WCF service problem with SSL - wcf

I have problem with call WCf service over SSL from console app. WCF service is on Windows Server 2003. It's simple math service. The WCF service and client are on the same computer. It's test, I call service on localhost.
web.confing
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<services>
<service name="Service.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior">
<endpoint address="https://machineName/https/calculatorservice.svc" name="myEndpoint" binding="basicHttpBinding"
bindingConfiguration="Binding1" contract="Service.ICalculator"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="Binding1">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceMetadata httpsGetEnabled="true"
httpsGetUrl="https://machineName/https/calculatorservice.svc" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.web>
<compilation debug="true"/></system.web></configuration>
If I call service from Visual Studio examaple : http://localhost:2039/CalculatorService.svc
I get error :
The protocol 'https' is not supported. I think it s ok.
But if I call service from browser I get error :
A registration already exists for URI 'https://machineName/https/CalculatorService.svc'.
What is bad? Can anybody help me, thank you.

Remove the "address" attribute from the endpoint element- when you're hosting in IIS, it automatically supplies this.

Visual Studio Development Server does not support https. You need to host your service in IIS
http://msdn.microsoft.com/en-us/library/vstudio/aa751792(v=vs.100).aspx

Related

WCF web.config file settings for IIS hosting and SSL

After hours of searching for examples, most of which contain only snippets of methods but not the 'whole picture' I am asking for guidance. Starting with the out-of-the-box web.config Visual Studio creates with a new WCF Service, I wrote my basic web service. When you run in debug, WCF Test Client shows the functions that you can test. This is great. Now, wanting to move the code to IIS (first on my local machine, then next to the web server using SSL), I added some code I found on the web. I did have my configuration working at one point but managed to change it so much that I lost the original configurations. So, which that, I have this:
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<protocolMapping>
<add scheme="http" binding="webHttpBinding"/>
</protocolMapping>
<services>
<service name="TaskTrackerAppService.Service1" behaviorConfiguration="">
<endpoint address=""
binding="webHttpBinding"
contract="TaskTrackerAppService.IAppWebService"
behaviorConfiguration="WebBehavior"></endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" bindingConfiguration=""></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="WebBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="TaskTrackerAppService.IAppWebService"></binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="" binding="webHttpBinding"
bindingConfiguration="TaskTrackerAppService.IAppWebService"
contract="TaskTrackerAppService.IAppWebService"></endpoint>
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
I configure my client desktop application service reference to point to the local IP http:192.168.0.100:90/AppWebService.svc. Then when I run my client application I get an error:
Could not find default endpoint element that references contract 'ServiceReference.IAppWebService' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.
So I'd like to get the web.config settings corrected. Then deploy to a hosted IIS service where SSL is ready. As a bonus, is there is way to configure the endpoints such that I can still run debugger and get WCF Test Client. In the once working config WCF test stopped working. Can it support both simple and hosted configurations?
Thanks.
The <client> section in the <system.serviceModel> is used by client application to specify the "ABC" properties (Address, Binding, and Contract) of the service endpoint. You should have that section in your desktop application so you can simply remove it from your server configurations.
The <client> section in the app.config of your desktop application should, however, have the same "ABC" properties as the service endpoint. Since your service binding is webHttpBinding the client should also have webHttpBinding as binding but I can see that the bindingConfiguration it is referring to, TaskTrackerAppService.IAppWebService is actually a basicHttpBinding so that is a misconfiguration.
Further, since your production environment is using SSL so your production web.config should have binding configuration for SSL something similar to this:
<bindings>
<webHttpBinding>
<binding name="webBindingHTTPS">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
with the following endpoint configuration:
<endpoint address=""
binding="webHttpBinding"
contract="TaskTrackerAppService.IAppWebService"
behaviorConfiguration="webBindingHTTPS"></endpoint>
The best way to achieve this is to use web.config transformation syntax. In that case, your Release web.config could have the following elements:
<bindings>
<webHttpBinding>
<binding name="webBindingHTTPS" xdt:Transform="Insert">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<endpoint address="" xdt:Transform="Replace" xdt:Locator="Match(name)"
binding="webHttpBinding"
contract="TaskTrackerAppService.IAppWebService"
behaviorConfiguration="webBindingHTTPS">
</endpoint>
In this way, whenever you project is built in Debug mode it will be configured withoud SSL and whenever is built in Release mode, it will use SSL.

Custom Domain for Azure Cloud Service with SSL

I'm trying to expose an Azure Cloud Service using https with a custom domain, but I get an error: "The requested service, 'https://mydomain.net/myservice.svc' could not be activated. See the server's diagnostic trace logs for more information."
Regarding the custom domain: I've followed the steps at https://www.windowsazure.com/en-us/develop/net/common-tasks/custom-dns/#header-1 for the second option, "A record": in godaddy's Zone File Manager, I have an A record configured for the "#" host that "Points To" myservice's "Public Virtual IP Address" (as found in the Azure portal). It seems to me that the fact I'm getting "the service could not be activated" means the A record is working, but I'm not certain.
Regarding the https: I've followed the steps at http://www.31a2ba2a-b718-11dc-8314-0800200c9a66.com/2011/06/how-to-get-and-install-ssl-certificate.html. In brief: I purchased a cert from godaddy using a CSR from my dev machine for mydomain.net, completed the CSR on my dev machine using the friendly name mydomain.net, exported it to mydomain.net.pfx, using that file, uploaded the cert to my cloud service in Azure and configured my WebRole in VS with the cert, and published the web role project to Azure.
On the client side (WP7):
<bindings>
<basicHttpBinding>
<binding name="BasicHttpsBinding_IMyInterface"
maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpsBinding_IMyInterface"
address="https://mydomain.net/myservice.svc"
contract="MyService.IMyInterface"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpsBinding_IMyInterface" />
</client>
Note: I didn't use CName because my cert isn't for a subdomain and it isn't a wildcard.
From my searches, I get the impression this is working for other folks and I can't figure out what I'm doing differently.
yep - you need a matching endpoint specified in the server config. The following is a complete example of a web.config file for a WCF service using HTTP transport security (from http://msdn.microsoft.com/en-us/library/hh556232.aspx):
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="MySecureWCFService.Service1">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="MySecureWCFService.IService1"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>

wsHttpBinding (with https and aspNetCompatibilityEnabled for routing) metadata error 302

I am working on a WCF service which runs along with ASP.NET MVC 2 application with https port which have been configured using webMatrix-ssl certificate. The service is running perfectly in the browser and could download wsdl as well. But when am trying to load the service into wcftestclient tool and as well as my own client, getting the below error.
Error: Cannot obtain Metadata from 'localhost:44300/MyService' If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: localhost:44300/MyService Metadata contains a reference that cannot be resolved: 'localhost:44300/MyService'. The remote server returned an unexpected response: (302) Found. Too many automatic redirections were attempted.HTTP GET Error URI: localhost:44300/MyService There was an error downloading 'localhost:44300/MyService'. The request failed with the error message:--"
I had added the attribute aspNetCompatibilityEnabled="true" for wcf service routing, if that attribute has been removed all works fine. Initially this service has been configured with basicHttpBinding & had this same issue. After reading this article, I have changed to wshttpBinding as suspected binding could also be the problem, still am getting the same issue, below is my web.config.
Could anyone of you please help me to repair this?
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="ExceptionBehavior" type="ServiceExceptionHander.ExceptionHandlerBehaviorExtension, ServiceExceptionHandler" />
</behaviorExtensions>
</extensions>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true" />
<ExceptionBehavior />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="ServiceImplementation.MyService" behaviorConfiguration="ServiceBehavior">
<endpoint binding="wsHttpBinding" bindingConfiguration="securityBinding" contract="ServiceContracts.IMyServiceContracts"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="securityBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true">
<serviceActivations>
<add factory="System.ServiceModel.Activation.ServiceHostFactory" service="ServiceImplementation.MyService" relativeAddress="MyService.svc"/>
</serviceActivations>
</serviceHostingEnvironment>
</system.serviceModel>

The remote server returned an error: (413) Request Entity Too Large + WCF

May be this question is a duplicate. I have a WCF upload service through which the client uploads a particular file to the server.
I could successfully send files of size 12MB through the service.
Now I have integrated a self certified SSL certificate to the WCF Service. The same application which was working fine without SSL now returns an error saying Remote server returned an error (413) request entity too large.
how do I fix this error is this something to do with SSL ?
where am I going wrong.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="customHttpBinding" openTimeout="00:10:00" sendTimeout="00:10:00"
maxReceivedMessageSize="10067108864"
messageEncoding="Mtom" transferMode="Streamed">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="customServiceBehavior">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="customServiceBehavior" name="FileTransferService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="customHttpBinding"
contract="IFileTransferService" />
</service>
</services>
thanks
This seems to be the ticket to fixing the 413 Request Entity too large error with WCF over HTTPS
C:\Windows\System32\inetsrv>appcmd.exe set config "Default Web Site" -section:system.webServer/serverRunTime /uploadReadAheadSize:10485760 /commit:apphost
The reason seems to be related to how IIS handles authentication of incoming requests over SSL.
Another resource: http://blogs.msdn.com/b/jiruss/archive/2007/04/13/http-413-request-entity-too-large-can-t-upload-large-files-using-iis6.aspx
I just spent most of my afternoon tracking this problem down...many other suggestions didn't help me much but this certainly did, so hopefully this will get you fixed up.

IIS hosted WCF service with digest authentification

I want to create a WCF service hosted in IIS 7.5 and I want to use digest authentification over http.
I have setup digest on virtual directory but when I try to access the service I always get error:
this service require 'Anonymous' Authentication but it is not enabled
for the IIS application that hosts this service
This is my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_IServisTest">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Digest"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="ServisService.ServisTest"
behaviorConfiguration="ServisService.ServisTestBehavior">
<endpoint
address=""
binding="basicHttpBinding" bindingConfiguration="basicHttpBinding_IServisTest"
contract="ServisService.IServistest" >
</endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServisService.ServisTestBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I'm using http not https.
For this I guess Security Mode should be transport
<security mode="Transport">
This post might help you.