"));
return null;
}
public void AfterReceiveReply(ref Message reply, object correlationState)
{
return;
}
#endregion
}
Then you should place attribute CredentialsExtractorBehaviorAttribute on your service implementation class.
[CredentialsExtractorBehavior]
public class DummyService : IDummyService
{
... impl ...
}
And on the client side you should do the following:
using (DummyServiceClient c = new DummyServiceClient("TcpEndpoint"))
{
c.ChannelFactory.Endpoint.Contract.Behaviors.Add(
new CredentialsInserter("_username_"));
c.DummyMethod();
}
First of all - yes you can! It depends on whether you use Transport or Message binding - if you're internet-facing, you're more likely to use message-based security.
Unfortunately, for message-based security, basicHttpBinding only supports certificates which is a bit of a pain.
wsHttpBinding on the other hand would support username/password or other methods as well.
You'd configure wsHttpBinding with username/password client credentials over message-based security like this:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsUserName">
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="yourservice">
<endpoint name="YourEndpoint"
address=""
binding="wsHttpBinding"
bindingConfiguration="wsUserName"
contract="IYourService" />
</service>
</services>
</system.serviceModel>
The section under <bindings> defines a binding configuration for wsHttpBinding that uses message-security with username/password client credentials.
The section under <service> defines a sample service that uses wsHttpBinding and that references that binding configuration that we just defined.
On the server side, you could now use the username/password that's being sent over the wire to validate your callers either in your Active Directory (everyone calling needs an AD account with you), or in the ASP.NET membership system database; or if you really really must, you could write your own authentication mechanism, too.
Find a lot of useful information on WCF security at Codeplex - excellent resource.
Check the scenarios here to try to match one to your situation. Each scenario is provided with a chceklist of items required to implement the solution.