I have a WCF service application which uses the .NET Fraweork 4.5.2 and an application pool which has Managed pipeline mode set to Integrated. I use basic authentication to consume this WCF service. I have deployed the application to two environments (dev and qa), in dev it works perfectly, but in qa I get the following error:
Below is the IIS Authentication configuration of the application:
And this is my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyProject.IS01"
behaviorConfiguration="ServiceWithMetaData">
<endpoint name="Default"
address=""
binding="basicHttpBinding"
contract="MyProject.IIS01" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceWithMetaData">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment
aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<add name="ErrorLog" type="Elmah.ErrorLogModule, Elmah" preCondition="managedHandler" />
<add name="ErrorMail" type="Elmah.ErrorMailModule, Elmah" preCondition="managedHandler" />
<add name="ErrorFilter" type="Elmah.ErrorFilterModule, Elmah" preCondition="managedHandler" />
</modules>
<directoryBrowse enabled="true" />
<validation validateIntegratedModeConfiguration="false" />
</system.webServer>
The first phrase of the message error is very stange for me. It said that the authentication is set to Windows, but as you can see in the second screenshot, Windows authentication is disabled.
Is missing something from the configuration? Should I activate some features on the server where IIS is hosted?
I mention that all problems that I found on google are related to anonymous authentication (not to basic authentication).
Thanks in advance.
That's cause you are missing the BindingConfiguration setting in your service endpoint and thus the configuration isn't applied at all. Change it like below
<bindings>
<basicHttpBinding>
<binding name="testbinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyProject.IS01" behaviorConfiguration="ServiceWithMetaData">
<endpoint name="Default" address="" binding="basicHttpBinding"
contract="MyProject.IIS01" bindingConfiguration="testbinding" />
</service>
</services>
Related
I have made a simple REST service (WCF) that will be using another SOAP service.
My REST service works fine, but when I add the SOAP service (Added as a Service Reference), it adds data to the Web.config file.
One thing I want to highlight is that I do not want to expose the SOAP service, I'll be just consuming it.
But when I try to invoke an operation, I get this error:
The endpoint at www.myaddress.com does not have a Binding with the
None MessageVersion. 'System.ServiceModel.Description.WebHttpBehavior'
is only intended for use with WebHttpBinding or similar bindings.
Looking on the internet, people have issues with the config file, but they're exposing two services. I am just exposing one service, and consuming the other. For now, the REST service I am consuming through localhost, and the SOAP service uses SAML ADFS authentication
This is how my config file look, can someone please suggest a fix?
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2"/>
</system.web>
<system.serviceModel>
<bindings>
<ws2007FederationHttpBinding>
<binding name="WS2007FederationHttpBinding_mySOAPService">
<security mode="TransportWithMessageCredential">
<message>
<issuer address="issuer.address"/>
<issuerMetadata address="issuer.metadata.address" />
<tokenRequestParameters>
.
.
.
</tokenRequestParameters>
</message>
</security>
</binding>
</ws2007FederationHttpBinding>
<ws2007HttpBinding>
<binding name="binding.address">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" establishSecurityContext="false" />
</security>
</binding>
</ws2007HttpBinding>
</bindings>
<client>
<endpoint address="endpoint.address"
binding="ws2007FederationHttpBinding" bindingConfiguration="WS2007FederationHttpBinding_mySOAPService"
contract="ServiceReference1.mySOAPService" name="WS2007FederationHttpBinding_mySOAPService" />
</client>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior>
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
Yep, that's exactly how it will work by default!
But you can override those settings pretty easily.
var soapService = new SoapClass.SoapService(
new BasicHttpBinding(BasicHttpSecurityMode.Transport), //Pick the right mode here
new EndpointAddress(mySoapUrl));
My assumption being you have multiple projects, and the Soap is being added to the wrong config.
The other choice, would be to move the correct config settings to the correct config.
I'm trying to host a WCF REST service on an https server. The IIS manager on the server is configured property for the https port and my Web.config is configured properly. But, I just get this message "Server Error in '/' Application error" when pinging the URL. The URL matches the correct virtual directory which has been configured as an IIS application. It just doesn't resolve. I have another WCF service on this server that's running fine, but it's using basicHttpBinding since it's a soap service.
Can someone look at my RESTful web.Config and see if I've over looked something since there must be something wrong? This service works fine when deployed on my local machine using http without all the https config settings, but when deployed on another https server it doesn't work. There has to be something I'm missing. Tnx.
<?xml version="1.0"?>
<configuration>
<appSettings>
</appSettings>
<!-- SQL connection settings -->
<connectionStrings>
</connectionStrings>
<!--
For a description of web.config changes see http://go.microsoft.com/fwlink/?LinkId=235367.
The following attributes can be set on the <httpRuntime> tag.
<system.Web>
<httpRuntime targetFramework="4.6" />
</system.Web>
-->
<system.web>
<compilation debug="true" targetFramework="4.6"/>
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<client/>
<bindings>
<webHttpBinding>
<binding name="secureHttpBinding" maxReceivedMessageSize="200000000">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</webHttpBinding>
<mexHttpsBinding>
<binding name="secureMexBinding"/>
</mexHttpsBinding>
</bindings>
<behaviors>
<!-- Required for json web service -->
<endpointBehaviors>
<behavior name="webBehavior">
<webHttp/>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="serviceBehaviors">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="serviceBehaviors" name="RepoWebService.MasterRepoAPI">
<endpoint address="" behaviorConfiguration="webBehavior" binding="webHttpBinding" bindingConfiguration="secureHttpBinding" contract="StatuteRepoWebService.IRepoWebService.MasterRepoAPI"/>
<endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration="secureMexBinding" contract="IMetadataExchange"/>
</service>
</services>
<protocolMapping>
<add scheme="https" binding="webHttpBinding" bindingConfiguration="secureHttpBinding"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral"/>
<bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0"/>
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
There is no problem your service configuration file seems to me. It only supports Https protocol. There might some problems in the hosting environment.
we are supposed to provide a https binding in IIS binding module, then service address will be https://x.x.x.x:xxxxx/service1.svc
Besides, here is my simplified configuration which using the WCF4.5 new feature, Protocol Mapping. it supports both https and http.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior>
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="mybinding">
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="http"/>
<add binding="webHttpBinding" scheme="https" bindingConfiguration="mybinding"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
https://learn.microsoft.com/en-us/dotnet/framework/wcf/whats-new
Feel free to let me know if there is anything I can help with.
When I use Live WCF service it shows error
There was no endpoint listening at this that could accept the message. This is often caused by an incorrect address or SOAP action
Put your end-point configuration on Web.config on root of your project.
this is sample of a web.config with end-point.
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="TestWcfHttps1.Service1" name="TestWcfHttps1.Service1">
<endpoint address="https://MYSERVER/GpTest/Service1.svc"
binding="basicHttpBinding"
bindingConfiguration="TransportSecurity"
contract="TestWcfHttps1.IService1">
<identity>
<dns value="" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="TestWcfHttps1.Service1">
<serviceMetadata httpsGetEnabled="true" externalMetadataLocation="https://MYSERVER//GpTest/Service1.wsdl" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
The above sample code will fix your problem, but please describe more about your projects on your solution and put your code here. Did you consume the web-service in a class library and reference it on your web-app project ?
I'm trying to implement Transport-Level security (using Windows authentication/credentials) via a wsHttpBinding. But I'm getting the following error: Binding validation failed because the WSHttpBinding does not support reliable sessions over transport security (HTTPS). The channel factory or service host could not be opened. Use message security for secure reliable messaging over HTTP.
<?xml version="1.0"?>
<configuration>
<appSettings/>
<system.web>
<roleManager enabled="true" />
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Linq, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"/>
</assemblies>
</compilation>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsSecure">
<reliableSession enabled="true" />
<security mode="Transport">
<transport proxyCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="MyService">
<endpoint address="https://localhost:8000/MyService/" binding="wsHttpBinding" bindingConfiguration="wsSecure"
name="wsBinding" contract="IMyContract" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I'm fairly new to WCF but I have a WCF Service hosted in IIS that has several queries to our SQL Server. I am consuming the WCF service with a WPF application. What I'm trying to do is allow windows authentication to pass from the WPF Client, To The WCF Service, To The SQL Server so that the SQL Queries are executed as the clients user. I've been trying to configure the website and host in various ways with no luck so far.
On my WCF Service website, I have Anonymous Authentication=true(for MEX), ASP.NET Impersonation=true and Windows Authentication=true.
In my WCF Service Web.config:
<configuration>
<system.web>
<customErrors mode="Off"/>
<authentication mode="Windows"/>
<compilation debug="true" targetFramework="4.0">
<assemblies>
<add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" />
</assemblies>
</compilation>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding maxReceivedMessageSize="5000000" name="WindowsSecurity">
<readerQuotas maxDepth="200"/>
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="ADATrackingService" behaviorConfiguration="ServiceBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="WindowsSecurity"
name="wsHttpEndpoint" contract="IADATrackingService" />
<endpoint address="mex" binding="mexHttpsBinding" name="MexHttpsBindingEndpoint"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization impersonateCallerForAllOperations="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
<connectionStrings>
<add name="ADATrackingEntities" connectionString="metadata=res://*/EntityModel.ADATrackingModel.csdl|res://*/EntityModel.ADATrackingModel.ssdl|res://*/EntityModel.ADATrackingModel.msl;provider=System.Data.SqlClient;provider connection string="data source=MYSERVER;initial catalog=ADATracking;integrated security=True;multipleactiveresultsets=True;App=EntityFramework"" providerName="System.Data.EntityClient" />
</connectionStrings>
</configuration>
Then in my WPF client App.Config I have:
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="WindowsAuthentication">
<clientCredentials>
<windows allowedImpersonationLevel="Delegation"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="5000000"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="200" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://MyService.svc"
binding="wsHttpBinding" behaviorConfiguration="WindowsAuthentication" bindingConfiguration="wsHttpEndpoint"
contract="ADATrackingService.IADATrackingService" name="wsHttpEndpoint">
<identity>
<servicePrincipalName value="host/MyServer.com" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
My service calls are just returning simple queries from SQL using the metadata for allowing impersonation. Every time I run the client and call something from my service i'm just getting an error opening the data connection for "NT Authority/ANONYMOUS LOGIN" even with AnonymousAuthentication=false set in IIS??? Any help would be greatly appreciated. Thanks!
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
public List<IndividualDisability> GetIndividualDisabilities()
{
WindowsIdentity callerWindowsIdentity = ServiceSecurityContext.Current.WindowsIdentity;
if (callerWindowsIdentity == null)
{
throw new InvalidOperationException
("The caller cannot be mapped to a Windows identity.");
}
using (callerWindowsIdentity.Impersonate())
{
using (var context = new ADATrackingEntities())
{
return context.IndividualDisabilities.OfType<IndividualDisability>().Include("ADACode").Include("Individual").Include("Disability").ToList();
}
}
}
Well, after browsing around some more today. I've finally got it working! The issue was that in active directory, I needed to allow Delegation to the SQL Server box. There is a setting in AD that you have to set on the web server box to allow it to delegate to the SQl Service on your SQl Server box on port 1433. I also had to make sure I was setup for kerebos authentication on the webserver. This blog post explained my situation exactly and helped me get it working from start to finish:
ASP.Net Impersonation
In IIS, have you explicitly removed Anonymous authentication? Do the following:
Open the IIS Manager.
Navigate to your WCF service application.
In the Features View, Under IIS, click Authentication.
Remove any authentication scheme except Windows Authentication. (Anonymous is enabled by default.)
To help ensure that your WPF application is not interfering in any way, first test with wcftestclient.
Open a Developers Command Window (Start Menu>Programs>Microsoft Visual Studio 2010>Visual Studio Tools>Visual Studio Command Prompt (2010))
wcftestclient https://url.to/myservice.svc