I have a windows service that hosts my wcf service.
The app.config is:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2"/>
</startup>
<system.serviceModel>
<services>
<service behaviorConfiguration="RestWCFServiceLibrary.Service1Behavior" name="RestWCFServiceLibrary.RestWCFServiceLibrary">
<endpoint address="" binding="webHttpBinding" contract="RestWCFServiceLibrary.IRestWCFServiceLibrary" behaviorConfiguration="web">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8888/RestWCFServiceLibrary/"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="RestWCFServiceLibrary.Service1Behavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp/>
<CorsSupport/>
</behavior>
</endpointBehaviors>
</behaviors>
<extensions>
<behaviorExtensions>
<add name="CorsSupport" type="WebHttpCors.CorsSupportBehaviorElement, WebHttpCors, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
</system.serviceModel>
</configuration>
My problem is that if I have my website using https:// it fails to make the http call because of CORS. The https website makes an ajax GET request to the localhost.
Now I am trying to change my windows service to https but everywhere I see some command line ssl bindings. Is there a different way I can change my wcf self hosted windows service to use https?
What do I need to do in order to get this http service migrated over to https.
Please provide example of what needs to be modified in my app.config.
I stumbled upon similar problem so what i did was used WCF Configuration tool to write a App.Config for me and inside endpoints I selected mexhttpsbinding and yaa the https binding worked..
Let's just add an https endpoint. The following configuration works properly over both http and https.
<system.serviceModel>
<services>
<service behaviorConfiguration="mybehavior" name="WcfService1.Service1">
<endpoint address="" binding="webHttpBinding" contract="WcfService1.IService1" behaviorConfiguration="webbev"></endpoint>
<endpoint address="" binding="webHttpBinding" contract="WcfService1.IService1" behaviorConfiguration="webbev" bindingConfiguration="myhttpsbinding"></endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
<host>
<baseAddresses>
<add baseAddress="http://localhost:11010"/>
<add baseAddress="https://localhost:11011"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="myhttpsbinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" sendTimeout="00:10:00" receiveTimeout="00:10:00">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="mybehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webbev">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
Since https protocol is protected by the certificate, we are supposed to bind the certificate to the https port for https endpoint. (we could specify the certificate in IIS binding module instead of CMD if hosting the service in IIS)
netsh http add sslcert ipport=0.0.0.0:11011 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
Execute CMD with administrator privileges and ensure that the certificate is installed on the local machine certificate store (certlm.msc). Certhash parameter specifies the thumbprint of the certificate. The appid parameter is a GUID that can be used to identify the owning application(located in the project.csproj file)
<ProjectGuid>{56FDE5B9-3821-49DB-82D3-9DCE376D950A}</ProjectGuid>
https://learn.microsoft.com/en-us/windows/desktop/http/add-sslcert
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
Feel free to contact me if there is anything I can help with.
Https only works on port 443. so you better have your virtual host created in your SSL script tag in your server configuration.
Or you can also proxy pass your request http:// port(8888) to https:// (port:443)
Related
I have developed WCF windows service using net tcp binding. Its working fine when wcf client and wcf service both are in domain (in two different system)
Getting error when both system are in work group not in domain.
Throwing an exception. Source: System.ServiceModel 4.0.0.0. Exception details: System.ServiceModel.CommunicationException: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '04:59:59.7955781'. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Things I tried:
Turned off Firewalls
Checked port
Increased the timeouts
First, you need to add windows credentials when requesting because nettcpbinding defaults to windows authentication:
ServiceReference1.CalculatorClient calculatorClient = new ServiceReference1.CalculatorClient();
calculatorClient.ClientCredentials.Windows.ClientCredential.UserName = "Administrator";
calculatorClient.ClientCredentials.Windows.ClientCredential.Password = "Password";
If you still have problems after adding credentials, you also need to add a mex endpoint:
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"></endpoint>
This is my App.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
</startup>
<system.serviceModel>
<services>
<service name="ConsoleApp5.CalculatorService" behaviorConfiguration="ServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:10234/GettingStarted/"/>
</baseAddresses>
</host>
<endpoint address="Test"
binding="netTcpBinding"
contract="ConsoleApp5.ICalculator"/>
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
UPDATE
Set the Mode value to Message:
<binding name="Binding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
This is my App.config:
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<services>
<service name="Microsoft.Samples.X509CertificateValidator.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior">
<!-- use host/baseAddresses to configure base address provided by host -->
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8001/servicemodelsamples/service"/>
</baseAddresses>
</host>
<!-- use base address specified above, provide one endpoint -->
<endpoint address="certificate" binding="netTcpBinding" bindingConfiguration="Binding" contract="Microsoft.Samples.X509CertificateValidator.ICalculator"/>
</service>
</services>
<bindings>
<netTcpBinding>
<!-- X509 certificate binding -->
<binding name="Binding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceMetadata/>
<serviceCredentials>
<!--
The serviceCredentials behavior allows one to specify authentication constraints on client certificates.
-->
<clientCertificate>
<authentication certificateValidationMode="None" revocationMode="NoCheck"/>
</clientCertificate>
<!--
The serviceCredentials behavior allows one to define a service certificate.
A service certificate is used by a client to authenticate the service and provide message protection.
This configuration references the "localhost" certificate installed during the setup instructions.
-->
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<startup><supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/></startup></configuration>
Feel free to let me know if the problem persists.
I am trying to add transport security layer to my WCF service. But after following all the instructions i still get error "Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]."
Already did all needed configurations in IIS Manager and add need code in web.config but i still have a feeling i am missing something
web.config:
<system.serviceModel>
<services>
<service name="MyNameSpace.MyService" behaviorConfiguration="secureBehavior">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="MyNameSpace.IMyService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="secureBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
There is no problem with your present configuration, configure an https endpoint and it uses Transport security mode. One more thing we need to do is configuring an https binding address in IIS binding module. Like below.
It locates in the IIS site binding module.
Then we could use the above https service address to access it.
https://IP:4431/Service1.svc (service base address)
Feel free to let me know if the problem still exists.
I had developed a windows service that hosts a WCF service. The service is installed on a server and the idea is to process some files on the local network (domain). Also, the service is executing as my domain user.
the configuration of the service is this:
<system.serviceModel>
<services>
<service name="Zeus.My.Upload.Service.MyHostedService">
<host>
<baseAddresses>
<add baseAddress="http://localhost:1089/Domain/Service"/>
</baseAddresses>
</host>
<endpoint address="http://localhost:1089/Domain/Service/Uploader" binding="basicHttpBinding" contract="Zeus.My.Upload.Contract.IHostedService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<basicHttpBinding>
<binding maxReceivedMessageSize="4294967296" transferMode="Streamed" sendTimeout="01:00:00" messageEncoding="Mtom">
<security mode="None">
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
The issue with this configuration is that only my user is able to access and use this service. Other users of domain cannot even access to the URL.
How can I solve this issue?
I created a simple WCF service and hosted it in IIS by creating a new website. In Web.config file,I am providing bindings for http and net tcp.
I created a console client and adding service reference. It generates two binding in client config - for http and for tcp. When I try to invoke the service using tcp, I get this error -
An unhandled exception of type 'System.ServiceModel.EndpointNotFoundException' occurred in mscorlib.dll
Additional information: There was no endpoint listening at net.tcp://computername/Service.svc that could accept the message. This is often caused by an incorrect address or SOAP action.
when I run using Http endpoint , it works fine.
Note -
I am using Windows 10 OS, IIS 10.0 and WPAS\WAS (Windows Process Activation Service) are installed. I already enabled\checked HTTP Activation, TCP Activation in .Net framework in Windows features. And modified IIS server settings to include net tcp. Please check it in attached image.
My website Web.config file looks like
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NewBinding0" portSharingEnabled="true">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<services>
<service behaviorConfiguration="My" name="WCFServiceOM.Service1"> <!-- the service name must match the configuration name for the service implementation. -->
<endpoint address="" binding="basicHttpBinding" contract="WCFServiceOM.IService1"/>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint binding="netTcpBinding" bindingConfiguration="NewBinding0" contract="WCFServiceOM.IService1" />
<endpoint address="mexOM" binding="mexTcpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8087/Service1" />
<add baseAddress="http://localhost:7777/Service1"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webBehanior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="My">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
And my client App.Config look like
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.6" />
</startup>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IService1" />
</basicHttpBinding>
<netTcpBinding>
<binding name="NetTcpBinding_IService1">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="http://computername:7777/Service.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IService1"
contract="ServiceReference1.IService1" name="BasicHttpBinding_IService1" />
<endpoint address="net.tcp://computername/Service.svc" binding="netTcpBinding"
bindingConfiguration="NetTcpBinding_IService1" contract="ServiceReference1.IService1"
name="NetTcpBinding_IService1" />
</client>
</system.serviceModel>
I setup a WCF application to be hosted by a Windows service. I got this to work correctly and I can navigate to it by going to http://127.0.0.1:1214. Here is the configuration:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="NetworkPrintClient.PrintWebService" behaviorConfiguration="PrintServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://127.0.0.1:1214/"/>
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" contract="NetworkPrintClient.IPrintWebService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrintServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Now I'd like to make this accessible at https://127.0.0.1:1214. After reading several articles about doing this, I end up with the config below. But, I can't browse to the application anymore. I just get a "This site can't be reached" error in Chrome.
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="NetworkPrintClient.PrintWebService" behaviorConfiguration="PrintServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="https://127.0.0.1:1214/"/>
</baseAddresses>
</host>
<endpoint address="" binding="webHttpBinding" contract="NetworkPrintClient.IPrintWebService" behaviorConfiguration="HttpBehavior" bindingConfiguration="PrintServiceHttpsBinding"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="PrintServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="HttpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="PrintServiceHttpsBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="https"/>
</protocolMapping>
</system.serviceModel>
</configuration>
The article I used to get this far is here. I did the part at the bottom about making the certificate and mapping it to my IP and port. I also tried to get this to work with "localhost" and my actual IP address. Can anyone see what I'm doing wrong?
You must to create a certificate selfhosted to localhost, you can use this command line in powersheel
New-SelfSignedCertificate -DnsName "localhost", "localhost" -CertStoreLocation "cert:\LocalMachine\My" when you execute is gonna generate the thumbprint of certificate keep to associate to the port something like this "B80BE75765AA5739EAC63AAF67C32E5A3625FF19"
in window type "certificates" and click manage computer certificates and copy the certificate from personal\certificates to trusted root certification authorities\certificates
associate the certificate hash (thumbprint to the port) - netsh http add sslcert ipport=0.0.0.0:{0} certhash={1} appid={2} certstore=MY 0 - port - 1 - (the thumbprint generated by the certificate) 2 - {555b2e5f-4877-459b-bff2-60bb25898455} (GUID)