wcf client config not getting values from server app.config - wcf

I have defined maxBufferSize = 2147483647, maxBufferPoolSize = 2147483647, maxReceivedMessageSize = 2147483647 in the server config file but when i generate client config file, values for all these parameters are defaulted in there and i have to edit them manually. This is how i generate the client config file
svcutil.exe /language:cs /out:generatedProxy.cs /config:app.config net.tcp:/
/localhost:4365/MyService
Also since i am using maximum values in the maxBufferSize, maxBufferPoolSize, maxReceivedMessageSize and maxItemsInObjectGraph, is that going to hit the performance?
--Server config values--
<bindings>
<netTcpBinding>
<binding name="MySvc_InsecureTcp" closeTimeout="00:01:10" openTimeout="00:01:10" receiveTimeout="24.20:31:23.6470000"
listenBacklog="1000" maxConnections="1000" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="None">
<transport protectionLevel="None" />
</security>
</binding>
<binding name="MySvc_mexBinding" closeTimeout="00:01:10" openTimeout="00:01:10" receiveTimeout="24.20:31:23.6470000"
listenBacklog="1000" maxConnections="1000" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="None">
<transport protectionLevel="None" />
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyService">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceThrottling maxConcurrentCalls="30" maxConcurrentInstances="2147483647" maxConcurrentSessions="30" />
<serviceMetadata />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="MyNameSpace.MyService" behaviorConfiguration="MyService">
<endpoint address="" binding="netTcpBinding" contract="MyNameSpace.IMyService"
bindingConfiguration="MySvc_InsecureTcp" name="netTcpMySvc" >
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="netTcpBinding" contract="IMetadataExchange"
bindingConfiguration="MySvc_mexBinding" name="mexMySvc" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:4365/MyService"/>
</baseAddresses>
</host>
</service>
</services>
--After doing some more testing--
maxItemsInObjectGraph doesnt get included in the client config file. And if client is sending large objects, maxItemsInObjectGraph should be changed manually.
<behaviors>
<endpointBehaviors>
<behavior name="FASTServiceBehaviour">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>

Not every configuration value defined on the service is passed to the client through metadata. Buffer sizes and reader quotas are one example because each participant in the communication can setup its own values - those values are defense against Denial of Service attack and can differ between service and client based on exchanged messages. For example if you want only upload large data sets you must set them correctly on the service but you don't need to modify them on the client. Downloading has reverse effect.

This is normal. Those properties are limited to that configuration file and don't carry across the service. Clients and servers can have different size limits, largely to help protect the sever against outrageously long requests (that the client might be expecting).

Related

WCF throws exception that the server has rejected the client credentials, what is the default security mode for NetTCP in WCF

The WCF is deployed as a windows service in the server. And the client is a windows form applicaiton. When the client is interacting with the WCF server, is there any kind of authentication going on here?
I got how to resolve this here
I want to know what is the default security mode for NetTCP in WCF? I had nothing related with security in my config file as below. So what is the default?
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<behaviors>
<serviceBehaviors>
<behavior name="BasicServiceBehavior">
<serviceMetadata httpGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="HCCNetTcpBinding" >
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="BasicServiceBehavior" name="HCC.SMS4.SERVICES.BASIC.MainServices">
<endpoint address="" binding="netTcpBinding" contract="HCC.SMS4.SERVICES.BASIC.IMainServices" bindingConfiguration="HCCNetTcpBinding" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://xxxx:44008/HCsmsBasicServices/"/>
<add baseAddress="net.tcp://xxxx:45008/HCsmsBasicServices/"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="HCCNetTcpBinding" maxConnections="1000" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"
openTimeout="14:00:00" receiveTimeout="14:00:00" sendTimeout="14:00:00">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
The transport security mode of the NetTcpBinding is Transport and the ClientCredentialType is Windows. This is equivalent to the following settings.
<netTcpBinding>
<binding name="netTcp">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
So when you use the client proxy class to call the service, you could refer to the following code.
ServiceReference1.ServiceClient client = new ServiceReference1.ServiceClient();
client.ClientCredentials.Windows.ClientCredential.UserName = "administrator";
client.ClientCredentials.Windows.ClientCredential.Password = "abcd1234!";
var result = client.SayHello();
https://learn.microsoft.com/en-us/dotnet/framework/wcf/system-provided-bindings
https://learn.microsoft.com/zh-cn/dotnet/framework/wcf/feature-details/bindings-and-security
Feel free to contact me if you have any questions.
WCF, its default authentication is Windows if there is none config about it.
Per Microsoft documentation for NetTcpBinding the default security is TLS with Windows security.

Accessing WCF service on AppHarbor via https

I'm trying to secure my WCF service using transport security model. I've successfully deployed my service to AppHarbor. But I'm getting the following exception when I try to access service page:
[InvalidOperationException: Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].] ...
I haven't uploaded any certificates, just using piggyback SSL there. I've downloaded the build and deployed it on my machine. It works fine.
Here is my system.serviceModel section of web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<host>
<baseAddresses>
<add baseAddress="https://auth.apphb.com/AuthService.svc" />
</baseAddresses>
</host>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="TransportSecurity" contract="AuthService.IAuthService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I've already tried this Hosting a WCF Web API app on AppHarbor?
Can somebody please explain me what I'm doing wrong?
This issue frequently appear when you communicate with the wcf web service thru the LB (AppHarbor one of the example of it).
You should know several things about such kind of communications.
1) Communication between yours client application and LB is secured (https is in use). So you should leverage security binding on the client side.
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
2) Communication between LB and web-front uses http, so server binding should be basicHttpBinding without extra configuration.
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
Summarizing all that stuff we have
Client
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAuthService">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://auth.apphb.com/AuthService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IAuthService"
contract="AuthService.IAuthService" name="BasicHttpBinding_IAuthService" />
</client>
</system.serviceModel>
</configuration>
Server
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" />
</protocolMapping>
<bindings>
<basicHttpBinding/>
</bindings>
<services>
<service behaviorConfiguration="AuthService.AuthServiceBehavior" name="AuthService.AuthService">
<endpoint binding="basicHttpBinding" contract="AuthService.IAuthService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AuthService.AuthServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Your approach is not going to work right off the bat. This is because SSL is terminated at the load balancers and the app servers see http traffic. You can read more about AppHarbor load balancers here.
You might be able to fool WCF with this module.
There are also some hints in this discussion: http://support.appharbor.com/discussions/problems/829-transportwithmessagecredential-https-ssl

WCF Service throwing a timeout error when using WcfTestClient

If I send parameters which will cause a lot of data to be pulled I get the following error:
The request channel timed out while waiting for a reply after 00:01:00. Increase the timeout value passed to the call to Request or increase the SendTimeout value on the Binding. The time allotted to this operation may have been a portion of a longer timeout.
I have increased all of my timeouts. Is there something I have to do on the client side? I am wondering if this is because I am using wcftestclient? Do I need to adjust the operationTimeout?
My webconfig has the following:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="Basic" sendTimeout="12:00:00" receiveTimeout="12:00:00" openTimeout="00:10:00" closeTimeout="00:10:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<readerQuotas maxDepth="128" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="8192"/>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="CaseStudyBehavior" name="EDTFS.ADMS.CaseStudyService">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="Basic"
name="Basic"
contract="EDTFS.ADMS.ICaseStudyService" />
<endpoint address="mex"
binding="mexHttpBinding"
name="Metadata"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CaseStudyBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceTimeouts transactionTimeout="24:00:00"/>
<serviceThrottling maxConcurrentCalls="100" maxConcurrentInstances="100" maxConcurrentSessions="100"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
In the WCF Test Client you will find a node called Config File beneath your service. Right-click this and select Edit with SvcConfigEditor to increase timeout on the client.

WCF service - data being rejected virtually instantly according to size despite large max values

I have a WCF webservice with 1 functioning web method that takes a single string parameter.
I have a WinForms app that references the WCF webservice and it is all running on .NET 4.0.
Problem is that when I call the web method with too much data for the string data (around 4MB) this debugging both client and server on my local machine (Win 7 Pro 64bit, IIS 7) I get the following error (inner exception, exception):
The request was aborted: The request
was canceled.
An error (The request was aborted: The
request was canceled.) occurred while
transmitting data over the HTTP
channel.
When running on the production server I get a different message (stupid I'd didn't copy it) saying something along the lines of the server may have aborted the connection or similar.
If I reduce the data to around half (2MB) it works fine. The frustrating thing is I've maxed all the config settings, reset IIS, rebooted my machine but still it remains.
The web service validation code gets hit, validates user as okay and then as soon as it exits the validation dumps the message above back to the client. The stack trace when in the validation method (my code) shows only .NET stuff so there is no more of my code to debug, 8(.
On the server side I have this in the web.config:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
<services>
<service name="MyNS.MyService" behaviorConfiguration="MyNS.MyServiceBehavior">
<endpoint binding="wsHttpBinding" bindingConfiguration="httpWithMessageSecurity" contract="MyNS..MyService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyNS.MyServiceBehavior">
<serviceCredentials>
<serviceCertificate findValue="Server" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="MyNS.Validators.MyServiceUserValidator, MyNS./>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="httpWithMessageSecurity"
maxReceivedMessageSize="2147483647"
maxBufferPoolSize="2147483647">
<readerQuotas
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"
maxArrayLength="2147483647"
maxStringContentLength="2147483647"/>
<security mode="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
On the client side I have this in the app.config:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="serviceHttpBinding"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647"
messageEncoding="Text"
textEncoding="utf-8"
sendTimeout="01:00:00"
closeTimeout="00:00:20"
openTimeout="00:00:20"
receiveTimeout="00:20:00">
<readerQuotas
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"
maxArrayLength="2147483647"
maxStringContentLength="2147483647"/>
<security mode="Message">
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientServerBehaviour">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://mymachine/TheServices/Services/MyService.svc"
binding="wsHttpBinding" bindingConfiguration="serviceHttpBinding"
contract="DirectorySubmitService.IDirectorySubmitService" name="WSHttpBinding_IDirectorySubmitService">
<identity>
<dns value="Server" />
</identity>
</endpoint>
</client>
EDIT 1:
After enabled debug symbols in VS, after my validation code in the WCF service completes I get the following exceptions:
System.Web.HttpException: Maximum Length Exceeded
Stack: System.Web.HttpRequest.GetEntireRawContent()
Then:
System.ServiceModel.CommunicationException: Maximum Length Exceeded
Stack: System.ServiceModel.Activation.HostedHttpRequestAsyncResult.GetInputStream()
Subsequent CommunicationExceptions are related to Channels etc.. but all are the same error message.
I all so checked the app pool in IIS that was set to 30 MB as a request limit so I have run out maximum limits I can increase so this message is a real slap in the face.
Any help would be much apprecianted.
It turns out that the httpRuntime web.config element that I'd put to set the request limit to 50MB was being ignored because the location path I'd specified was missing a folder level, i.e. location path="MyService.svc" instead of location path="Services/MyService.svc".
The net result being it was using the default 4MB limit which of cause gave the max length exceeded message because that was exactly the case.
Doh!

Setting Max Message and buffer size for WCF webhttp

I currently have a WCF service with webHttp bindings, im attempting to increase the max size that can be inputted to the service by overriding the default settings in config, i have tried doing something like
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttp" >
<security mode="Transport">
<transport clientCredentialType =
"None"
proxyCredentialType="None"
realm="string" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="PrimeStreamInfoServices.Service1" behaviorConfiguration="PrimeStreamInfoServices.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address="" binding="webHttpBinding" contract="PrimeStreamInfoServices.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrimeStreamInfoServices.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<diagnostics>
and setting various other properties pertaining to message size but none seems to be working, can one even change the m essage size of a webHttp binding?
Any suggestions? Thanks!
There's a multitude of settings that might have an influence depending on your settings - try this:
<bindings>
<webHttpBinding>
<binding name="LargeWeb"
maxBufferPoolSize="1500000"
maxReceivedMessageSize="1500000"
maxBufferSize="1500000">
<readerQuotas
maxArrayLength="656000"
maxBytesPerRead="656000"
maxDepth="32"
maxNameTableCharCount="656000"
maxStringContentLength="656000"
/>
</binding>
</webHttpBinding>
</bindings>
By defining your "version" of the webHttpBinding and setting all those parameters to higher values, you should be able to get through any message size (almost).
Mind you: this does open up your system to the potential of being flooded with huge messages and thus be brought down to its knees (classic denial-of-service attacks) - that's the reason these limits are set fairly low - by design and on purpose.
You can change them to higher values - just be aware what you're doing and what the security risks are, if you do!
Marc
PS: In order to make use of these settings, you of course have to reference that binding configuration in your server and client side configs:
<client>
<endpoint address="http://localhost"
binding="webHttpBinding" bindingConfiguration="LargeWeb"
contract="IMyService" />
</client>
<services>
<service>
<endpoint address="http://localhost"
binding="webHttpBinding" bindingConfiguration="LargeWeb"
contract="IMyService" />
</service>
</services>
Setting Max Message and buffer size for WCF Rest services webhttpbinding
<bindings>
<webHttpBinding>
<binding maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="200" maxStringContentLength="83886089" maxArrayLength="163841" maxBytesPerRead="2147483647" maxNameTableCharCount="16384"/>
</binding>
</webHttpBinding>
</bindings>
If you are using [DataContract] decorator in your model, you need to add yhe dataContractSerializer into your web.config
Example:
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="false" httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>