I am trying to use https & http for the website. The website has .svc files which act as REST service and called from JavaScript.
My Config:
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="AjaxBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="MyServiceBehaviour">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service behaviorConfiguration="MyServiceBehaviour" name="MyService.Lookups">
<endpoint address="" behaviorConfiguration="AjaxBehavior"
binding="webHttpBinding" bindingConfiguration="httpWebBinding" contract="MyService.Lookups" >
</endpoint>
<endpoint address="" behaviorConfiguration="AjaxBehavior"
binding="webHttpBinding" bindingConfiguration="httpsWebBinding" contract="MyService.Lookups" >
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="httpsWebBinding">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
<binding name="httpWebBinding">
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
</system.serviceModel>
Browsing https://myserver/services/Lookups.svc/Hello gives
Could not find a base address that matches scheme http for the endpoint with binding WebHttpBinding. Registered base address schemes are [https]
Browsing http://myserver/services/Lookups.svc/Hello gives
Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]
If I remove any one endpoint it works. Example removing endpoint configured with bindingConfiguration="httpWebBinding" works for HTTPS ,
How can I make it work with HTTP and HTTPS? As of now, I can able to use either http or https by removing one endpoint.
Referred How can I combine the WCF services config for both http and https in one web.config? and How do you setup HTTP and HTTPS WCF 4 RESTful services?
Note: In IIS, it is two web sites one listen on http and another on
https. Both sharing same code in physical folder
UPDATE: As of now, I removed endpoints and it works. But my concern is removing endpoing configured with behaviourConfiguration doesnt look great solution to me.
This works for both http & https
<services>
<service behaviorConfiguration="MyServiceBehaviour" name="MyService.Lookups">
</service>
</services>
I've recreated your scenario and used your web.config to configure endpoints for my test service. Your configuration is ok and works correctly. The part that don't works for you is probably your https configuration in IIS. Make sure you have enabled https access to your service. If you test it with IISExpress from Visual Studio then left click on your project and in the properties window (View -> Properties Window ) select for SSL Enabled = True.
As #Lesmian pointed out in his answer, the issue is in your IIS configuration.
More specifically in:
Note: In IIS, it is two web sites one listen on http and another on https. Both sharing same code in physical folder
The reason is that IIS can not handle endpoints on a schema which it does not support.
You have two sites, and one of them has HTTP binding but does not has HTTPS, and the other has HTTPS but not HTTP.
So when you browse to http:// URL, IIS directs you to the (surprise!) http-enabled site, reads web.config, sees that it registers https endpoint (which is not supported by the site) and throws the exception telling that there is no https scheme support on the http-enabled-only site.
When you browse to the https:// URL the situation is similar - IIS does not allow you to use http endpoint on the https-enabled-only site.
To handle the issue you better use a single site with two bindings.
Another (and more complex) option would be using different web.configs for sites: set up separate sites (pointed to separate folders) and use the publishing and web.config transforming tools of the Visual Studio
Add This Code.
<protocolMapping>
<add scheme="http" binding="webHttpBinding" bindingConfiguration="httpWebBinding"/>
<add scheme="https" binding="webHttpBinding" bindingConfiguration="httpsWebBinding"/>
</protocolMapping>
I dont't know this query is still active or not but as i checked Please
Add binding="mexHttpsBinding" also
with binding="mexHttpBinding" with different endpoint
This helps me.
Related
I am having an issue debugging my WCF service when I set the WCF service to SSL Required in my local IIS. I am able to hit the URL correctly for my service under http/https but I cannot debug and step through the code. I received a popup box with the following text:
Unable to start debugging on the web server. The web server is not configured correctly.
When I make the service not SSL Required I am able to step through my code as expected. I am new to dealing with IIS and have gone through a number of tutorials with the same result. Any help would be awesome
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="sslBehaviorConfiguration">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="sslBindingConfiguration">
<security mode="Transport" />
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="SslWCFProject.Service1" behaviorConfiguration="sslBehaviorConfiguration">
<endpoint binding="wsHttpBinding" bindingConfiguration="sslBindingConfiguration" contract="SslWCFProject.IService1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<!--<protocolMapping>
<add binding="wsHttpBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>-->
1) First, I recommend checking the IIS logs. They are usually located in the following directory: C:\inetpub\logs\LogFiles. Just go into the W3SVC prefixed folder whose modification date most closely matches when you received the error. Open the log for the correct day and see the error details.
2) If that reveals nothing, then check out the Windows Application log in your Event Viewer.
3) Do you have a certificate (e.g. self signing certificate) on your computer? Is there a trusted site issue here?
I believe I found my answer. It looks like the checkbox in IIS for the website for Require SSL is associated the client certificate and requiring a client certificate to access the service instead of the section which is below it (although I will need to select required in the future). For the post I found When this is checked off I cannot debug the service but I can attach to the process in order to debug it.
http://blogs.msdn.com/b/vijaysk/archive/2007/10/18/visual-studio-debugging-websites-that-require-client-certificates.aspx
If I am wrong please let me know. If I come across anything else I'll update this question again with my progress just to keep in documented.
I am writing a WCF service which contains a singe contract. I would like web clients to call the service endpoint using either http or https.
My web.config is as follows:
(Some parts have been removed for brevity)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IDataService" />
<binding name="BasicHttpsBinding_IDataService" >
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="DataServiceMetadataBehavior" name="DummyService.DataService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IDataService"
contract="DummyService.IDataService"/>
<endpoint address=""
binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_IDataService"
contract="DummyService.IDataService" name="BasicHttpsBinding_IDataService"
/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="DataServiceMetadataBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add scheme="http" binding="basicHttpBinding" />
<add scheme="https" binding="basicHttpBinding" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
When I try to test the service using the VisualStudio test client, it gives the following error:
Could not find a base address that matches scheme https for the
endpoint with binding BasicHttpBinding. Registered base address
schemes are [http].
Everything works fine with only a single endpoint.
An endpoint consists of address, binding and contract.
http://YourBaseAddress/YourApp/YourService.svc and httpS://YourBaseAddress/YourApp/YourService.svc are different address with different schema name or protocol as well as different ports: 80 and 443 by default, so you can have both endpoints for the service, with the same basicHttpBinding, provided that the https one has a bindingConfiguration for SSL transportation as you had done. The error message is quite informative, so you need to go to IIS (or IIS Express) to make sure there's a http listener, say https binding defined after checking the "Edit Bindings" function of the Website. After you had done so, you should be able to get WSDL through httpS://YourBaseAddress/YourApp/YourService.svc?wsdl in a Web browser.
In fact, many Web services/applications like those from Microsoft and Google support both http and https through the same host name and path.
I'm trying to get my WCF service working with netTcpBinding instead of wsHttpBinding, but I can't seem to get it working.
I added the net.tcp binding to IIS7.5 but the status is Unknown (and when I also remove the http binding it puts a big red X through the site and I have to add a new http binding before I can access any settings again). I already looked here and on Google but I could only find two or three posts about this issue without any true solutions.
What I have:
WAS service running, and also the Net.* services.
Added net.tcp in Advanced Settings in IIS.
WCF non-http is installed.
There seems to be a TCP listener running, as it shows in netstat that it is listening on my specified port: 809) and I also got firewall message (also tried disabling the firewall/antivirus, but it didn't help).
WCF Test Client results in this error:
Error: Cannot obtain Metadata from net.tcp://localhost:809/MyService.svc
My Web.config (as copied mostly from MSDN, for proper layout look here http://pastebin.com/Ru8p0T9N):
<services>
<service behaviorConfiguration="MyBehavior" name="WCFService.MyService">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="Binding1" name="MyServiceEndpoint" contract="WCFService.MyService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" bindingConfiguration="" name="MyServiceMexTcpBidingEndpoint" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:809/MyService.svc" />
</baseAddresses>
</host>
</service>
</services>
<behavior name="MyBehavior">
<serviceMetadata httpGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<netTcpBinding>
<binding name="Binding1"hostNameComparisonMode="StrongWildcard"sendTimeout="00:10:00"maxReceivedMessageSize="65536"transferMode="Buffered"portSharingEnabled="true">
<security mode="Message">
<transport clientCredentialType="None" />
<message clientCredentialType="None" />
</security>
</binding>
</netTcpBinding>
Everything works fine with wsHttpBinding but not with net.tcp. I tried several different settings in the Web.config from multiple sources but I keep ending up with the same problem.
Did you add net.tcp as an Enabled Protocol in IIS? Manage website => advanced settings => enabled protocols (comma delimited)
For people having the same problem: As I said before, I changed the Application Pool to Classic and it didn't work (http also didn't work anymore), but when I changed it back and recycled application pool it suddenly worked.
I have WCF services hosted on a console application and a web application accessing its operations. I have searched for WCF security and in most cases the web services were hosted on IIS. What points should I follow in order to implement WCF transport layer security in my case?
What I want is
Using username and password to execute WCF operations
Use SSL to encrypt data.
If my WCF services are hosted on a console application. Are there any IIS configurations that I should make?
If you want to expose WCF service over HTTP you can use BasicHttpBinding with custom configuration:
<bindings>
<basicHttpBinding>
<binding name="secured">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="userName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="securedService">
<serviceMetadata httpsGetEnabled="true" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Namespace.Type, assembly" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="Namespace.Type" behaviorConfiguration="securedService">
<host>
<baseAddresses>
<!-- some url -->
<baseAddress baseAddress="https://localhost:8088/Service" />
</baseAddresses>
</host>
<endpoint address="" contract="Namespace.Type" binding="basicHttpBinding" bindingConfiguration="secured" />
<endpoint address="mex" contract="IMetadataExchange" binding="mexHttpsBinding" />
</service>
</services>
This will create SOAP 1.1 service using HTTPS and UserName token profile for transporting credentials in the message. It will also expose metadata (WSDL) over HTTPS and user name and password will be validated by custom validator. Default validation validates windows accounts but it can also be reconfigured to use ASP.NET membership provider.
The last thing you need to do is allowing HTTPS on used port (8088 in the example). For this you need a certificate with private key installed in certificate store on the machine (should be in My / Personal store in LocalMachine). You can create self signed certificate for test purposes.
Once you have a certificate you must assign the certificate to the port by using netsh. You should also allow application to listen on the port by using netsh otherwise your console application will have to run as admin (UAC - Windows Vista, 7, 2008, 2008 R2).
If your WCF Services are hosted in a console app, IIS has nothing to do with them, so you don't need to configure IIS or anything.
In order to have transport-layer security, you can use WsHttp or NetTcp binding in combination with SSL.
Have a look at http://www.dotnetspark.com/kb/1502-security-wcf--transport-level.aspx, http://www.packtpub.com/article/microsoft-wcf-security and http://dotnetrobert.com/?q=node/140.
I don't understand what the problem is here. My wsHttpBinding works fine. Here is my configuration. Any help most appreciated.
<?xml version="1.0"?>
<configuration>
.....
<system.serviceModel>
<services>
<service behaviorConfiguration="DataService.Service1Behavior"
name="ODHdotNET.DataService">
<endpoint
address=""
binding="wsHttpBinding"
bindingConfiguration="largeTransferwsHttpBinding"
contract="ODHdotNET.IDataService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint
address="net.tcp://139.149.141.221:8001/DataService.svc"
binding="netTcpBinding"
contract="ODHdotNET.IDataService"/>
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://139.149.141.221:8000/DataService.svc" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="largeTransferwsHttpBinding2"
maxReceivedMessageSize="5000000" maxBufferPoolSize="5000000">
<security mode ="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
<binding name="largeTransferwsHttpBinding"
maxReceivedMessageSize="5000000" maxBufferPoolSize="5000000" />
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="DataService.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
edit: I am self-hosting in a Windows Service; I am not using IIS.
do you mean that a WCF client throws this error ?
if so:
please run the follwing at the command prompt:
netstat -ona | find "8001"
if this returns data, please post it
You need to add TCP support to your IIS.
To enable TCP, MSMQ, or named pipes communication specifically, perform the additional step of configuring support for the associated protocol. For TCP communication, bind the default Web site to a net.tcp port by using the Appcmd command-line utility. Appcmd is an IIS utility that enables you to administer virtual sites, directories,applications, and application pools.
%windir%\system32\inetsrv\appcmd.exe set site "Default Web Site" -
+bindings.[protocol='net.tcp',bindingInformation='808:*']
To support the other protocols, run additional commands that enable those protocols for the default Web site. At this point, you have configured the net.tcp protocol at the site level.
%windir%\system32\inetsrv\appcmd.exe set app "Default Web Site/OrderServiceHost"
/enabledProtocols:http,net.tcp
Please look at these for more detail: Extend Your WCF Services Beyond HTTP With WAS
Hosting WCF Services in Windows Activation Service
Make sure the port is open in windows firewall
Make sure your host is running when you invoke methods in client application.