WCF IIS server configuration - wcf

I have Windows Server 2008 R2 with IIS7 on it. I deployed WCF service on it. When I specify WCF service address in browser (local or external machine) http://sbkisourcedev01/VCIndex/Calculator.svc?wsdl I am getting service description in browser. However when I am trying to add reference to the project to that service I am getting following error:
The document was understood, but it could not be processed.
- The WSDL document contains links that could not be resolved.
- There was an error downloading 'http://sbkisourcedev01/VCIndex/Calculator.svc?xsd=xsd0'.
- The underlying connection was closed: An unexpected error occurred on a receive.
- Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
- An existing connection was forcibly closed by the remote host
Metadata contains a reference that cannot be resolved: 'http://sbkisourcedev01/VCIndex/Calculator.svc?wsdl'.
Content Type application/soap+xml; charset=utf-8 was not supported by service http://sbkisourcedev01/VCIndex/Calculator.svc?wsdl. The client and service bindings may be mismatched.
The remote server returned an error: (415) Cannot process the message because the content type 'application/soap+xml; charset=utf-8' was not the expected type 'text/xml; charset=utf-8'..
If the service is defined in the current solution, try building the solution and adding the service reference again.
I have this service running on Windows 7 and it is okay. So I believe there is something with my W2K8 IIS configuration settings.
Here is my config file:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingConfig" />
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service behaviorConfiguration="serviceBehavior"
name="WCFVCIndex.Calculator">
<endpoint address=""
binding="basicHttpBinding"
contract="WCFVCIndex.ICalculator"
bindingConfiguration="basicHttpBindingConfig" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Thanks in advance.

The problem was with WCF identity permissions. The identity that is used for the application pool that hosts the WCF service must have full NTFS permissions on the %WINDIR%\temp folder. After changing that permission to my identity (LOCAL SERVICE) on C:\Windows\Temp I was able to add service reference to WCF service.

have you tried http://sbkisourcedev01/VCIndex/mex?

Related

WCF service is unavailable after app pool recycles

I'm working on a website that consumes a WCF service hosted in a different app pool, and every time the WCF service's app pool recycles I get a 503 when I'm using the website:
[WebException: The remote server returned an error: (503) Server Unavailable.]
System.Net.HttpWebRequest.GetResponse() +6440728
System.ServiceModel.Channels.HttpChannelRequest.WaitForReply(TimeSpan timeout) +55
[ServerTooBusyException: The HTTP service located at http://cr.genesis.dev/Genesis/RepositoryService.svc is unavailable. This could be because the service is too busy or because no endpoint was found listening at the specified address. Please ensure that the address is correct and try accessing the service again later.]
...
When I try to access the service directly in my web browser it gives me a 503 the first time, but then it works after that (presumably it's causing the application to start?) I'm wondering why the website isn't waking up the web service - even if I try loading a page several times I still get a 503...
I'm using Windsor WCF Integration if that makes any difference, using LifestylePerWebRequest for my client and LifestylePerThread for my service.
This is my config for the service:
<system.serviceModel>
<services>
<service name="Genesis.Repository.Service.RepositoryService" behaviorConfiguration="repositoryServiceBehaviour">
<host>
<baseAddresses>
<add baseAddress="http://cr.genesis.dev/Genesis/" />
</baseAddresses>
</host>
<endpoint name="basicHttpBinding"
address="RepositoryService.svc"
binding="basicHttpBinding"
contract="Genesis.Repository.Service.IRepositoryService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="repositoryServiceBehaviour">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
</system.serviceModel>
And the client:
<system.serviceModel>
<client>
<endpoint name="basicHttpBinding"
address="http://cr.genesis.dev/Genesis/RepositoryService.svc"
binding="basicHttpBinding"
contract="Genesis.Repository.Service.IRepositoryService" />
</client>
</system.serviceModel>
Any suggestions would be appreciated!
Looks like I was making it more complicated than it needed to be - I'd been getting exceptions saying it couldn't listen on http://+:80 which is why I'd played around with netsh permissions and made it listen on /Genesis.
Turns out I can just make it listen on / and specify .Hosted() when registering it with Windsor to tell it to let IIS host it (which is exactly how it was before I installed the WcfFacility!)
Lesson learned, sometimes you just have to go back to basics and things will work as intended!
If you found the "(503) Server Unavailable error" then first point of check is that server is running or not. For this go to the IIS and check the web site is on or off.

Unable to access remote WCF web service hosted on server

Hi I have deployed the WCF web service on the server machine. I am able to browse it in browser. but when i am going to add its service reference to my web application on development machine I am getting following detail error:
Metadata contains a reference that cannot be resolved:
'http://ServerMachineName:500/ITCAMSWebService_deploy/Services/Authentication.svc?wsdl'.
The WSDL document contains links that could not be resolved.
There was an error downloading 'http://ServerMachineName:500/ITCAMSWebService_deploy/Services/Authentication.svc?xsd=xsd0'.
The underlying connection was closed: An unexpected error occurred on a receive.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Metadata contains a reference that cannot be resolved: 'http://ServerMachineName:500/ITCAMSWebService_deploy/Services/Authentication.svc'.
Content Type application/soap+xml; charset=utf-8 was not supported by service
http://ServerMachineName:500/ITCAMSWebService_deploy/Services/Authentication.svc.
The client and service bindings may be mismatched.
The remote server returned an error: (415) Cannot process the message because the content type 'application/soap+xml; charset=utf-8'
was not the expected type 'text/xml; charset=utf-8'..
If the service is defined in the current solution, try building the solution and adding the service reference again.
Generated Service Model section in Web.config at server is as follows:
<system.serviceModel>
<services>
<service name="Authentication" behaviorConfiguration="Behavior_Authentication">
<host>
<baseAddresses>
<add baseAddress="http://ServerMachineName:500/ITCAMSWebService_deploy/Services/Authentication.svc"></add>
</baseAddresses>
</host>
<endpoint address="" contract="IAuthentication" binding="basicHttpBinding" bindingConfiguration="ITCAMSWebService.IAuthentication" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
</system.serviceModel>
Resolved !!! By adding Everyone user with full rights to C:\Windows\Temp on the server. IIS needs the rights to generate Metadata file in Temp folder on the server.
Please give ip address of your server in the address instead of ServerMachineName and also check the bindings of both client n server

Problem with WCF and SSL

I am having problems getting a web service working using SSL and WCF.
If I check in IIS the "Require SSL" seeting then I get this error:
WebHost failed to process a request.
Sender Information:
System.ServiceModel.ServiceHostingEnvironment+HostingManager/36097441
Exception: System.ServiceModel.ServiceActivationException: The service
'/' cannot be activated due to an exception during compilation. The
exception message is: Service
'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService' has
zero application (non-infrastructure) endpoints. This might be because
no configuration file was found for your application, or because no
service element matching the service name could be found in the
configuration file, or because no endpoints were defined in the
service element.. ---> System.InvalidOperationException: Service
'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService' has
zero application (non-infrastructure) endpoints. This might be because
no configuration file was found for your application, or because no
service element matching the service name could be found in the
configuration file, or because no endpoints were defined in the
service element.
However if I uncheck it, the page loads fine in the browser but then I get this error
when I try calling it.
Service 'ISS.MS.WebServices.MessageDispatch.MessageDispatchWebService'
has zero application (non-infrastructure) endpoints. This might be
because no configuration file was found for your application, or
because no service element matching the service name could be found in
the configuration file, or because no endpoints were defined in the
service element.
This is the configuration:
<system.serviceModel>
<services>
<service name="ISS.MS.WebServices.MessageDispatchWcfService">
<endpoint
address=""
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_MS2"
contract="ISS.MS.WebServices.IMessageDispatchWcfService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceDebug includeExceptionDetailInFaults="False" />
<serviceMetadata httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_MS2" >
<readerQuotas maxStringContentLength="1048576" />
<security mode="Transport">
</security>
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
</system.serviceModel>
I can get it working perfectly using normal HTTP, but HTTPs doesn't work.
I am guessing its either an IIS setting or WCF configuration issue?
I figured it out, the name of the service and contract was not correct...how embarrassing.
Anyone know why it would still work over HTTP even it these are incorrect?
(About "multipleSiteBindingsEnabled"): To enable multiple IIS bindings per site for a service, set this property to true. Notice that multiple site binding is supported only for the HTTP protocol.
ref: http://msdn.microsoft.com/en-us/library/system.servicemodel.configuration.servicehostingenvironmentsection.multiplesitebindingsenabled.aspx
try this
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false">
</serviceHostingEnvironment>

Metadata request requires authentication in WCF even though service description page doesn't

I've set up a WCF service to require NTLM authentication using the following configuration:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="BinarySecurityBinding">
<binaryMessageEncoding/>
<httpTransport authenticationScheme="Ntlm"/>
</binding>
</customBinding>
</bindings>
<services>
<service name="Services.LogisticsServices" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="customBinding" bindingConfiguration="BinarySecurityBinding" contract="Services.ILogisticsServices" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I did this so that the applications that consume the web service are forced to log in because all my service's operations use impersonation ([OperationBehavior(Impersonation = ImpersonationOption.Required)]).
In IIS 7 I've enabled anonymous and Windows authentication.
When I visit http://test.server/LogisticsServices.svc, which hosts the service described above, I can see the default service description page anonymously. However, when Visual Studio tries to access http://test.server/LogisticsServices.svc/$metadata to generate a client proxy, the server is responding with HTTP code 401 and expecting authentication. Not only would I've expected the metadata to be available anonymously, but additionally, the server is not accepting the credentials I am giving it (even though, I know for a fact that they are correct).
Testing different configuration, I tried removing the authenticationScheme from my binding's transport, just to be able to generate the client proxy, but that results in an exception because the service's operations require impersonation ([OperationBehavior(Impersonation = ImpersonationOption.Required)]).
What am I missing in my service's configuration that would make the service's metadata available anonymously? I'm also open to suggestions if I'm approaching the whole thing wrong.
here is a similar discussion:
Getting an Security setting exception while accessing a WCF service
One way around this is not to use the autogenerated proxies.
In cases where we have control over both the server and the client we have found that it is much more productive to avoid using the autgenerated proxies.
A screencast of how to do this can be found here: http://www.dnrtv.com/default.aspx?showNum=122
You could try imperative instead of declarative model, see: http://msdn.microsoft.com/en-us/library/ms730088.aspx

How can I generate a client proxy for a WCF service with an HTTPS endpoint?

Might be the same issue as this previuos question: WCF Proxy but not sure...
I have an HTTPS service connfigured to use transport security and, I hope, Windows credentials. The service is only accessed internally (i.e. within the intranet). The configuration is as follows:
<configuration>
<system.serviceModel>
<services>
<service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior">
<host>
<baseAddresses>
<add baseAddress = "https://localhost:8000/WCFTest/CalculatorService/" />
</baseAddresses>
</host>
<endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType = "Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest.CalculatorBehavior">
<serviceAuthorization impersonateCallerForAllOperations="false" principalPermissionMode="UseWindowsGroups" />
<serviceCredentials >
<windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" />
</serviceCredentials>
<serviceMetadata httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
When I run the service I can't see the service in IE. I get a "this page can not be displayed" error. If I try and create a client in VS2008 via the "add service reference" wizard I get this error:
There was an error downloading
'https://localhost:8000/WCFTest/CalculatorService/'.
There was an error downloading
'https://localhost:8000/WCFTest/CalculatorService/'.
The underlying connection was closed:
An unexpected error occurred on a
send. Authentication failed because
the remote party has closed the
transport stream. Metadata contains a
reference that cannot be resolved:
'https://localhost:8000/WCFTest/CalculatorService/'.
An error occurred while making the
HTTP request to
https://localhost:8000/WCFTest/CalculatorService/.
This could be due to the fact that the
server certificate is not configured
properly with HTTP.SYS in the HTTPS
case. This could also be caused by a
mismatch of the security binding
between the client and the server. The
underlying connection was closed: An
unexpected error occurred on a send.
Authentication failed because the
remote party has closed the transport
stream. If the service is defined in
the current solution, try building the
solution and adding the service
reference again.
I think I'm missing some fundamental basics here. Do I need to set up some certificates? Or should it all just work as it seems to do when I use NetTcpBinding?
Thanks
ng5000,
Seems like you may have another issue here (maybe IIS). Do you have any issues with transport-level security off? I would also make sure you can get to the web address in IE before checking the WCF stuff. Sounds like a IIS setting that's not correct in the security tab.
If its still a problem try building the proxy with transport-level security off and then go back and change both configs to transport level windows security and see what happens.
-Bryan
...
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<issuedTokenParameters keyType="SymmetricKey" tokenType="" />
...
here is my workaround. I got above config file and changed authenticationMode from "IssuedTokenOverTransport" to "UserNameOverTransport". It resolved issue on my environment.
Change
<endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>
to
<endpoint address ="basicHttpEP" binding="basicHttpsBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>