I'm trying to set the maxClockSkew of my WCF Service to something higher than 5 minutes(default)but I'm not succeding. It looks that there's something wrong when I want to set it together with the authenticationMode="UserNameOverTransport". I need this because my server is running under https and I will authenticate the user using a custom authentication Provider. There's no errors on the server initialization, but the value does not change from 5 minutes(00:05:00)... And I always get the annoying message from the client side saying
The security timestamp is invalid because its creation time ('2011-06-24T15:31:22.338Z') is in the future. Current time is '2011-06-24T15:21:30.923Z' and allowed clock skew is '00:05:00'.
Here you can see my whole Service config file:
<?xml version="1.0"?> <configuration>
<system.web>
<compilation debug="true"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
<services>
<service name="MYSERVICE">
<endpoint address="" binding="customBinding" bindingConfiguration="HTTP" contract="MYCONTRACT">
<identity>
<dns value="https://localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="https://localhost/service"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="False" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="False"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="CUSTOMServiceCredentialsValidator, ASSEMBLY" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="HTTP">
<transactionFlow />
<textMessageEncoding>
<readerQuotas maxStringContentLength="2147483647"/>
</textMessageEncoding>
<security authenticationMode="SecureConversation">
<localClientSettings maxClockSkew="00:10:00"/>
<localServiceSettings maxClockSkew="00:10:00"/>
<secureConversationBootstrap authenticationMode="UserNameOverTransport">
<localClientSettings maxClockSkew="00:10:00"/>
<localServiceSettings maxClockSkew="00:10:00"/>
</secureConversationBootstrap>
</security>
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
</binding>
</customBinding>
</bindings>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
</startup>
What Am I missing? Does anyone faced this issue? I did not found many people facing this situation.
Thanks In Advance
Pedro
You need to set up explicitly a new binding:
http://msdn.microsoft.com/en-us/library/aa738468.aspx
HTH
Related
I have a WCF client written in Visual Studio 2012 that needs to send a List<> containing several hundred items to its server. If it sends ten items, it works. I've had this problem in the past, and I was able to set the MaxBufferSize parameter in the client's config file. However, I stupidly lost that configuration, and I haven't been able to get it work again. I'm probably being completely blind, but I don't see what's wrong.
Here's the config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<appSettings>
<add key="Connection String" value="Dsn=Worthington;uid=anneal;pwd=anneal;Server=localhost;Port=5432" />
<add key="PropertiesFileList" value="Thermal Properties/TPP Tables.xml" />
<add key="TuningFileName" value="HeatModelWSC.xml"/>
<add key="LogPath" value="Logs"/>
<add key="RunType" value="Console"/>
<add key="WriteInitialPredictions" value="False"/>
<add key="WriteRevisedPredictions" value="False"/>
<add key="WriteFinalTemps" value="False"/>
<add key="WriteCurrentTemps" value="True"/>
<add key="WriteTimesToTemp" value="False"/>
<add key="SuppressInitialPredictions" value="YES"/>
<add key="SuppressRevisedPredictions" value="YES"/>
<add key="SuppressOnlinePredictions" value="NO"/>
</appSettings>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="netTcp"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="false"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="SimShopService.SimShopService">
<endpoint address=""
binding="netTcpBinding"
bindingConfiguration="netTcp"
contract="SimShopService.ISimShopServiceLib">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange" />
<host>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
And, in case it matters, here's the server's config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<appSettings>
<add key="WriteInitialPredictions" value="False"/>
<add key="WriteRevisedPredictions" value="False"/>
<add key="WriteFinalTemps" value="False"/>
<add key="WriteCurrentTemps" value="True"/>
<add key="WriteTimesToTemp" value="False"/>
</appSettings>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISimShopServiceLib" />
</basicHttpBinding>
<netTcpBinding>
<binding name="NetTcpBinding_ISimShopServiceLib"
sendTimeout = "00:03:00" />
<binding name="NetTcpBinding_ISimShopServiceLib_Debug"
sendTimeout ="00:30:00"/>
</netTcpBinding>
</bindings>
<client>
<endpoint name="NetTcpBinding_ISimShopServiceLib"
bindingConfiguration="NetTcpBinding_ISimShopServiceLib"
address="net.tcp://localhost:1235/SimShopService"
binding="netTcpBinding"
contract="SimShopServiceReference.ISimShopServiceLib">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint name="NetTcpBinding_ISimShopServiceLib_Debug"
bindingConfiguration="NetTcpBinding_ISimShopServiceLib_Debug"
address="net.tcp://localhost:1236/SimShopService"
binding="netTcpBinding"
contract="SimShopServiceReference.ISimShopServiceLib">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
Please post the complete error details in your thread.
It looks like the file below is more like a client configuration than a server configuration because there is a client section in the configuration. moreover, we could increase the value of the property to the maximum positive INT value since 20KB is too small.
Besides, we had better configure these properties on both the client-side and the server-side.
Server-side.
<system.serviceModel>
<services>
<service name="WcfService1.Service1">
<endpoint address="" binding="netTcpBinding" contract="WcfService1.IService1" bindingConfiguration="mybinding"></endpoint>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="mybinding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647">
<security mode="None">
</security>
<readerQuotas maxDepth="2147483647" maxArrayLength="2147483647" maxStringContentLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
This is also applicable to the binding used in the client service endpoint.
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IService1" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647">
<security mode="None">
<transport sslProtocols="None" />
</security>
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxStringContentLength="2147483647" maxNameTableCharCount="2147483647" maxDepth="2147483647"/>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://vabqia969vm:8866/Service1.svc" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IService1" contract="ServiceReference1.IService1"
name="NetTcpBinding_IService1" />
</client>
</system.serviceModel>
Please pay attention to apply the configuration by using bindingConfiguration property.
Feel free to let me know if there is anything I can help with.
I could use some help writing the config file for my WCF. Everything was working till I tried to include the use of throttling and quotas. Not sure if I am using tags correctly or in the correct place. Below is my App.config file:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6.1" />
</startup>
<appSettings>
<add key="baseAddress" value="http://localhost:8000" />
</appSettings>
<system.serviceModel>
<services>
<service behaviorConfiguration="mexBehaviour" name="StringManipulationService.StringManipulation">
<endpoint address="StringManipulationService" binding="basicHttpBinding"
contract="StringManipulationService.IStringManipulation" />
<endpoint address="StringManipulationService" binding="netTcpBinding"
contract="StringManipulationService.IStringManipulation" />
<endpoint address="" binding="wsHttpBinding"
contract="StringManipulationService.IStringManipulation" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/" />
<add baseAddress="net.tcp://localhost:8090/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="mexBehaviour">
<serviceMetadata httpGetEnabled="true"/>
</behavior>
<behavior name="Throttled">
<serviceThrottling
maxConcurrentCalls="1"
maxConcurrentSessions="1"
maxConcurrentInstances="1"
/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttp" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding>
</bindings>
</configuration>
My code crashes with this exception:
An unhandled exception of type 'System.ServiceModel.ProtocolException' occurred in mscorlib.dll
Additional information: The remote server returned an unexpected response: (413) Request Entity Too Large.
This is my web.config file:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService1.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="WcfService1.CustomValidator, WcfService1"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="WcfService1.Service1" behaviorConfiguration="WcfService1.Service1Behavior" >
<endpoint address="wsHttp" binding="wsHttpBinding" contract="WcfService1.IService1"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses >
<add baseAddress="http://localhost/Service1.svc/wsHttp"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="SafeServiceConf" maxReceivedMessageSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" />
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
And this is my client app.config file:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<configSections>
</configSections>
<connectionStrings>
<add name="WindowsFormsApplication.Properties.Settings.TestTestConnectionString" connectionString="Data Source=;Initial Catalog=TestTest;Persist Security Info=True;User ID=;Password=" providerName="" />
</connectionStrings>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
<system.serviceModel>
<client>
<endpoint address="http://localhost/Service1.svc/wsHttp"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="ServiceReference2.IService1" name="WSHttpBinding_IService1">
<identity>
<userPrincipalName value="Administrator" />
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="64" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" />
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
What am i not seeing?
Thanks in advance for your help.
One problem is that you never assign the binding you defined in your service config to the endpoint, so the service will use the default values for wsHttpBinding. Try assigning the "SafeServiceConf" binding configuration to your endpoint via the bindingConfiguration attribute:
<endpoint address="wsHttp"
binding="wsHttpBinding"
bindingConfiguration="SafeServiceConf"
contract="WcfService1.IService1" />
The service will then use the values you specified rather than the default values.
I need to use Windows authentication in my application along with claim-based authorization using Windows Identity Foundation. I have used following configuration for my service.
<system.identityModel>
<identityConfiguration>
<claimsAuthorizationManager type="Framework.Authorization.AuthorizationManager, ClaimsAuthorizationService"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomTcpBinding" maxConnections="50" openTimeout="01:20:00" receiveTimeout="20.00:00:00" sendTimeout="00:05:00" closeTimeout="01:20:00">
<security authenticationMode="Kerberos" />
<reliableSession/>
<windowsStreamSecurity protectionLevel="None"/>
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
<endpoint address="IDummyRebService"
binding="customBinding" bindingConfiguration="CustomTcpBinding"
contract="Framework.Authorization.IDummyRebService"
name="IDummyRebService"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
<host>
<timeouts closeTimeout="00:00:01"/>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Framework.Authorization.DummyRebServiceBehavior">
<serviceCredentials useIdentityConfiguration="true" />
<serviceAuthorization principalPermissionMode="Always" />
<serviceMetadata httpGetEnabled="True"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I encounter some or other problem as I am working by trial and error but can't find a sure shot solution. Currently the service fails to start because of "Contract required two way, but binding doesn't support..." error. Apart from that previously I was getting userName (authorizationContext.Principal.Identity.Name) as null in the CheckAccess method of AuthorizationManager (derived from ClaimsAuthorizationManager) whenever I try to add the service in WCF Test Client.
Basically I need to configure service such that the WCF service gets Windows Principal when-ever it gets call from client.
Any help would be appreciated. I can provide more details if needed.
After much trial and error, the following configuration has worked for me.
<configuration>
<configSections>
<section name="system.identityModel" type="System.IdentityModel.Configuration.SystemIdentityModelSection, System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
</configSections>
<system.identityModel>
<identityConfiguration>
<claimsAuthenticationManager type = "Framework.Services.Security.PrincipalTransformer, ClaimsAuthorizationService"/>
<claimsAuthorizationManager type="Framework.Services.Security.AuthorizationManager, ClaimsAuthorizationService"/>
</identityConfiguration>
</system.identityModel>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomTcpBinding" closeTimeout="01:20:00" openTimeout="00:00:30"
receiveTimeout="20.00:00:00" sendTimeout="00:05:00">
<reliableSession />
<windowsStreamSecurity protectionLevel="None" />
<tcpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service behaviorConfiguration="Framework.Authorization.DummyRebServiceBehavior" name="Framework.Authorization.DummyRebService">
<endpoint address="IDummyRebService"
binding="customBinding" bindingConfiguration="CustomTcpBinding"
contract="Framework.Authorization.IDummyRebService"
name="IDummyRebService"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
<host>
<timeouts closeTimeout="00:00:01"/>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8234//DummyRebService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="Framework.Authorization.DummyRebServiceBehavior">
<serviceSecurityAudit auditLogLocation="Application" messageAuthenticationAuditLevel="SuccessOrFailure" serviceAuthorizationAuditLevel="SuccessOrFailure" suppressAuditFailure="True"/>
<serviceCredentials useIdentityConfiguration="true"/>
<serviceAuthorization principalPermissionMode="Always"/>
<serviceMetadata httpGetEnabled="False"/>
<dataContractSerializer maxItemsInObjectGraph="1000000000"/>
<serviceDebug includeExceptionDetailInFaults="True"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5"/>
</startup>
</configuration>
I'm trying to retrieve the logged in windows user in a WCF service.
I've tried using ServiceSecurityContext but Current is always null.
ServiceSecurityContext.Current.WindowsIdentity.Name
I've also tried using OperationContext. In this case ServiceSecurityContext returns as null.
OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name
Here's my web.config:
<bindings>
<basicHttpBinding>
<binding name="HttpWindowsBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
also
<authentication mode="Windows"/>
Can anyone see what I'm doing wrong?
UPDATE:
I abandoned trying to get ServiceSecurityContext to work. In the end, I found a solution by setting aspNetCompatibilityEnabled="true".
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
I also added the following attribute to my service class:
[System.ServiceModel.Activation.AspNetCompatibilityRequirements(RequirementsMode = System.ServiceModel.Activation.AspNetCompatibilityRequirementsMode.Required)]
This allowed me to retrieve the windows user with:
HttpContext.Current.User.Identity.Name
I got the same error and managed to solved it, you need not to use basichttpBinding. bellow is my config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MSADC">
<security mode ="Message">
<transport clientCredentialType="Windows" />
<message establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="WCFAuthentication.WCFAuthentication">
<endpoint bindingConfiguration="MSADC" address="" binding="wsHttpBinding" contract="WCFAuthentication.IWCFAuthentication">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8088" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<appSettings>
<add key="wcf:disableOperationContextAsyncFlow" value="false" />
</appSettings>
</configuration>