Related
I'm consuming a third-party's web service with WCF. I've got a PFX certificate file that I'm attaching via the ClientCredentials.ClientCertificate.SetCertificate method. I'm using the "Message Security Version" WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10.
Everything works fine. Now the third-party's certificate is expiring so they've issued a new one. However, this time it's a P7B file with just the public key.
When I try to use this certificate, I get a NotSupportedException with the message "The private key is not present in the X.509 certificate."
No part of my code is supplying the private key password, so I'm assuming this means that the private key is not being used. If this is the case, how can I consume this web service using only the public key? Or have I misunderstood something? (very likely)
EDIT
Ok, here's some code. The service client class I'm using was generated by svcutil and has been modified via a partial class to implement IDisposable. These are the relevant fragments:
private ServiceResponse CallService(ServiceParameters serviceParameters)
{
...
using (var client = new ThirdPartyServiceClient())
{
SetClientCredentials(client);
client.RemoteCall(serviceParameters);
}
...
}
private void SetClientCredentials(ThirdPartyServiceClient client)
{
if (client.ClientCredentials == null)
{
throw new InvalidOperationException("ClientCredentials was null and certificate could not be set");
}
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
_configuration.CertificateSubject);
}
And this is my WCF config:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="ThirdPartyServiceBinding">
<security includeTimestamp="true" enableUnsecuredResponse="true" authenticationMode="CertificateOverTransport" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" />
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<httpsTransport requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://third-party.com/service" binding="customBinding" bindingConfiguration="ThirdPartyServiceBinding" contract="Namespace.To.ProxyClasses" name="ThirdPartyService" />
</client>
</system.serviceModel>
The exception is thrown by the client.RemoteCall(serviceParameters); call, and the stack trace is
Server stack trace:
at System.IdentityModel.Tokens.X509AsymmetricSecurityKey.GetSignatureFormatter(String algorithm)
at System.IdentityModel.SignedXml.ComputeSignature(SecurityKey signingKey)
at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CompletePrimarySignatureCore(SendSecurityHeaderElement[] signatureConfirmations, SecurityToken[] signedEndorsingTokens, SecurityToken[] signedTokens, SendSecurityHeaderElement[] basicTokens, Boolean isPrimarySignature)
at System.ServiceModel.Security.WSSecurityOneDotZeroSendSecurityHeader.CreateSupportingSignature(SecurityToken token, SecurityKeyIdentifier identifier)
at System.ServiceModel.Security.SendSecurityHeader.SignWithSupportingToken(SecurityToken token, SecurityKeyIdentifierClause identifierClause)
at System.ServiceModel.Security.SendSecurityHeader.SignWithSupportingTokens()
at System.ServiceModel.Security.SendSecurityHeader.CompleteSecurityApplication()
at System.ServiceModel.Security.SecurityAppliedMessage.OnWriteMessage(XmlDictionaryWriter writer)
at System.ServiceModel.Channels.BufferedMessageWriter.WriteMessage(Message message, BufferManager bufferManager, Int32 initialOffset, Int32 maxSizeQuota)
at System.ServiceModel.Channels.TextMessageEncoderFactory.TextMessageEncoder.WriteMessage(Message message, Int32 maxMessageSize, BufferManager bufferManager, Int32 messageOffset)
at System.ServiceModel.Channels.HttpOutput.SerializeBufferedMessage(Message message, Boolean shouldRecycleBuffer)
at System.ServiceModel.Channels.HttpOutput.Send(TimeSpan timeout)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.SendRequest(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.SecurityRequestChannel.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at Namespace.To.ProxyClasses.ThirdPartyService.RemoteCall(ServiceParameters request)
[back up the normal call hierarchy of my code]
With message security, you sign a document with your private key, and you encrypt a document with the other parties public key. They can decrypt it with their private key, and they can verify your signature with your public key. It sounds like they replaced their key so they provided you their new public key. If their public key doesn't have a publicly verifiable chain of trust, then you need to install their public key in your local certificate store as a trusted key. If you don't do this and they aren't publicly verifiable, you will get an exception about being unable to verify the chain trust. If it is your key which is expiring, then they need a public key to identify you, and you need the private half which they shouldn't have.
I am new to the AWC/EC2 environment and created a .Net WCF service on my EC2 instance of Windows Server and IIS.
Navigating to http://www.websiteservice.com/MyWebsiteFeederService.svc?wsdl brings up the WSDL.
Now, in www.mywebsite.com, that is also sitting on the same machine, I have consumed the web service. Unfortunately whenever I try to access the service through the site, I continue to receive the "Access is Denied" error message:
Exception Details:
System.ServiceModel.Security.SecurityAccessDeniedException: Access is
denied.
I don't believe this is related to the AWS-S3 error - Access is Denied error, as I am not using buckets.
In the site's Web.config, I turned on the trace listener and took a look at the Service Trace Viewer.
The information doesn't seem to be useful, as this is what I get:
[TraceRecord] Severity Warning
TraceIdentifier http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx
Description Throwing an exception.
AppDomain /LM/W3SVC/4/ROOT-2-129966419874659765
Here is the full XML of Warning level:
<E2ETraceEvent xmlns="http://schemas.microsoft.com/2004/06/E2ETraceEvent">
<System xmlns="http://schemas.microsoft.com/2004/06/windows/eventlog/system">
<EventID>131075</EventID>
<Type>3</Type>
<SubType Name="Warning">0</SubType>
<Level>4</Level>
<TimeCreated SystemTime="2012-11-06T02:19:47.8029428Z" />
<Source Name="System.ServiceModel" />
<Correlation ActivityID="{b6efab70-63ad-4bdd-85c6-5c49a907c210}" />
<Execution ProcessName="w3wp" ProcessID="3472" ThreadID="1" />
<Channel />
<Computer>AMAZONA-xxxxxFFR</Computer>
</System>
<ApplicationData>
<TraceData>
<DataItem>
<TraceRecord xmlns="http://schemas.microsoft.com/2004/10/E2ETraceEvent/TraceRecord" Severity="Warning">
<TraceIdentifier>http://msdn.microsoft.com/en-US/library/System.ServiceModel.Diagnostics.ThrowingException.aspx</TraceIdentifier>
<Description>Throwing an exception.</Description>
<AppDomain>/LM/W3SVC/4/ROOT-2-129966419874659765</AppDomain>
<Exception>
<ExceptionType>System.ServiceModel.Security.SecurityAccessDeniedException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089</ExceptionType>
<Message>Access is denied.</Message>
<StackTrace>
at System.ServiceModel.Channels.ServiceChannel.ThrowIfFaultUnderstood(Message reply, MessageFault fault, String action, MessageVersion version, FaultConverter faultConverter)
at System.ServiceModel.Channels.ServiceChannel.HandleReply(ProxyOperationRuntime operation, ProxyRpc& rpc)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at MyWebsiteFeederService.IFeederService.GetWebsiteConfiguration(String websiteGuid, String websitePW)
at MyWebsiteFeederService.FeederServiceClient.GetWebsiteConfiguration(String websiteGuid, String websitePW)
at Inquiro.Models4.ModelsBaseClass.GetWebsiteConfiguration(String websiteGuid, String websitePW)
at Inquiro.Websites.MvcApplication.LoadWebsiteConfiguration()
at Inquiro.Websites.MvcApplication.Application_Start()
at System.RuntimeMethodHandle._InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
at System.RuntimeMethodHandle.InvokeMethodFast(IRuntimeMethodInfo method, Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeType typeOwner)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
at System.Reflection.MethodBase.Invoke(Object obj, Object[] parameters)
at System.Web.HttpApplication.InvokeMethodWithAssert(MethodInfo method, Int32 paramCount, Object eventSource, EventArgs eventArgs)
at System.Web.HttpApplication.ProcessSpecialRequest(HttpContext context, MethodInfo method, Int32 paramCount, Object eventSource, EventArgs eventArgs, HttpSessionState session)
at System.Web.HttpApplicationFactory.EnsureAppStartCalledForIntegratedMode(HttpContext context, HttpApplication app)
at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
</StackTrace>
<ExceptionString>System.ServiceModel.Security.SecurityAccessDeniedException: Access is denied.</ExceptionString>
</Exception>
</TraceRecord>
</DataItem>
</TraceData>
</ApplicationData>
</E2ETraceEvent>
I have the exact same service running on another, non-Amazon server and it is working fine. I don't recall setting up any special permissions, or "run as [user]" - have no additional users setup in IIS Manager Permissions.
I have also confirmed from the command prompt on that server, using sqlcmd, that I can connect to the RDS database server.
I'm basically going in circles at this point and would appreciate some assistance.
Thanks.
The error itself "Access is denied." isn't very helpful. Neither is the debug information.
Ultimately, in this case, the issue was that execute permissions needed to be granted to the userID that was executing the stored procedures called from the WCF service.
Despite many searches and read articles such as this: Exploring the WCF Named Pipe Binding - Part 1(part 2 and 3 inclusively), I haven't been able to make my service work properly.
Here's my config:
<system.serviceModel>
<client>
<endpoint address="net.pipe://localhost/GlobalPositioningService"
binding="netNamedPipeBinding"
contract="GI.Services.GlobalPositioning.Contracts.IGlobalPositioning" />
</client>
<services>
<service name="GI.Services.GlobalPositioning.Services.GlobalPositioningService">
<endpoint address=""
binding="wsHttpBinding"
contract="GI.Services.GlobalPositioning.Contracts.IGlobalPositioning">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="net.pipe://localhost/GlobalPositioningService"
binding="netNamedPipeBinding"
contract="GI.Services.GlobalPositioning.Contracts.IGlobalPositioning" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/GlobalPositioningService/"/>
</baseAddresses>
</host>
</service>
</services>
Then, I try to test my service through Named Pipes:
[TestFixture]
public class GlobalPositioningServiceTests {
[TestFixtureSetUp]
public void SetUpHost() {
var channelFactory = new ChannelFactory<IGlobalPositioning>(binding, new EndpointAddress(address));
channelFactory.Open();
service = channelFactory.CreateChannel();
}
private const string address = "net.pipe://localhost/GlobalPositioningService";
private static readonly Binding binding = new NetNamedPipeBinding();
private static IGlobalPositioning service;
}
And I have also tried another way using a ServiceHost instance:
[TestFixtureSetUp]
public void SetUpHost() {
host = new ServiceHost(typeof(GlobalPositioningService));
host.AddServiceEndpoint(typeof(IGlobalPositioning), binding, address);
host.Open();
service = new GlobalPositioningService();
}
And I always obtain this error with stack trace:
Error 2 Test 'GI.Services.GlobalPositioning.Services.Tests.GlobalPositioningServiceTests.GetGlobalPositionWorksWithDiacriticsInMunicipalityName("143, rue Marcotte, Sainte-Anne-de-la-P\x00E9rade",46.5736528d,-72.2021346d)' failed:
System.ServiceModel.EndpointNotFoundException : There was no endpoint listening at net.pipe://localhost/GlobalPositioningService that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
----> System.IO.PipeException : The pipe endpoint 'net.pipe://localhost/GlobalPositioningService' could not be found on your local machine.
Server stack trace:
at System.ServiceModel.Channels.PipeConnectionInitiator.GetPipeName(Uri uri)
at System.ServiceModel.Channels.NamedPipeConnectionPoolRegistry.NamedPipeConnectionPool.GetPoolKey(EndpointAddress address, Uri via)
at System.ServiceModel.Channels.CommunicationPool`2.TakeConnection(EndpointAddress address, Uri via, TimeSpan timeout, TKey& key)
at System.ServiceModel.Channels.ConnectionPoolHelper.EstablishConnection(TimeSpan timeout)
at System.ServiceModel.Channels.ClientFramingDuplexSessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOpenOnce.System.ServiceModel.Channels.ServiceChannel.ICallOnce.Call(ServiceChannel channel, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.CallOnceManager.CallOnce(TimeSpan timeout, CallOnceManager cascade)
at System.ServiceModel.Channels.ServiceChannel.EnsureOpened(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at GI.Services.GlobalPositioning.Contracts.IGlobalPositioning.GetGlobalPosition(String mailingAddress)
at GI.Services.GlobalPositioning.Services.Tests.GlobalPositioningServiceTests.GetGlobalPositionWorksWithDiacriticsInMunicipalityName(String address, Double latitude, Double longitude) in C:\Open\Projects\Framework\Src\GI.Services\GI.Services.GlobalPositioning.Services.Tests\GlobalPositioningServiceTests.cs:line 27
--PipeException C:\Open\Projects\Framework\Src\GI.Services\GI.Services.GlobalPositioning.Services.Tests\GlobalPositioningServiceTests.cs 27
For your information, I'm using:
Visual Studio 2010
Windows 7
NUnit
And my service is contained within a WCF Service Library.
It seems that you are attempting to do integration testing with a running instance of your service using the netNamedPipesBinding. To do this, you need to have both a service host providing an instance of your service and a service proxy instance to use for making calls to the service. You could try combining both the code in both of your sample TestFixtureSetup methods so that you are instantiating both the service host and the service proxy (the result of the CreateChannel method). For an example of how to do this, look at this blog post.
I've a Windows based application using a WCF service hosted in IIS of development server. I'm calling a method defined in the service to run an SSIS package at the SQL database. The method returns success or failure to the client based on whether the package is executed successfully or not.
The package gets executed at the database successfully at all times but the service throws this error ONLY when the package takes longer than roughly 10 mins to execute. Otherwise I do not get this error.
I've already tried the following with no success:-
Increase the client timeouts in the app.config to higher value like 20 mins.
Increase the httpRuntime executionTimeout value in the web.config to a high value like 7200 secs.
The tracelog contains the following error:-
Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security.
stack trace:
System.ServiceModel.Security.SecurityStandardsManager.CreateReceiveSecurityHeader(Message message, String actor, SecurityAlgorithmSuite algorithmSuite, MessageDirection direction)
System.ServiceModel.Security.MessageSecurityProtocol.CreateSecurityHeader(Message message, String actor, MessageDirection transferDirection, SecurityStandardsManager standardsManager)
System.ServiceModel.Security.MessageSecurityProtocol.ConfigureReceiveSecurityHeader(Message message, String actor, SecurityProtocolCorrelationState[] correlationStates, SecurityStandardsManager standardsManager, IList1& supportingAuthenticators)
System.ServiceModel.Security.InitiatorSessionSymmetricMessageSecurityProtocol.VerifyIncomingMessageCore(Message& message, String actor, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
System.ServiceModel.Security.MessageSecurityProtocol.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState[] correlationStates)
System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.VerifyIncomingMessage(Message& message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)
System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.ProcessIncomingMessage(Message message, TimeSpan timeout, SecurityProtocolCorrelationState correlationState, MessageFault& protocolFault)
System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.ProcessRequestContext(RequestContext requestContext, TimeSpan timeout, SecurityProtocolCorrelationState correlationState)
System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.ReceiveInternal(TimeSpan timeout, SecurityProtocolCorrelationState correlationState)
System.ServiceModel.Security.SecuritySessionClientSettings1.SecurityRequestSessionChannel.CloseOutputSession(TimeSpan timeout)
System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.CloseSession(TimeSpan timeout, Boolean& wasAborted)
System.ServiceModel.Security.SecuritySessionClientSettings1.ClientSecuritySessionChannel.OnClose(TimeSpan timeout)
System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
System.ServiceModel.Channels.ServiceChannel.OnClose(TimeSpan timeout)
System.ServiceModel.Channels.CommunicationObject.Close(TimeSpan timeout)
System.RuntimeMethodHandle._InvokeMethodFast(Object target, Object[] arguments, SignatureStruct& sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
System.RuntimeMethodHandle.InvokeMethodFast(Object target, Object[] arguments, Signature sig, MethodAttributes methodAttributes, RuntimeTypeHandle typeOwner)
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture, Boolean skipVisibilityChecks)
System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
System.ServiceModel.Channels.ServiceChannelProxy.ExecuteMessage(Object target, IMethodCallMessage methodCall)
System.ServiceModel.Channels.ServiceChannelProxy.InvokeChannel(IMethodCallMessage methodCall)
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
System.ServiceModel.ClientBase1.System.ServiceModel.ICommunicationObject.Close(TimeSpan timeout)
System.ServiceModel.ClientBase1.Close()
MemberPlus.MemberPlusShared.ServiceProxy`1.Dispose()
MemberPlusDataLoads.DataLoads.ProcessData()
MemberPlusDataLoads.DataLoads.DoProcessData()
System.Threading.ThreadHelper.ThreadStart_Context(Object state)
System.Threading.ExecutionContext.runTryCode(Object userData)
System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
System.Threading.ThreadHelper.ThreadStart()
I also get the following error:
The underlying connection was closed: A connection that was expected to be kept alive was closed by the server.
stack trace :
System.ServiceModel.Channels.HttpChannelUtilities.ProcessGetResponseWebException(WebException webException, HttpWebRequest request, HttpAbortReason abortReason)
System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
System.ServiceModel.Channels.ClientReliableChannelBinder1.RequestClientReliableChannelBinder1.OnRequest(TRequestChannel channel, Message message, TimeSpan timeout, MaskingMode maskingMode)
System.ServiceModel.Channels.ClientReliableChannelBinder1.Request(Message message, TimeSpan timeout, MaskingMode maskingMode)
System.ServiceModel.Channels.ClientReliableChannelBinder1.Request(Message message, TimeSpan timeout)
System.ServiceModel.Security.SecuritySessionClientSettings`1.SecurityRequestSessionChannel.Request(Message message, TimeSpan timeout)
System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs)
System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
IDataLoadService.LaunchPackage(String sourceType, String packageName, Int32 fileId, Int32 ign)
DataLoadServiceClient.LaunchPackage(String sourceType, String packageName, Int32 fileId, Int32 ign)
MemberPlusDataLoads.DataLoads.ProcessData()
MemberPlusDataLoads.DataLoads.DoProcessData()
System.Threading.ThreadHelper.ThreadStart_Context(Object state)
System.Threading.ExecutionContext.runTryCode(Object userData)
System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode code, CleanupCode backoutCode, Object userData)
System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state)
System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
System.Threading.ThreadHelper.ThreadStart()
My app.config :-
<
binding name="WSHttpBinding_IDataLoadService" closeTimeout="00:12:00"
openTimeout="00:12:00" receiveTimeout="00:12:00" sendTimeout="00:12:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<
readerQuotas maxDepth="32" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<
reliableSession ordered="true" inactivityTimeout="00:20:00"
enabled="false" />
<
security mode="Message">
<
transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<
message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
<
endpoint address="http://testappdbd/MemberPlusService/DataLoadService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IDataLoadService"
contract="IDataLoadService" name="WSHttpBinding_IDataLoadService">
<
identity>
<
userPrincipalName value="testappdbd\ASPNET" />
The web.config:
<
system.web> <
httpRuntime maxRequestLength="2097151"
executionTimeout="7200"
useFullyQualifiedRedirectUrl="false"
minFreeThreads="8"
minLocalRequestFreeThreads="4"
appRequestQueueLimit="100" />
<
compilation debug="false" />
<
wsHttpBinding>
<
binding name="DLBinding"
maxReceivedMessageSize="2147483647" >
<
behavior name="DLServiceBehavior">
<
serviceMetadata httpGetEnabled="true" />
<
serviceDebug includeExceptionDetailInFaults="true" />
<
dataContractSerializer maxItemsInObjectGraph="2147483647" />
<
service name="DataLoadsService.ServiceImplementation.DataLoadsService" behaviorConfiguration ="DLServiceBehavior"> <
endpoint address="" binding="wsHttpBinding" bindingConfiguration="DLBinding"
contract="DataLoadsService.ServiceContract.IDataLoadService" />
<
endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
I used breakpoints at client side method which calls the service to see what's happening and i find that the client side connection remains open for entire length of time set under timeouts (12 mins) but the server side does not return the message.
Any thoughts on where the problems might be and the solution?
It may be a mismatch between the configuration on the client and the server.
Try putting all your configuration in a binding configuration and then use the same binding configuration on the server and client.
Everything I've found so far says I should be able to use WCF to call a .asmx web service that uses WS-Security. The question is how to configure the WCF-Port. I'm using WCF-BasicHttp. First of all, is that okay? Second, how to enter the user/pass properly. On the security tab, which "Security Mode" should I pick?
The only one that seems to let me enter credentials is TransportWithMessageCredential, then I can click the "Edit" button by username credentials and enter a user/pass.
But when I did, I got this:
<soap:Fault xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<faultcode xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">q0:Security</faultcode>
<faultstring>Microsoft.Web.Services3.Security.SecurityFault: Security requirements are not satisfied because the security header is not present in the incoming message.
at Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security)
at MSB.RCTExpress.Presentation.Web.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security)
in C:\projects\la1safe1\RCT Express\MSB.RCTExpress\3.10\Presentation.Web\UsernameOverTransportNoSendNone.cs:line 27
at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)</faultstring>
<faultactor>http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx</faultactor>
</soap:Fault>
Any ideas?
Thanks,
Neal Walters
Follow-up to TomasR's post - using WS-HTTP binding:
1) BizTalk "Consume WCF Wizard" builds a custom binding file and a WS-BasicHTTP Binding file, so I changed SendPort, and manually copied over all the configurations.
Set as follows:
Security Mode: Message
Message Client Credential Type: UseName
Algorithm Suite: Basic256 [I had no idea what to put here]
I also checked two other boxes:
a) Negotiate service credential [if I don't check this, it wants a "thumbprint"]
b) Establish security context [also tried not checking this one]
2) Ran and got this error:
Description:
The adapter failed to transmit message going to send port "WcfSendPort_ValuationServicePort_ValuationServicePortSoap" with URL "http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx". It will be retransmitted after the retry interval specified for this Send Port.
Details:"System.NullReferenceException: Object reference not set to an instance of an object.
Server stack trace:
at System.ServiceModel.Security.IssuanceTokenProviderBase`1.DoNegotiation(TimeSpan timeout)
at System.ServiceModel.Security.SspiNegotiationTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.TlsnegoTokenProvider.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.CommunicationObjectSecurityTokenProvider.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecurityUtils.OpenTokenProviderIfRequired(SecurityTokenProvider tokenProvider, TimeSpan timeout)
at System.ServiceModel.Security.SymmetricSecurityProtocol.OnOpen(TimeSpan timeout)
at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.SecurityChannelFactory`1.ClientSecurityChannel`1.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.DoOperation(SecuritySessionOperation operation,
EndpointAddress target, Uri via, SecurityToken currentToken, TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionSecurityTokenProvider.GetTokenCore(TimeSpan timeout)
at System.IdentityModel.Selectors.SecurityTokenProvider.GetToken(TimeSpan timeout)
at System.ServiceModel.Security.SecuritySessionClientSettings`1.ClientSecuritySessionChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.ServiceChannel.OnOpen(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
at System.ServiceModel.Channels.CommunicationObject.Open()
Exception rethrown at [0]:
at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
at System.ServiceModel.ICommunicationObject.Open()
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.GetChannel[TChannel](IBaseMessage bizTalkMessage,
ChannelFactory`1& cachedFactory)
at Microsoft.BizTalk.Adapter.Wcf.Runtime.WcfClient`2.SendMessage(IBaseMessage bizTalkMessage)".
Now tried custom binding, added user/pass and get this error:
<soap:Fault xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Code>
<soap:Value xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">q0:Security</soap:Value>
</soap:Code>
<soap:Reason>
<soap:Text xml:lang="en">Microsoft.Web.Services3.Security.SecurityFault:
Security requirements are not satisfied because the security header is not present in the incoming message.
at Microsoft.Web.Services3.Design.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity(SoapEnvelope envelope,
Security security)
at MSB.RCTExpress.Presentation.Web.UsernameOverTransportAssertion.ServiceInputFilter.ValidateMessageSecurity
(SoapEnvelope envelope, Security security) in
C:\projects\la1safe1\RCT Express\MSB.RCTExpress\3.10\Presentation.Web\UsernameOverTransportNoSendNone.cs:line 27
at Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)</soap:Text>
</soap:Reason>
<soap:Node>http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx</soap:Node>
</soap:Fault>
My next attempt, went back to WS-HTTP, but tried to put the User/Pass in a message assignment rather than in the SendPort:
msgRCTGetRequest(SOAP.Username) = "myuser";
msgRCTGetRequest(SOAP.Password) = "mypass";
//msgRCTGetRequest(SOAP.UseSoap12) = true;
Resulted in this error:
<soap:Fault xmlns:soap="http://www.w3.org/2003/05/soap-envelope">
<soap:Code>
<soap:Value>soap:Sender</soap:Value>
</soap:Code><soap:Reason>
<soap:Text xml:lang="en">System.Web.Services.Protocols.SoapHeaderException: WSE012: The input was not a valid SOAP message because the following information is missing: action.
at Microsoft.Web.Services3.Utilities.AspNetHelper.SetDefaultAddressingProperties(SoapContext context, HttpContext httpContext)
at Microsoft.Web.Services3.WseProtocol.CreateRequestSoapContext(SoapEnvelope requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocol.SetContext(Type type, HttpContext context, HttpRequest request, HttpResponse response)
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type, HttpContext context, HttpRequest request, HttpResponse response, Boolean& abortProcessing)</soap:Text>
</soap:Reason>
</soap:Fault>
Fifth attempt, about to give up and open a Microsoft ticket:
msgRCTGetRequest(WCF.UserName) = "myuser";
msgRCTGetRequest(WCF.Password) = "mypass";
msgRCTGetRequest(WCF.Action) = "GetPropertyInfoSourceRecordPolicyNum";
msgRCTGetRequest(SOAP.MethodName) = "GetPropertyInfoSourceRecordPolicyNum";
msgRCTGetRequest(SOAP.Username) = "myuser";
msgRCTGetRequest(SOAP.Password) = "mypass";
same error as fourth attempt.
According to the doc of the vendor providing the web service, I should put the user in W-Security UsernameToken element, the password in WS-Security password, and set the element's attribute to "PasswordDigest". It also says "This token should be added to the SOAP request for the Web method." I'm not sure how this translates from the old WSE3 days to the new WCF days.
Neal, for WS-Security, you need to use the WCF-WsHttp binding/Adapter. WCF-BasicHttp is only for the simpler scenarios where the WS-* protocols are not needed.
.NET 4.0 and .NET 3.5 SP1 with hotfix 971831 allow WS-Security over http transport. Try using this sample binding:
<customBinding>
<binding name="httpAndWSSecurity">
<security authenticationMode="UserNameOverTransport"
allowInsecureTransport="true"/>
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004" />
<httpTransport/>
</binding>
Also see this MSDN article on SecurityBindingElement.AllowInsecureTransport
Use custom binding, and from the BizTalk send port, click configure, then go to the right-most tab which says "Import/Export". Paste the following XML into a file (sample.config) and then import it into the configuration port. This basically saves the time of manually typing a lot of stuff on the binding tab.
<configuration>
<system.serviceModel>
<client>
<endpoint
address="http://rct3.msbexpress.net/demo/ExpressLync/ValuationService.asmx"
binding="customBinding"
bindingConfiguration="ValuationServicePortSoap12"
contract="BizTalk"
name="WcfSendPort_ValuationServicePort_ValuationServicePortSoap12"/>
</client>
<bindings>
<customBinding>
<binding name="ValuationServicePortSoap12">
<security authenticationMode="UserNameOverTransport"
messageProtectionOrder="SignBeforeEncrypt"
includeTimestamp="true"
messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireDerivedKeys="false"
requireSignatureConfirmation="false"/>
<textMessageEncoding messageVersion="Soap11WSAddressingAugust2004"/>
<httpsTransport />
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
The above is not very intuitive (I'm still waiting for a link from Microsoft which describes this is more detail).
Then you still specify the user/pass on the credentials tab.
However, this caused a problem for us, in that the vendor's .asmx web service we were calling did not have IIS set to "requires SSL". Apparently, that is a requirement for this to work with WCF. In other words, it works fine with WSE3 calling .NET to .NET, but when trying to call WCF to .asmx, WCF has a slightly more stringent requirement.
Neal Walters