here's the setup for the project.
I have a WCF Service that is hosted on a net.tcp binding in buffered mode and ReliableSession enabled.
The binding is configured to use TransportWithMessageCredential security. The certificate is a self signed certificate that I am identifying using the Thumbprint.
The UserNameValidator is a custom validator which for testing, never fails (it wasn't failing before but I removed the uncertainty)
The service and client are on the same machine and they both have access to the certificate.
The problem:
I am receiving a Socket Aborted exception when trying to consume a Method from the service. Here is the code I use to open a connection to the service. MonitorServiceCallbacks only contains empty methods to fulfil the requirements of the Interface.
_instanceContext = new InstanceContext(new MonitorServiceCallbacks());
_serviceInterface = new MonitorCallbackServiceClient(_instanceContext);
_serviceInterface.ClientCredentials.UserName.UserName = Environment.MachineName;
_serviceInterface.ClientCredentials.UserName.Password = "myPassword";
_serviceInterface.Open();
This appears to work fine as the _serviceInterface.State variable is set to State.Opened and the custom validator is called and returns without exception.
However, if I try to call a method using the _serviceInterface proxy, no code that I can break into is run on the service and the tracelog reveals no errors apart from a SocketAborted exception which occurs 1 minute after receiving what appears to be the message for the method.
There is no InnerException.
I have tried to google the issue but the results tend to say "just disable security and it will work fine". Unfortunately, this cannot be done.
I am extremely confused by this issue and any help would be greatly appreciated.
Many thanks,
Ehrys
This was actually a serialisation error.
The object I was trying to send to the service inherited from the data contract. So I was trying to send a cast down to the data contract to the service.
WCF doesn't appear to allow this.
I would like to thank John Saunders for reminding me that not only the service can have tracing enabled. Enabling client side tracing would have saved me a lot of time.
I was attempting to do the following:
_serviceInterface.Register((MyDataContract)MyParentObject, aVariable, anotherOne);
What I needed to do:
MyDataContract tempContract = MyParentObject.CreateMyDataContract();
_serviceInterface.Register(tempContract, aVariable, anotherOne);
/* Note: MyParentObject.CreateMyDataContract() is my own method which creates an instance
of the MyDataContract and copies the relevant information to it */
Related
I have a .net core service that needs to send a request via nservicebus.
I resolve IMessageSession with DI and send a request like this:
var response = await messageSession.Request<CreateDeviceResponse>(request);
In the logs I see that another service received this request and send a reply:
The problem that I never receive a response.
Client receive such errors:
I know that such an issue can occur if the client and server endpoint names are same, but I checked and I use different names
asp net mvc 4.7.2
First of all, the message isn't lost, but in the error queue.
I suggest to follow the tutorial to understand how NServiceBus works and what you need to have in place where. The tutorials start here but an entire learning path starts here and it explains broader, including about general concepts and architecture.
Like #tchelidze mentions, you need to have an implementation of the IHandleMessages<CreateDeviceReponse> interface, like is outlined here in the tutorial. Also, it doesn't matter to which endpoint you send it to. EndpointA can send to both EndpointB and EndpointA. What you cannot do is have two endpoints with the same name. It's like having two computers with the same name called MachineA and then from MachineB try to access files on MachineA. Which of the two should MachineB connect to? There is something else called 'competing consumer pattern', but that's of later concerns ;-)
If you need more help, feel free to ask at https://discuss.particular.net/ where more NServiceBus community members are located, as well as engineers of NServiceBus itself.
For some reason, it helped to make a request inside a task:
Task.Run(async () => await messageSession.Request<CreateDeviceResponse>(request))
I still not understand what is the problem, but it works only with such implementation.
In .net core web API, it works even without Task.Run, so I believe it has something to do with the fact that I am making this request in asp net mvc 4.7.2
This seems to be a common error (there are other posts with similar issues) - however, I have gone through all those posts and MSDN articles ( https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/working-with-certificates ).
Scenario: Trying to access a service with an HTTPS end point.
Setting the client certificate in code (certificate is loading correctly).
As for the Server cert, I have tried both the options below:
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerOrChainTrust;
I have imported the server certificate to Personal as well as machine store (Trusted Root certificate authorities / certificates).
The weird thing is the call is going through when I use Charles Proxy as the SSL proxy.
Other settings:
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Ssl3;
ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) =>
{
//Console.WriteLine(cert.GetCertHashString());
if (cert.GetCertHashString() == "[actual hash here]")
return true;
else
return false;
};
The above Hash check works fine when Charles proxy is running. Without the proxy running, the callback does not even get called.
Any feedback is appreciated.
(It may be worthwhile to note that a Java client using Apache CXF library works fine - against the same service.)
Update:
For completeness, the original error also had this text:
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
OK, after days(& nights) of head banging, the following are my musings / findings (& of course the solution !):
There is "SSL" and then there is SSLv2, SSLv3, TLSv1.0, TLSv1.1, TLS1.2 & TLSv1.3 (draft as of now).
It is critical that the server and client are able to negotiate & pick one of these versions to successfully communicate.
The HTTP.SYS error seems to be a result of the client not being able to negotiate with the server on the appropriate version. When going through Charles proxy, it was clear that both Charles and the service we were trying to hit, were using TLSV1.1.
In my case, I was using wsHTTPBinding & though I tried setting the System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls; and other combinations, I could never get the HTTP.SYS error to go away. It would seem that the server and the client could never pick a version that they could agree on.
I did try using other bindings such as basicHttpBinding (with TransportWithMessageCredential) as well as basicHttpsBinding, but to no avail. What's more with some minor tweaks in the binding elements (through config & code) in each case, I ended with exactly the same binding configuration in all 3 cases (basicHttp/basichHttps/wsHttp bindings)! In essence, while there are these out-of-the-box bindings, they probably work for the most simple of scenarios. What's more, there is probably no need for so many of these pre-packaged bindings, especially as they seem to be using mostly the same binding elements.
I did remember reading that using a custom binding is better in many cases - but I imagined that by customizing a wsHttpBinding I would be achieving the same thing. Looks not - as there are some hard-coded properties (e.g.: default SSL protocols) in this binding that seem difficult to get around. I did take a look at the source code of wsHttpBinding and its base class, but could not find the exact hard coded location (but there are references to "default" protocols in the System.ServiceModel code).
In the end a "CustomBinding" worked for me, configured like so:
Custom Binding configuration
- Sorry for including this as an image - as the formatting on SO was playing up.
The idea is to use httpsTransport with requireClientCertificate, security with authenticationMode="CertificateOverTransport" & includeTimestamp="true" (our service required Timestamp) and the relevant messageSecurityVersion - in our case it was:
WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10.
The above configurations automatically signed the Timestamp as well.
On top of this we had to include the username / password credentials. Simply setting the client.ClientCredentials.UserName.UserName & client.ClientCredentials.UserName.Password did not result in these credentials included in the Security header. The logic was to add the username "token" as well, like so:
//Get the current binding
System.ServiceModel.Channels.Binding binding = client.Endpoint.Binding;
//Get the binding elements
BindingElementCollection elements = binding.CreateBindingElements();
//Locate the Security binding element
SecurityBindingElement security = elements.Find<SecurityBindingElement>();
//This should not be null - as we are using Certificate authentication anyway
if (security != null)
{
UserNameSecurityTokenParameters uTokenParams = new UserNameSecurityTokenParameters();
uTokenParams.InclusionMode = SecurityTokenInclusionMode.AlwaysToRecipient;
security.EndpointSupportingTokenParameters.SignedEncrypted.Add(uTokenParams);
}
client.Endpoint.Binding = new CustomBinding(elements.ToArray());
With all this setup, I was able to finally hit the Service and actually get the result - well, almost ! - as the result does not include a Timestamp, which WCF is throwing up as an exception. That is another problem to solve though.
Hopefully readers find this useful.
Update:
Now the Timestamp issue is also "sorted". The thing is the response lacked any security header, not just the timestamp. Thankfully there was a straightforward way to notify WCF to ignore unsecure responses, by simply marking an attribute on the security element: enableUnsecuredResponse="true". Obviously this is not desirable, but as we do not have any control on the service, this is the best we can do at the moment.
I have a windows service, which acts as a propagator for data received from external source. This windows service hosts WCF ServiceHost with NetNamedPipeBinding(). ServiceContract also defines CallbackContract
There is also a client DLL component, which consumes the server and bubbles up parsed data as an event. Data is bubbled upon receiving callback from the server.
The code works in desktop app, however when I try to reference client DLL in WinRT app I get following error:
The pipe name could not be obtained for the pipe URI: Access is denied. (5, 0x5)
I presume this is because WinRT (to my knowledge) lacks support for named pipes.
How to go about consuming such service in WinRT? I can alter WCF side to any requirement, but it has to be hosted as windows service (it has non WinRT consumers). Communication will always occur within the same machine, polling is the last resort.
First you need to switch to basicHttpBinding, because net.namedpipe is not supported.
Actually supported are BasicHttpBinding, NetTcpBinding, NetHttpBinding
Secondly in WinRT there's a policy in place, which prevents you from accessing localhost over the network stack.
To overcome this security policy you need to add a LoopbackExempt for your app.
CheckNetIsolation.exe LoopbackExempt -s
See details on MSDN:
http://msdn.microsoft.com/en-us/library/windows/apps/Hh780593.aspx
For the duplex way either POLLING is an aption (only works, when the app is focused).
Or using push notifications: http://blogs.msdn.com/b/jimoneil/archive/2012/10/15/windows-8-notifications-push-notifications.aspx
Use the HttpClient class.. that's the only simple workaround, and works as well.
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("text/xml"));
httpClient.DefaultRequestHeaders.Add("SOAPAction", "http://ws.cdyne.com/WeatherWS/GetCityWeatherByZIP");
var soapXml = "<?xml version=\"1.0\" encoding=\"utf-8\"?><soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"><soap:Body><GetCityWeatherByZIP xmlns=\"http://ws.cdyne.com/WeatherWS/\"><ZIP>23454</ZIP></GetCityWeatherByZIP></soap:Body></soap:Envelope>";
var response = httpClient.PostAsync("http://wsf.cdyne.com/WeatherWS/Weather.asmx", new StringContent(soapXml, Encoding.UTF8, "text/xml")).Result;
var content = response.Content.ReadAsStringAsync().Result;
Try this? I hope this is what you're looking for - https://quirkd.wordpress.com/2015/01/24/shorts-consuming-a-wcf-asmx-web-service-in-winrt/
I am trying to call a wcf service over https and have followed the suggested setup from here. It works fine over http, but I get a RemoteCertificateNameMismatch error over https which I am handling with this (as suggested) -
System.Net.ServicePointManager.ServerCertificateValidationCallback +=
(se, cert, chain, sslerror) => { return true; };
I later get a 415 unsupported media type error which I can't figure out. I have a win .net test client that is able to call the service and receive results, but from monotouch I can't get it to work. Has anyone been able to do this successfully and wouldn't mind pasting an example?
Any help is much appreciated!
HTTP error codes comes from the server side. Of course the client configuration may play a role into this.
If possible switch to HTTP and compare sessions (e.g. using wireshark) between your Windows's and MonoTouch clients. Doing so in HTTPS may tell you a few things but that's less likely to be helpful.
Also check for similars 415 errors affecting other (non-MonoTouch) projects. Since the error comes the server the information they provide might help you find what's going on.
I am working to integrate data from an external web service in the client side of my appliction. Someone asked me to test the condition when the service is unavailable or down. Anyone have any tips on how to block this site temporarily while we run the test to see how the service degrades?
For those curious we are testing against Virtual Earth, but Google Maps but this would apply to any equally complicated external service.
any thoughts and suggestions are welcome
Create some Mock-Webservice class or interface (and inject it). In there, you could test the response of your system to webservice failures and also what happens, if a web-service request take longer than expected or actually time-out.
DeveloperWorks article on mock testing: http://www.ibm.com/developerworks/library/j-mocktest.html
You need to be sure to test the most common failure modes for this:
DNS lookup fails
IP connection fails (once DNS lookup succeeds)
HTTP response other than 200
HTTP response incomplete or timeout
HTTP response 200 but RPC or document returned is invalid
Those are just a few common failure modes I could think of that will all manifest themselves with different behaviors that you may wish to have your application handle explicitly.
If you set up a computer between the caller and service that routes between them, you can simulate each of these failure modes distinctly and modify your application to handle them.
How about blocking the domain name(s) in question by putting a nonsense entry into the hosts file?