I decided to migrate my legacy web service over to a WCF service called ServiceZ.svc. While moving things over went off without any issues and the application compiles AND I have other WCF TCP services running on my development machine, I cannot get this HTTP WCF service to load. I keep getting 404 errors no matter what I try - can somebody please review the included web.config section and help me figure out what is wrong? Thanks!
<system.serviceModel>
<services>
<service name="ServiceZ">
<endpoint address="http://localhost/Website/ServiceZ" binding="basicHttpBinding"
name="MainHttpPoint" contract="IServiceZ" />
<endpoint address="mex" binding="mexHttpBinding" name="MexEP"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/Website/ServiceZ" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding openTimeout="0:10:00" sendTimeout="00:10:00" />
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Depending how you want to configure this, you can take the following approach:
1) In the serviceBehaviors I tend to add the following within the behavior: (completely optional)
<useRequestHeadersForMetaAddress>
<defaultPorts>
<add scheme="http" port="__PORT__" />
</defaultPorts>
</useRequestHeadersForMetaAddress>
This makes the service accessible with either a query using localhost, localserver1, www.webserver2.com, or fully.qualified.domain.com. (Makes for less headaches IMHO).
2) The endpoint addresses are relative to the baseAddress. That as to say you can use address="" for your default binding and address="mex" for your mexHttpBinding, given that baseAddress="http://localhost:__PORT__/Website/ServiceZ"
Most likely your WSDL problem is due to a mix of the two problems (basically, the service is saying all markup can be found on localhost (as specified by the endpoint address)--which is true when you run it locally, however when it's on a remote server this is no longer the case)
Related
Guys I've been looking at a ton of blogs, SO posts this week and I am still unsure as to how I convert my WCF service from HTTP bindings to using Named Pipes.
I think there are different ways to do it, but I am using the web.configs and using a service reference in my code.
Rather than detail everything here I've tried, can I ask this question?
What are the steps I need to take to go from HTTP Binding to Named Pipes?
Do I need this MEX thing I see mentioned in (some) blogs/SO posts?
I know I need to set IIS to enabled protocols: net.pipe... and that IIS Express doesn't support this (that took an afternoon!)
Some relevant code, what I have right now:
in IEmployeeData:
namespace Mobile.ServiceLayer {
[ServiceContract]
public interface IEmployeeData
{ ... }
Calling the WCF service:
string endpointConfigName = "BasicHttpBinding_IEmployeeData";
EmployeeSvcRef.EmployeeDataClient edc = new EmployeeSvcRef.EmployeeDataClient(endpointConfigName);
EmployeeSvcRef.EmployeeListResponse emp = edc.EmployeeList();
WCF service web.config:
<services>
<service name="Mobile.ServiceLayer.EmployeeData">
<host>
<baseAddresses>
<add baseAddress="http://localhost:62734/EmployeeData" />
</baseAddresses>
</host>
</service>
...
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
client web.config:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IEmployeeData" />
...
<client>
<endpoint address="http://localhost:62734/EmployeeData.svc" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_IEmployeeData" contract="EmployeeSvcRef.IEmployeeData"
name="BasicHttpBinding_IEmployeeData" />
Like I said I've looked at SO posts and blogs but there's always a piece of the puzzle missing it seems!
EDIT: Client web.config after wizard:
<endpoint address="net.pipe://localhost/EmployeeData.svc/" binding="netNamedPipeBinding"
bindingConfiguration="NewBinding0" contract="IEmployeeData"
name="" kind="" endpointConfiguration="">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine"
x509FindType="FindBySubjectDistinguishedName" />
</identity>
</endpoint>
Ok this is what I did. You may find it easier to use the built-in tools mentioned in Max's comments. Right click on a web.config and choose Edit WCF Configuration. Get the WCF service done first and, providing the endpoints are set up, running this on the client (right click it's web.config) will present you with a wizard.
SERVER WEB.CONFIG
Service name is the fully-qualified name of the interface e.g. Mobile.ServiceLayer.IEmployeeData
The base address changes to
net.pipe://localhost/EmployeeData.svc
. Notice the port number is removed and the .svc is present(!)
Create an endpoint, the contract being your interface and binding of type netNamedPipeBinding.
Add a second endpoint for MEX which is MetadataEXchange.
Set ServiceMetaData httpGetEnabled to false.
<system.serviceModel>
<services>
<service name="Mobile.ServiceLayer.IEmployeeData">
<host>
<baseAddresses>
<add baseAddress="net.pipe://localhost/EmployeeData.svc" />
</baseAddresses>
</host>
<!-- NetPipe -->
<endpoint
address=""
binding="netNamedPipeBinding"
contract="IEmployeeData" name="MyNetPipe" />
<!-- Mex (Net.Tcp / Net.Pipe ) -->
<endpoint name="EmployeeDataNetPipeMex" address="mex" binding="mexNamedPipeBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
CLIENT WEB.CONFIG
Remove the binding entry from 'basicHttpBinding'
Add the section with an entry named NetNamedPipeBinding_IEmployeeData
Inside 'client' add an endpoint with the address
net.pipe://localhost/EmployeeData.svc
the contract being the 'referencename'.'interface'
<bindings>
<basicHttpBinding>
</basicHttpBinding>
<netNamedPipeBinding>
<binding name="NetNamedPipeBinding_IEmployeeData" />
</netNamedPipeBinding>
</bindings>
<client>
<endpoint address="net.pipe://localhost/EmployeeData.svc" binding="netNamedPipeBinding"
bindingConfiguration="NetNamedPipeBinding_IEmployeeData" contract="EmployeeSvcRef.IEmployeeData"
name="NetNamedPipeBinding_IEmployeeData" />
</client>
I understand that there are many posts about this, and I've been through all of them that came up on my search and implemented everything that was mentioned. I have a WCF web service that works on my local system on HTTP, and it worked on the server on HTTP. But the client requires that this works through HTTPS. The miriad of posts on this and other sites shows me that this is not as straight forward as it should be, since before this, the ASMX web service "just worked" and didn't need complicated configuration.
I'm getting the following error with my current configuration:
Could not find a base address that matches scheme https for the
endpoint with binding WSHttpBinding. Registered base address schemes
are [http].
Here is my code as of this moment, after trying for days to configure this to work to no avail:
<system.serviceModel>
<!-- -->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" >
<baseAddressPrefixFilters>
<add prefix="https://mysite.com"/>
<add prefix="http://mysite.com"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<!-- Set up Custom Behaviors -->
<behaviors>
<endpointBehaviors>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WebPostService.WebPostServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Set up the binding configuration -->
<bindings>
<wsHttpBinding>
<binding name="SOAPBinding"
>
<security mode="Transport">
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service
behaviorConfiguration="WebPostService.WebPostServiceBehavior"
name="WebPostService.WebPostService"
>
<host>
<baseAddresses>
<add baseAddress="https://mysite.com/Services/WebPostService.svc"/>
</baseAddresses>
</host>
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="SOAPBinding"
contract="WebPostService.IWebPostService"
>
<identity>
<dns value="mysite.com" />
</identity>
</endpoint>
<endpoint
address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange"
>
</endpoint>
</service>
</services>
</system.serviceModel>
What am I doing wrong and how can I get this to work over HTTPS? I'm frustrated that this is not as simple as it should be. I have been burried in WCF documentation at MSDN for the months working on this project, and have a good grasp of services, end-points and bindings --- enough to frustrate me even more than if I had no knowledge at all.
UPDATE: Still working on this, I had an odd error when trying to put the full URL for the mex address. I changed to this:
address="https://prcwebs.com/Services/WebPostService.svc/mex"
and got the error:
Security settings for this service require Windows Authentication but
it is not enabled for the IIS application that hosts this service.
I'm not trying to use Windows Authentication, the security setting wasn't changed and is still set to
<security mode="Transport" />
Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]
- was not helpful, nothing mentioned that would help
Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding
- I'm using transport security, this does not apply. tried changing to different security modes, still could not get site to work.
Add multipleSiteBindingsEnabled="true" to the serviceHostingEnvironment and update the security to disable client credentials:
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
EDIT
My final working version under windows 2003 was with the following config.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" />
<!-- Set up Custom Behaviors -->
<behaviors>
<endpointBehaviors>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="WebPostService.WebPostServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Set up the binding configuration -->
<bindings>
<wsHttpBinding>
<binding name="SOAPBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WebPostService.WebPostServiceBehavior"
name="WcfService2.Service1">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Service/Service1.svc"/>
</baseAddresses>
</host>
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="SOAPBinding"
contract="WcfService2.IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange">
</endpoint>
</service>
</services>
</system.serviceModel>
You can access the website with https so I guess the certificate part of the installation is correct. If you have anything you want to compare with my setup, let me know.
You are using the wrong bindings for HTTPS.
There is two separate binding classes. wsHttpBinding and wsHttpsBinding notice the s.
You need to add a wsHttpsBinding for HTTPS under bindings and you need a new endpoint for that binding.
Also the particular error you are seeing typically I get to see if IIS hasn't been setup for https from that location.
Open IIS Manager
Open Sites
Right click on Default Web Site.
Edit Bindings
Ensure that there is an entry for https as well as http.
Open IIS Manager
Find your application (I think its going to be Default Web Site).
Right click
Manage Website/Application
Advanced Settings
Enabled Protocols
http,https
I used this and it worked for me, maybe it can help you
To enable the Https on WCF WsHttp bindings, there are some simple steps that should be changed in the web.config file.
Those steps are:
Enable transport level security in the web.config file of the service:
In this step you need to change the security mode from none to Transport. The code below shows how you can do it:
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Tie up the binding and specify the HTTPS configuration
You need to now associate the bindings, the previews step, with the end points. use the bindingConfiguration tag to specify the binding name. You also need to specify the address where the service is hosted. The code below shows how you can do it
<service name="WCFWSHttps.Service1" behaviorConfiguration="WCFWSHttps.Service1Behavior">
<!-- Service Endpoints -->
<endpoint address=https://localhost/WCFWSHttps/Service1.svc binding="wsHttpBinding" bindingConfiguration="TransportSecurity" contract="WCFWSHttps.IService1"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
.
you also need to change httpGetEnabled to httpsGetEnabled in the serviceMetaData. The code below shows how you can it:
<serviceMetadata httpsGetEnabled="true"/>
Hope it helped
I've used your exact configuration in 3.5 setting and it works with Transport mode using clientCredentialType="None" as mentioned below in Luuk's answer. But just to be sure, I went ahead an created a sample project to simulate as much of your environment as I could gather from the information here.
To simulate your environment I set my IIS (7.5) to use standard Asp.Net 2.0 Integrated app pool. I added 3 http bindings and 3 https bindings in order to simulate your "can have only one address per scheme issue" and baseAddressPrefixFilters works with that.
I only did a search and replace on mysite.com to localhost. Below is the copy paste of exact configuration that I used to produce the screenshot:
web.config
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" />
<authentication mode="None"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<!-- -->
<serviceHostingEnvironment aspNetCompatibilityEnabled="true">
<baseAddressPrefixFilters>
<add prefix="https://localhost"/>
<add prefix="http://localhost"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
<!-- Set up Custom Behaviors -->
<behaviors>
<endpointBehaviors/>
<serviceBehaviors>
<behavior name="WebPostService.WebPostServiceBehavior">
<serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<!-- Set up the binding configuration -->
<bindings>
<wsHttpBinding>
<binding name="SOAPBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WebPostService.WebPostServiceBehavior" name="WebPostService.WebPostService">
<host>
<baseAddresses>
<add baseAddress="https://localhost/Services/WebPostService.svc"/>
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="SOAPBinding" contract="WebPostService.IWebPostService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>
</services>
</system.serviceModel>
</configuration>
Here's the result:
You'll notice that WebPostService.svc appears twice in mex full url. You need to drop httpsGetUrl to be only mex instead of WebPostService.svc/mex (or drop it out altogether, and it still works fine on my side)
If you'd like to discuss this or what could be different between our envinronments besides IIS version, I'm in WPF chat room almost all day (another 5-6 hours).
I have a simple test purpose WCF service. I'm trying to host it under IIS 7.5 ( Windows 7 ) but no luck so far. I'm getting error
Cannot obtain Metadata from net.tcp://localhost/TestApp2/MyService
I have a web site TestApp2 under Default Web Site, I enabled tcp on Default Web Site and TestApp2. Here is my web.config file, while I realize that this error simply states that I didn't have endpoint for metadata exchange, I can't see what's the problem because I included endpoint for metadata exchange.
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior" name="MyService">
<endpoint address="net.tcp://localhost/TestApp2/MyService"
binding="netTcpBinding"
bindingConfiguration="PortSharingBinding"
contract="II7WcfService.IService1" />
<endpoint address="MEX"
binding="mexTcpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost/TestApp2/MyService" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="PortSharingBinding" portSharingEnabled="true">
<security mode="None"/>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="False" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
Thanks.
My guess is your service isn't actually called MyService but rather it is in a namespace. This means your declared endpoints are not getting picked up, and the default ones (which doesn't include IMetadataExchange) are being used instead.
Add the name of your namespace to the attribute in the config and it should work.
I have been successfull in implementing NetTcp bindings and metadata under WAS but I am having a problem with the netMsmqBinding under WAS/IIS. In a nutshell, I can implement MEX for a Self Hosted NetMsmq binding application but not WAS/IIS. It seems like WAS is rejecting any of the addresses that I use where I can use any address in the self hosted app. In other words I can do this in self hosted:
<system.serviceModel>
<services>
<service name="Microsoft.Samples.MSMQTransactedSample.OrderProcessorService" behaviorConfiguration="OrderProcessorServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/ServiceModelSamples/service" />
</baseAddresses>
</host>
<!-- Define NetMsmqEndpoint -->
<endpoint address="net.msmq://localhost/private/ServiceModelSamplesTransacted" binding="netMsmqBinding" bindingConfiguration="TransactedBinding" contract="Microsoft.Samples.MSMQTransactedSample.IOrderProcessor" />
<!-- the mex endpoint is exposed at http://localhost:8000/ServiceModelSamples/service/mex -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="OrderProcessorServiceBehavior">
<serviceMetadata httpGetEnabled="True" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netMsmqBinding>
<binding name="TransactedBinding">
<security mode="None" />
</binding>
</netMsmqBinding>
</bindings>
</system.serviceModel>
Hoever, when I try something similar in WAS, it says no endpoint lisening at address 8000. It won't host the metdata. Can someone help me get metadata or implement MEX for NetMsmq in WAS:
<system.serviceModel>
<bindings>
<netMsmqBinding>
<binding name="MsmqBindingNonTransactionalNoSecurity" exactlyOnce="false">
<security mode="None"/>
</binding>
</netMsmqBinding>
</bindings>
<services>
<service name="Portal.LoadSim.Services.MsmqService" behaviorConfiguration="PortalServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/PortalLoadSimServices10/MsmqService"/>
</baseAddresses>
</host>
<!-- Define NetMsmqEndpoint -->
<endpoint address="net.msmq://localhost/private/PortalLoadSimServices10/MsmqService.svc" binding="netMsmqBinding" bindingConfiguration="MsmqBindingNonTransactionalNoSecurity" contract="Portal.LoadSim.Shared.IMsmqService" />
<!-- the mex endpoint is exposed at http://localhost:8000/PortalLoadSimServices10/MsmqService/mex -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PortalServiceBehavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
You need to add URL access control for your services. This command should work for you:
netsh http add urlacl url=http://localhost:8000/PortalLoadSimServices10/MsmqService user="NT AUTHORITY\NetworkService" listen=yes
To delete the entry
delete urlacl url=http://localhost:8000/PortalLoadSimServices10/MsmqService
HTH
UPDATE: This is not the anwer to your problem. This is what you would do if you wanted to run the services as a self-hosted application and run it under non-standard account. Sorry I was getting it mixed up. I tried using your configuration on a sample application at home and found I had to do two things to get it to work - one, I have to rename the queue to the path and name of the svc file (e.g. PortalLoadSimServices10/MsmqService.svc) and rather than using the base address just browse to the svc file in your IIS host application. You might also need to modify the queue permissions so iis can access it correctly. Let me know if this solves your issue.
I've written a WCF web service for consumption by a Silverlight app. Initially, the service only required a basic http binding. We now need to be able to deploy the service for use under both http and https. I've found some settings for web.config that allow me to do this as follows:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="SilverlightFaultBehavior">
<silverlightFaults />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="CxtMappingWebService.CxtMappingWebServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="SecureHttpBinding">
<security mode="Transport" />
</binding>
<binding name="BasicHttpBinding">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="CxtMappingWebService.CxtMappingWebService" behaviorConfiguration="CxtMappingWebService.CxtMappingWebServiceBehavior">
<endpoint address="" bindingConfiguration="SecureHttpBinding" binding="basicHttpBinding" contract="CxtMappingWebService.ICxtMappingWebService" behaviorConfiguration="SilverlightFaultBehavior" />
<endpoint address="" bindingConfiguration="BasicHttpBinding" binding="basicHttpBinding" contract="CxtMappingWebService.ICxtMappingWebService" behaviorConfiguration="SilverlightFaultBehavior" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Unfortunately, however, there's a problem with this.
This web service needs to be deployed to hundreds of our customers' servers, and not all of them will be using https. Deploying it to a server that doesn't have an https binding set up in IIS causes it to fail. Is there a way to have both of these bindings in the web.config by default without it dying if there's not an https binding set up in IIS?
We've got a possible solution for this problem, but it doesn't really fit well with our deployment requirements.
Has anybody else encountered anything like this before, and how did you resolve it?
The accepted answer on this page is not of much use if you don't use an installer.
The correct answer lies in a later edit by the OP himself, all one needs to do is bind both http and https ports in IIS and then use the configuration below.
<service name="CxtMappingWebService.CxtMappingWebService" behaviorConfiguration="CxtMappingWebService.CxtMappingWebServiceBehavior">
<endpoint address="" bindingConfiguration="SecureHttpBinding" binding="basicHttpBinding" contract="CxtMappingWebService.ICxtMappingWebService" behaviorConfiguration="SilverlightFaultBehavior" />
<endpoint address="" bindingConfiguration="BasicHttpBinding" binding="basicHttpBinding" contract="CxtMappingWebService.ICxtMappingWebService" behaviorConfiguration="SilverlightFaultBehavior" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
That worked just fine for me!
In the end, we decided to go with external files using the configSource attribute for the bindings, behaviors, and services sections of the web.config, like so:
<bindings configSource="bindings.config" />
<behaviors configSource="behaviors.config" />
<services configSource="services.config" />
This way, we deploy it by default with those external files set up for http access only, and give the customer instructions (or assist them) on how to edit the external files to set up for https access. This also allows us to deploy future changes to the web.config itself without overwriting the external config files.
This would be handled by the installer you use to deploy the service. It should be a prerequisite (or at least leave an option in the installer) to deploy the both endpoints or only the http one.
Two of your endpoints have the same URI. This is not permitted in WCF. You should be able to specify endpoints with different bindings, but the URI's must be different (i.e. different port number or different contract).