Convert wsHttpBinding to customBinding - wcf

How do I convert the following wsHttpBinding to a customBinding? I need to so this so I can increase the clock skew. This is for http.
<wsHttpBinding>
<binding name="wsHttpSecurityOptions" maxReceivedMessageSize="10485760" maxBufferPoolSize="524288">
<security mode="Message">
<message clientCredentialType="UserName" establishSecurityContext="true" negotiateServiceCredential="true"/>
<transport clientCredentialType="Certificate" proxyCredentialType="None"/>
</security>
<readerQuotas maxStringContentLength="500000"/>
</binding>
</wsHttpBinding>
My attempt (as follows) fails with the error message "Could not find a base address that matches scheme https for the endpoint with binding CustomBinding" but I can't see how else to configure UserName Message mode security.
<customBinding>
<binding name="wsHttpSecurityOptions">
<transactionFlow />
<security authenticationMode="UserNameForSslNegotiated">
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated">
<localServiceSettings maxClockSkew="00:10:00" />
</secureConversationBootstrap>
<localServiceSettings maxClockSkew="00:10:00" />
</security>
<textMessageEncoding>
<readerQuotas maxStringContentLength="500000"/>
</textMessageEncoding>
<httpsTransport maxReceivedMessageSize="10485760" maxBufferPoolSize="524288" />
</binding>
</customBinding>

After some more searching I found a cool tool by Yaron Naveh that does the conversion which produces the following (I've added in the clock skews)
<customBinding>
<binding name="wsHttpSecurityOptions">
<transactionFlow />
<security authenticationMode="SecureConversation" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap authenticationMode="UserNameForSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localServiceSettings maxClockSkew="00:10:00" />
</secureConversationBootstrap>
<localServiceSettings maxClockSkew="00:10:00" />
</security>
<textMessageEncoding />
<httpTransport maxBufferSize="10485760" maxReceivedMessageSize="10485760" />
</binding>
</customBinding>
Thanks again to Yaron and I wish I'd found it before asking another question which I've self answered 50mins after asking it (which is a record for me :))

Check this solution. It creates a custom binding via code, mofifies its clock skew, and sets it as the binding to use.
(source: http://sandrinodimattia.net/blog/posts/wcf-and-fixing-clienthost-time-issues-maxclockskew-quickly/)
ServiceHost service = new ServiceHost(typeof(Calculator));
Binding currentBinding = service.Description.Endpoints[0].Binding;
// Set the maximum difference in minutes
int maxDifference = 300;
// Create a custom binding based on an existing binding
CustomBinding myCustomBinding = new CustomBinding(currentBinding);
// Set the maxClockSkew
var security = myCustomBinding.Elements.Find<SymmetricSecurityBindingElement>();
security.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
security.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
// Set the maxClockSkew
var secureTokenParams = (SecureConversationSecurityTokenParameters)security.ProtectionTokenParameters;
var bootstrap = secureTokenParams.BootstrapSecurityBindingElement;
bootstrap.LocalClientSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
bootstrap.LocalServiceSettings.MaxClockSkew = TimeSpan.FromMinutes(maxDifference);
// Update the binding of the endpoint
service.Description.Endpoints[0].Binding = myCustomBinding;

Related

How do I support streaming in WSFederationHttpBinding?

I have a wcf service which is used to upload and download large files to server. I'm using MTOM message encoding and I want to use streamed transfer mode. But we are using wsFederationHttpBinding. How do I support streaming in wsFederationHttpBinding?
My WCF Service web.config code is given below,
<wsFederationHttpBinding>
<binding name="UploadserviceFederation"
messageEncoding="Mtom"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647" >
<readerQuotas maxStringContentLength="2147483647"
maxDepth="2147483647"
maxBytesPerRead="2147483647"
maxArrayLength="2147483647"/>
<security mode="TransportWithMessageCredential">
<!-- Ping token type MUST be SAML 1.1, do not change -->
<message
issuedTokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1" negotiateServiceCredential="false">
<!-- TODO: You must put the proper issuer URN of the Ping STS; normally this would be the Ping base URL -->
<issuer address="https://my-issuer.com" binding="customBinding" bindingConfiguration="FileUploadSTSBinding" />
</message>
</security>
</binding>
</wsFederationHttpBinding>
<customBinding>
<binding name="FileUploadSTSBinding">
<security authenticationMode="UserNameOverTransport" requireDerivedKeys="false"
keyEntropyMode="ServerEntropy" requireSecurityContextCancellation="false"
requireSignatureConfirmation="false">
</security>
<httpsTransport maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
It's been a few years, so I don't know if this still helps, but I came across this post while trying to figure out the same issue, so it might help someone.
As it turns out, it's actually pretty simple..once you get the dance just right.
Probably the easiest thing (and what I tried first) is to inherit from WS2007FederationHttpBinding. As it turns out, it has a GetTransport method that's virtual, so you can override it and return an instance of HttpsTransport with TransferMode set to Streamed:
public class FileUploadSTSBinding : WS2007FederationHttpBinding
{
protected override TransportBindingElement GetTransport()
{
return new HttpsTransportBindingElement()
{
TransferMode = TransferMode.Streamed
};
}
}
However, doing this revealed something else: since my binding was no longer a recognized binding type, svcutil didn't treat it like a WS2007FederationHttpBinding anymore, but rather as a custom binding, which lead to the client-side configuration being generated as a stack of binding elements rather than using the shortcuts provided by the federation binding:
<customBinding>
<binding name="CustomBinding_ISdk">
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
requireDerivedKeys="true" includeTimestamp="true" messageSecurityVersion="WSSecurity11WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10">
<issuedTokenParameters keyType="BearerKey">
<additionalRequestParameters>
<trust:SecondaryParameters xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
<trust:KeyType xmlns:trust="http://docs.oasis-open.org/ws-sx/ws-trust/200512">http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer</trust:KeyType>
</trust:SecondaryParameters>
</additionalRequestParameters>
</issuedTokenParameters>
<localClientSettings detectReplays="false" />
<localServiceSettings detectReplays="false" />
</security>
<textMessageEncoding />
<httpsTransport />
</binding>
..which shows what the underlying binding elements actually are, which lets you tweak them all you like. And, as it turns out, they're really not that different from the actual binding since the only really special part is the security element, and it doesn't change much.
Hope that helps.
You will have to enable streamed transfer mode in a custom binding since only the BasicHttpBinding, NetTcpBinding and NetNamedPipeBinding bindings expose the TransferMode property. See this article for an example.

The max message size quota for incoming messages (65536) ....To increase the quota, use the MaxReceivedMessageSize property

I got this crazy problem I'm trying to deal with. I know that when we're getting huge amount of data we must increase the quota on client .config file, but what am I supposed to do if my client is sending huge data "to" the WCF server?
It works perfectly normal when I'm sending small sized input parameter. Unfortunately, it breaks down when the input grows bigger.
Debugger it says:
Bad Request, 400;
on trace file it is:
The maximum message size quota for incoming messages (65536) has
been exceeded. To increase the quota, use the MaxReceivedMessageSize
property on the appropriate binding element.
Is there some way to increase this quota of incomming data on the server side? if so, how?
Here's my sample config related parts:
<bindings>
<basicHttpBinding>
<binding name="MyBasicHttpBinding"
closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00"
sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="64" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyWcfService">
<endpoint address="http://myservice..."
binding="basicHttpBinding" bindingConfiguration="MyBasicHttpBinding"
name="MyBasicHttpBinding" contract="IMyContract" />
</service>
</services>
and here's my client-side code (I create it dynamically):
var binding = new BasicHttpBinding();
binding.MaxBufferPoolSize = 2147483647;
binding.MaxBufferSize = 2147483647;
binding.MaxReceivedMessageSize = 2147483647;
binding.ReaderQuotas.MaxStringContentLength = 2147483647;
binding.ReaderQuotas.MaxArrayLength = 2147483647;
binding.ReaderQuotas.MaxDepth = 2147483647;
binding.ReaderQuotas.MaxBytesPerRead = 2147483647;
var address = new EndpointAddress("http://mylocalservice..");
ChannelFactory<IMyContract> factory = new ChannelFactory<IMyContract>(binding, address);
foreach (OperationDescription op in factory.Endpoint.Contract.Operations)
{
DataContractSerializerOperationBehavior dataContractBehavior =
op.Behaviors.Find<DataContractSerializerOperationBehavior>()
as DataContractSerializerOperationBehavior;
if (dataContractBehavior != null)
{
dataContractBehavior.MaxItemsInObjectGraph = 2147483646;
}
}
public IMyContract MyClientObject = factory.CreateChannel();
You can set the MaxReceivedMessageSize property on the service via the service's config file.
Setting the client's MaxReceivedMessageSize only affects messages received by the client; it has no effect on messages received by the service. Correspondingly, to allow the service to receive large messages, you need to set the service's config file.
Sample Service Config
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="MyBinding" maxReceivedMessageSize="2147483647" />
</wsHttpBinding>
</bindings>
<services>
<service name="MyService">
<endpoint address="http://myservice" binding="wsHttpBinding"
bindingConfiguration="MyBinding" contract="IMyServiceContract" />
</service>
</services>
</system.serviceModel>
The above is a very stripped down config file, but shows the relevant parts. The important part is that you define the binding and give it a name, and set any values explicitly that are different from the defaults, and use that name in the bindingConfiguration attribute on the endpoint element.
My problem was with the wcf test client. For some reason, it wouldn't generate a client config with the increased maxReceivedMessageSize. My fix was to right click "Config file" -> "Edit with SvcConfigEditor" -> bindings -> maxReceivedMessageSize.
This issue can be resolved by adding the below additional binding node to the binding section of config file.
<basicHttpBinding>
<binding maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>

The maximum message size quota for incoming messages (65536) has been exceeded

I get this exception while creating scope for few tables all those tables are huge in design
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_ISyncServices" closeTimeout="00:10:00"
openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows"
proxyCredentialType="None" realm="">
<extendedProtectionPolicy policyEnforcement="Never" />
</transport>
<message clientCredentialType="Windows"
negotiateServiceCredential="true" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
I have made MaxReceivedMessageSize to 2147483647
but still it is giving me below exception at this line
client.GetTableDescription(scopeName, syncTable)
The maximum message size quota for incoming messages (65536) has been exceeded.
To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element.
As per this question's answer
You will want something like this:
<bindings>
<basicHttpBinding>
<binding name="basicHttp" allowCookies="true"
maxReceivedMessageSize="20000000"
maxBufferSize="20000000"
maxBufferPoolSize="20000000">
<readerQuotas maxDepth="32"
maxArrayLength="200000000"
maxStringContentLength="200000000"/>
</binding>
</basicHttpBinding> </bindings>
Please also read comments to the accepted answer there, those contain valuable input.
If you are using CustomBinding then you would rather need to make changes in httptransport element.
Set it as
<customBinding>
<binding ...>
...
<httpsTransport maxReceivedMessageSize="2147483647"/>
</binding>
</customBinding>
Updating the config didn't work for me, but I was able to edit the binding programmatically:
private YourAPIClient GetClient()
{
Uri baseAddress = new Uri(APIURL);
var binding = new BasicHttpBinding();
binding.MaxReceivedMessageSize = 20000000;
binding.MaxBufferSize = 20000000;
binding.MaxBufferPoolSize = 20000000;
binding.AllowCookies = true;
var readerQuotas = new XmlDictionaryReaderQuotas();
readerQuotas.MaxArrayLength = 20000000;
readerQuotas.MaxStringContentLength = 20000000;
readerQuotas.MaxDepth = 32;
binding.ReaderQuotas = readerQuotas;
if (baseAddress.Scheme.ToLower() == "https")
binding.Security.Mode = BasicHttpSecurityMode.Transport;
var client = new YourAPIClient(binding, new EndpointAddress(baseAddress));
return client;
}
You need to make the changes in the binding configuration (in the app.config file) on the SERVER and the CLIENT, or it will not take effect.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding maxReceivedMessageSize="2147483647 " max...=... />
</basicHttpBinding>
</bindings>
</system.serviceModel>
You also need to increase maxBufferSize. Also note that you might need to increase the readerQuotas.
This worked for me:
Dim binding As New WebHttpBinding(WebHttpSecurityMode.Transport)
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
binding.MaxBufferSize = Integer.MaxValue
binding.MaxReceivedMessageSize = Integer.MaxValue
binding.MaxBufferPoolSize = Integer.MaxValue
For me, the settings in web.config / app.config were ignored. I ended up creating my binding manually, which solved the issue for me:
var httpBinding = new BasicHttpBinding()
{
MaxBufferPoolSize = Int32.MaxValue,
MaxBufferSize = Int32.MaxValue,
MaxReceivedMessageSize = Int32.MaxValue,
ReaderQuotas = new XmlDictionaryReaderQuotas()
{
MaxArrayLength = 200000000,
MaxDepth = 32,
MaxStringContentLength = 200000000
}
};
My solution was to use the "-OutBuffer 2147483647" parameter in my query, which is part of the Common Parameters.
PS C:> Get-Help about_CommonParameters -Full

WCF service The maximum array length quota (16384) has been exceeded

I have a wsf service and a client application. While trying to communicate the client and the service I've gotten the following message:
"The formatter threw an exception while trying to deserialize the message: There was an error while trying to deserialize parameter http://tempuri.org/:blob. The InnerException message was 'There was an error deserializing the object of type FileBlob. The maximum array length quota (16384) has been exceeded while reading XML data. This quota may be increased by changing the MaxArrayLength property on the XmlDictionaryReaderQuotas object used when creating the XML reader. Line 1, position 25931.'. Please see InnerException for more details."
I have the customBinding element and it doesn't allow me to insert "readerQuotas" section. In both the client and service configs I have the following binding element:
<customBinding>
<binding name="LicenseServiceBinding"
closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00">
<security authenticationMode="UserNameOverTransport">
<localClientSettings maxClockSkew="00:07:00" />
<localServiceSettings maxClockSkew="00:07:00" />
</security>
<windowsStreamSecurity />
<httpsTransport maxReceivedMessageSize="2147483646"/>
</binding>
</customBinding>
Thanks in advance for any help:)
Actually, I've solved the problem by adding readerQuotas within textMessageEncoding section.
Thanks for the help.
<textMessageEncoding messageVersion="Soap11">
<readerQuotas maxDepth="32" maxStringContentLength="5242880" maxArrayLength="2147483646" maxBytesPerRead="4096" maxNameTableCharCount="5242880"/>
</textMessageEncoding>
You should be able to add a <readerQuotas> element inside the <binding> element:
<customBinding>
<binding name="LicenseServiceBinding"
closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00">
<security authenticationMode="UserNameOverTransport">
<localClientSettings maxClockSkew="00:07:00" />
<localServiceSettings maxClockSkew="00:07:00" />
</security>
<readerQuotas maxArrayLength="32768" />
<windowsStreamSecurity />
<httpsTransport maxReceivedMessageSize="2147483646"/>
</binding>
</customBinding>
You mentioned that it "doesn't allow me to insert". What error message do you get?

WCFTestClient The HTTP request is unauthorized with client authentication scheme 'Anonymous'

I've created one WCF service and deployed it on Server. When I browse this service it gives me positive response with ?wsdl URL. Now I'm trying to test the service through WCF Test client. It shows proper metadata. But when I try to invoke any of the method from the service it shows me an exception... here are the erro details with stack trace..
The HTTP request is unauthorized with
client authentication scheme
'Anonymous'. The authentication header
received from the server was
'Negotiate,NTLM'.
Server stack trace:
at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest
request, HttpWebResponse response,
WebException responseException,
HttpChannelFactory factory)
The HTTP request is unauthorized with client
authentication scheme 'Anonymous'. The
authentication header received from
the server was 'Negotiate,NTLM'.
Server stack trace:
at
System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(HttpWebRequest
request, HttpWebResponse response,
WebException responseException,
HttpChannelFactory factory)
Client Bindings:
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IServiceMagicService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
Server Bindings:
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_SEOService" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="999524288" maxReceivedMessageSize="655360000" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="900000" maxArrayLength="900000" maxBytesPerRead="900000" maxNameTableCharCount="900000" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" />
</security>
</binding>
<binding name="WSHttpServiceMagicBinding" closeTimeout="00:10:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" bypassProxyOnLocal="true" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="999524288" maxReceivedMessageSize="655360000" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="900000" maxArrayLength="900000" maxBytesPerRead="900000" maxNameTableCharCount="900000"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
Client's Client Section:
<client>
<endpoint address="http://hydwebd02.solutions.com/GeoService.Saveology.com/ServiceMagicService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IServiceMagicService"
contract="IServiceMagicService" name="WSHttpBinding_IServiceMagicService" />
</client>
Server's Services Section:
<services>
<service behaviorConfiguration="GeoService.Saveology.com.CityStateServiceProviderBehavior"
name="GeoService.Saveology.com.CityStateServiceProvider">
<endpoint binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_SEOService"
contract="SEO.Common.ServiceContract.ICityStateService" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
contract="IMetadataExchange" />
</service>
<service behaviorConfiguration="GeoService.Saveology.com.ServiceMagicServiceProviderBehavior"
name="GeoService.Saveology.com.ServiceMagicServiceProvider">
<endpoint binding="wsHttpBinding" bindingConfiguration="WSHttpServiceMagicBinding"
contract="SEO.Common.ServiceContract.IServiceMagicService">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange" />
</service>
</services>
I didn't have control over the security configuration for the service I was calling into, but got the same error. I was able to fix my client as follows.
In the config, set up the security mode:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
In the code, set the proxy class to allow impersonation (I added a reference to a service called customer):
Customer_PortClient proxy = new Customer_PortClient();
proxy.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
I have a similar issue, have you tried:
proxy.ClientCredentials.Windows.AllowedImpersonationLevel =
System.Security.Principal.TokenImpersonationLevel.Impersonation;
Another possible solution to this error that I found. Might not have answered OP's exact question but may help others who stumble across this error message.
I was creating my Client in code using WebHttpBinding, in order to replicate the following line:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>
I had to do:
var binding = new WebHttpBinding(WebHttpSecurityMode.TransportCredentialOnly);
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
binding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Windows;
as well as setting proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
I had a similar problem and tried everything suggested above. Then I tried changing the clientCreditialType to Basic and everything worked fine.
<basicHttpBinding>
<binding name="BINDINGNAMEGOESHERE" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"></transport>
</security>
</binding>
</basicHttpBinding>
I see this isn't answered yet, this is an exact quote from here:
WSHttpBinding will try and perform an internal negotiate at the SSP layer. In order for this to be successful, you will need to allow anonymous in IIS for the VDir. WCF will then by default perfrom an SPNEGO for window credentials. Allowing anonymous at IIS layer is not allowing anyone in, it is deferring to the WCF stack.
I found this via: http://fczaja.blogspot.com/2009/10/http-request-is-unauthorized-with.html
After googling: http://www.google.tt/#hl=en&source=hp&q=+The+HTTP+request+is+unauthorized+with+client+authentication+scheme+%27Anonymous
Here's what I had to do to get this working. This means:
Custom UserNamePasswordValidator (no need for a Windows account, SQLServer or ActiveDirectory -- your UserNamePasswordValidator could have username & password hardcoded, or read it from a text file, MySQL or whatever).
https
IIS7
.net 4.0
My site is managed through DotNetPanel. It has 3 security options for virtual directories:
Allow Anonymous Access
Enable Basic Authentication
Enable Integrated Windows Authentication
Only "Allow Anonymous Access" is needed (although, that, by itself wasn't enough).
Setting
proxy.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
Didn't make a difference in my case.
However, using this binding worked:
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Windows" />
<message clientCredentialType="UserName" />
</security>
I had the same error today, after deploying our service calling an external service to the staging environment in azure. Local the service called the external service without errors, but after deployment it didn't.
In the end it turned out to be that the external service has a IP validation. The new environment in Azure has another IP and it was rejected.
So if you ever get this error calling external services
It might be an IP restriction.
I had this error too , and finally this codes worked for me in dot net core 3.1
first install svcutil in command prompt : dotnet tool install --global dotnet-svcutil
Then close command prompt and open it again.
Then create the Reference.cs in command prompt :
dotnet-svcutil http://YourService.com/SayHello.svc
(It needs an enter key and UserName and Password)
Add a folder named Connected Services to project root.
Copy Reference.cs file to Connected Services folder.
Add these 4 lines to Reference.cs after lines where creating BasicHttpBinding and setting MaxBufferSize :
result.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
result.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
result.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.None;
result.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
Use this service in your Controller :
public async Task<string> Get()
{
try
{
var client = new EstelamClient();
client.ClientCredentials.UserName.UserName = "YourUserName";
client.ClientCredentials.UserName.Password = "YourPassword";
var res = await client.EmployeeCheckAsync("service parameters");
return res.ToString();
}
catch (Exception ex)
{
return ex.Message + " ************ stack : " + ex.StackTrace;
}
}
Do not forget install these packages in csproj :
<PackageReference Include="System.ServiceModel.Duplex" Version="4.6.*" />
<PackageReference Include="System.ServiceModel.Http" Version="4.6.*" />
<PackageReference Include="System.ServiceModel.NetTcp" Version="4.6.*" />
<PackageReference Include="System.ServiceModel.Security" Version="4.6.*" />
Just got this problem on a development machine (production works just fine). I modify my config in IIS to allow anonymous access and put my name and password as credential.
Not the best way I am sure but it works for testing purposes.
Try providing username and password in your client like below
client.ClientCredentials.UserName.UserName = #"Domain\username";
client.ClientCredentials.UserName.Password = "password";