Trying to get the simple Hello World (via SSL) working but receiving a following error: The remote certificate is invalid according to the validation procedure.
The server App.config is:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="mexBehavior">
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="SSLSecurity">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="mexBehavior" name="HelloServiceLibrary.HelloService">
<clear />
<endpoint address="ws" binding="wsHttpBinding" name="wsEndpoint"
contract="HelloServiceLibrary.IHelloService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="https://localhost:443/hellossl" binding="wsHttpBinding" name="wssslEndpoint"
bindingConfiguration="SSLSecurity" contract="HelloServiceLibrary.IHelloService">
<identity>
<certificateReference x509FindType="FindByThumbprint" findValue="82a39faaeb18bf9585b334ca83264add3d5b26ee" />
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" name="mexEndpoint"
contract="IMetadataExchange">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8989/hello" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
</configuration>
Please advice what am I doing wrong.
Update: the certificate is successfully deployed in Trusted Root Certification Authorities on local computer.
Add this to your WCF config and let me know the output.
<system.diagnostics>
<trace autoflush="true" />
<sources>
<source name="System.Net" maxdatasize="1024">
<listeners>
<add name="MyTraceFile"/>
</listeners>
</source>
<source name="System.Net.Sockets" maxdatasize="1024">
<listeners>
<add name="MyTraceFile"/>
</listeners>
</source>
</sources>
<sharedListeners>
<add
name="MyTraceFile"
type="System.Diagnostics.TextWriterTraceListener"
initializeData="System.Net.trace.log"
/>
</sharedListeners>
<switches>
<add name="System.Net" value="Verbose" />
<add name="System.Net.Sockets" value="Verbose" />
</switches>
</system.diagnostics>
This is a stab in the dark.
Check to make sure you installed it to all users.
Open up MMC
Add Snap In (Certificates)
- Check Computer Account (Next)
- Choose your computer
Done
Now reinstall the cert to "Trusted Root Certification Authorities" and it will be trusted for all users.
Not sure if this may help you but I looked back at how I had my app.config set for a simple secure service I wrote a few weeks ago where I was using certs. Here are a few considerations you may need to make to properly config your config for the service:
<bindings>
<wsHttpBinding>
...
<security>
<transport clientCredentialType="Certificate" />
</security>
</wsHttpBinding>
</bindings>
Now in my config I have an endpoint behavior defined which provides metadata to tell the service what the client will be using for a cert on its side:
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<clientCertificate findValue="WcfClient" storeLocation="LocalMachine" storeName="My"
x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
If all you need is a secure link, i.e. encryption only, no client authentication, then you don't need to set any client credentials. This is all you should have to do:
1. configure IIS to use SSL
2. configure an HTTPS endpoint on your service
3. configure the client to use the above endpoint
That's it. If your certificate is invalid, you might have to do your custom certificate validation as described here: MSDN.
Good luck!
Related
This is similar to: http://social.msdn.microsoft.com/Forums/vstudio/en-US/71c31684-1ce7-4fd9-bf24-674e6dc707bf/the-message-could-not-be-processed?forum=wcf
However, I did not forget an entry like that person did yet I still get the same error.
I get:
System.ServiceModel.FaultException: The message could not be processed. This is most likely because the action 'http://tempuri.org/IBackupServerService/DeleteBySpaceIdProcess' is incorrect or because the message contains an invalid or expired security context token or because there is a mismatch between bindings. The security context token would be invalid if the service aborted the channel due to inactivity. To prevent the service from aborting idle sessions prematurely increase the Receive timeout on the service endpoint's binding.
Note: I'm hosting the service from a console app on a server and then calling the service from a web app located on another server.
My client web.config file looks like: (Note: the "IP address" and "userPrincipalName" are both fictitious for this posting.)
<!-- Specifies the version of WCF to use. -->
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IBackupServerService" >
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://999.999.999.999:8000/Application/BackupServerServiceLibrary/BackupServerService/BackupServerService"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IBackupServerService"
contract="ServiceReference1.IBackupServerService" name="WSHttpBinding_IBackupServerService">
<identity>
<userPrincipalName value="AAAAA5-415-B\jbrown" />
</identity>
</endpoint>
</client>
</system.serviceModel>
My service app.config looks like:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" />
</system.web>
<system.serviceModel>
<services>
<service name="BackupServerServiceLibrary.BackupServerService">
<host>
<baseAddresses>
<add baseAddress = "/BackupServerServiceLibrary/BackupServerService/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<endpoint address="" binding="wsHttpBinding"
contract="BackupServerServiceLibrary.IBackupServerService"
bindingConfiguration="NoSecurity">
<!-- Upon deployment, the following identity element should be removed or replaced
to reflect the identity under which the deployed service runs. If removed,
WCF will infer an appropriate identity automatically. -->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<!-- Metadata Endpoints -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="NoSecurity">
<security mode="None" />
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Any ideas?
I'm trying to synchronize a client database with a central database. I successfully did that using the Synchronization framework as long as both the client and central database are on the same network. However, I need for this to work with the client being outside the network and the firewall. The firewall prevents communications on port 1433, so I started to explore WCF as an option so port 80 is used.
I tried this and put the WCF service under IIS 7:
http://code.msdn.microsoft.com/Database-SyncSQL-Server-e97d1208
but have gotten this error:
Failed: The caller was not authenticated by the service.
I searched high and low for a solution to this error but have found none. Does anyone know a tutorial on how to use the sync framework over WCF?
Here is the web.config file on the IIS server:
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime maxRequestLength="65536" />
<customErrors mode="Off" />
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="WebSyncContract.SqlWebSyncService" name="WebSyncContract.SqlWebSyncService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="largeMessageHttpBinding" contract="WebSyncContract.ISqlSyncContract">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://web-services.hexagroup.us/WebSyncContract.SqlWebSyncService.svc" />
</baseAddresses>
</host>
</service>
<service name="WebSyncContract.SqlSyncProviderProxy" behaviorConfiguration="WebSyncContract.SqlSyncProviderProxy" >
<endpoint contract="IMetadataExchange" binding="mexHttpBinding" address="mex" />
</service>
<service behaviorConfiguration="WebSyncContract.SyncService" name="WebSyncContract.SyncService">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="largeMessageHttpBinding" contract="WebSyncContract.ISyncContract">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<!--<add baseAddress="http://localhost:8080/"/>-->
<add baseAddress="http://web-services.hexagroup.us/WebSyncContract.SqlWebSyncService.svc" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<!-- We are using Server cert only.-->
<binding name="largeMessageHttpBinding" maxReceivedMessageSize="2147483647" receiveTimeout="00:10:00" sendTimeout="00:10:00">
<readerQuotas maxArrayLength="2147483647" />
<!--<reliableSession enabled="true" />
<security mode="None" />-->
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="WebSyncContract.SqlWebSyncService">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True" />
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
<behavior name="WebSyncContract.SqlSyncProviderProxy" >
<serviceMetadata httpGetEnabled="true" />
</behavior>
<behavior name="WebSyncContract.SyncService" >
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
I am trying to set up a web service which is to have a username and password in order to access the service. I am using this link as a guide http://www.codeproject.com/Articles/642997/Generate-username-authentication-based-on-basicHtt
I've hit an area where i cant get around the below error. With my config below i received this error message
The authentication schemes configured on the host ('Anonymous') do not allow those configured on the binding 'BasicHttpBinding' ('Basic'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
My config file is
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="customBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="Project.Services.MyService, Project.Services"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="MyBasicHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="customBehavior" name="Project.Services.MyService">
<endpoint address=""
binding="basicHttpBinding" bindingConfiguration="MyBasicHttpBinding"
contract="Project.Services.Interfaces.ITechnology">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/Service/myService.svc" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<appSettings>
<add key="userName" value="user1"/>
<add key="password" value="password"/>
</appSettings>
</configuration>
The wcf service is to be used with a Windows Phone 8 application. I've read several articles on the error and have set the endpoint address to "" but nothing i've done is working. I've had to go back to the above config as i think i was making too many changes which might just put me on the wrong track.
The service is hosted on my Local IIS (Win 8 64 bit pro + all updates).
Could anyone assist?
According to the error, you need to set up IIS to allow "Basic Authentication" on your service.
In IIS management console, select the authentication tab and set allow "Basic Authentication". Also, disable "Anonymous authentication".
If "Basic Authentication" its not there you need to add this role to your IIS.
Check how to do it here.
I have a silverlight application which fetches data from a WCF Service hosted under a Windows Service. I have enabled Windows Authentication on this WCF service using the below in my App.config.
<system.servicemodel>
<behaviors>
<endpointbehaviors>
<behavior name="webHttpBehavior">
<webhttp />
</behavior>
</endpointbehaviors>
<servicebehaviors>
<behavior name="defaultServiceBehavior">
<servicemetadata httpgetenabled="true" />
<servicedebug includeexceptiondetailinfaults="true" />
</behavior>
</servicebehaviors>
</behaviors>
<bindings>
<basichttpbinding>
<binding name="winAuthBasicHttpBinding" opentimeout="05:00" sendtimeout="05:00">
<security mode="TransportCredentialOnly">
<transport clientcredentialtype="Windows" />
</security>
</binding>
</basichttpbinding>
</bindings>
<servicehostingenvironment aspnetcompatibilityenabled="true" multiplesitebindingsenabled="true" />
<services>
<service behaviorconfiguration="defaultServiceBehavior" name="DataService.CrossDomainService">
<endpoint address="" behaviorconfiguration="webHttpBehavior" binding="webHttpBinding" contract="DataService.ICrossDomainService">
<identity>
<dns value="107.0.0.12" />
</identity>
</endpoint>
<host>
<baseAddresses>
<add baseaddress="http://107.0.0.12:2035/" />
</baseAddresses>
</host>
</service>
<service behaviorconfiguration="defaultServiceBehavior" name="DataService.NewDataService">
<endpoint address="" binding="basicHttpBinding" bindingconfiguration="winAuthBasicHttpBinding" contract="DataService.INewDataService">
<identity>
<dns value="107.0.0.12" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseaddress="http://107.0.0.12:2035/DataService/" />
</baseAddresses>
</host>
</service>
</services>
</system.servicemodel>
Also I have enabled windows authentication in my Web.config as below:
<system.web>
<authentication mode="Windows" />
<identity impersonate="true" />
</system.web>
In IIS my website is running under the ASP.NET Classic App Pool. Under authentication Impersonation(Authenticated User) and Windows Authentication are enabled.
Now the problem is that when I access this Silverlight app using IE8 or Chrome, then I get a Login popup asking for username/ password. Even after entering the details and selecting the "Remember my Credentials" option it popups up again the second time. After entering the details 2nd time, my app opens up and works fine. But once I close the browser and open it again & now try to access my website again, this popup comes up again twice.
So currently every time we open the website we have to deal with the login popup twice before we can use the application.
Any ideas?
I've got a wcf "self-hosted" service up and running and when communicating across machines i get The remote server returned an unexpected response: (405) Method not allowed. message.
This only seems to happen when running the WCF test client connecting to a remote machine. When running on the server, everything communicates fine.
i'm thinking it has something to do with security, but i'm not sure where to look.
Can anyone point out what i'm missing or doing wrong?
below is my server config file
<system.serviceModel>
<protocolMapping>
<remove scheme="http" />
<add scheme="http" binding="customBinding" bindingConfiguration="gzipCompression" />
</protocolMapping>
<bindings>
<customBinding>
<binding name="gzipCompression">
<gzipMessageEncoding />
<httpTransport maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
</bindings>
<extensions>
<bindingElementExtensions>
<add name="gzipMessageEncoding" type="Compression.GZIP.GZipMessageEncodingElement, Compression, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null" />
</bindingElementExtensions>
</extensions>
<behaviors>
<!--<serviceBehaviors>
<behavior name="CadServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false"
httpGetBinding="" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>-->
</behaviors>
<services>
<service behaviorConfiguration="CadServiceBehavior" name="CadServiceLibrary.CadServiceContract">
<endpoint address="com" binding="customBinding" bindingConfiguration="gzipCompression"
name="com" contract="CadServiceLibrary.CadServiceContract" />
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration=""
name="mex" contract="IMetadataExchange" />
<endpoint binding="wsHttpBinding" bindingConfiguration="" name="ws"
contract="CadServiceLibrary.CadServiceContract" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/CadServices" />
<add baseAddress="https://localhost:450/CadServices" />
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
I have seen this before although not sure if it is your problem:
Instead of localhost, put your server's name or IP address. If IP address, make sure the same IP address is selected in IIS (I assume you are hosting this in IIS).
When localhost is used, I have had difficulty in the past accessing it from remote machines - although listening on localhost works fine with TCP.