I have been trying to get this working for hours now and have not had any luck. I am trying to create a WCF web service that has validation. I want the consumer of the service to be required to do:
ServiceReference1.XServiceClient client = new ServiceReference1.XServiceClient();
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
before he can call any of the service methods. I found out that I have to create a CustomUserNamePasswordValidator so I created class library project in the solution to contain the Custom Validator class. I just wanted to verify that it works.
namespace XServices
{
public class CustomUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string username, string password)
{
if (!(username == "test" && password == "password"))
{
throw new FaultException("Invalid username or password!");
}
}
}
}
Then I tried to make the necessary changes to my web.config file in the WCF project to support it. Unfortunately, this is where I had my first trouble.
Here is my web.config file as it is now.
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<!-- connection strings ommitted for security reasons -->
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="CustomValidator">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="CustomUserNameValidator.XServices.CustomUserNameValidator, CustomUserNameValidator"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
The MSDN docs are very unclear on how the customUserNamePasswordValidatorType works. The example https://msdn.microsoft.com/en-us/library/aa702565(v=vs.110).aspx completely glosses over it so I have no idea if I even did it correctly. And worse, it does not throw an error if what you put for that parameter is incorrect. It just silently ignores it. Long story short, the Validate method of my custom validator is not being called. I can't figure out why and I haven't found anything that has worked after hours of google searching. Please help.
In your service config, you forgot to associate the serviceBehavior with your service. Therefore your service don't know anything about your custom validator.
The following section is missing:
<services>
<service behaviorConfiguration="CustomValidator" name="ServiceName...">
<endpoint name="EndpointName..." bindingConfiguration="Binding1" address="..." binding="wsHttpBinding" contract="..." />
</service>
</services>
Related
So, I've made this web service(well WCF Service I guess) that inputs some parameters and returns a json object. This works pretty well.
But now I want to make some changes to the client.
Currently I just have a button, some textboxes for inputs, and a textarea.
The button looks like this:
ServiceReference1.Service1Client sc = new ServiceReference1.Service1Client();
protected void Button11_Click(object sender, EventArgs e)
{
int? i;
if (tbSagsNr.Text != "")
{
i = Convert.ToInt32(tbPOSTUdlSag.Text);
}
else
{
i = null;
}
string s = tbFacilitet.Text;
string a1 = tbAdresse1.Text;
string a2 = tbAdresse2.Text;
string p = tbPostNr.Text;
string json = sc.HouseSearch(i, s, a1, a2, p);
TextArea1.InnerText = json;
}
What do I do if I want to call the web service through the url instead? I'm thinking it should look something like this, depending on what parameters I use:
http://localhost:58637/Default.aspx/Service1.svc/HouseSearch?vSagsNr=5
Instead of textboxes and all that it should just print the json string directly on the screen.
I'm pretty new at making web services and I feel like I've kinda just been bumbling my way so far.
IService1:
[OperationContract()]
[WebInvoke(Method = "POST", ResponseFormat = WebMessageFormat.Json, BodyStyle = WebMessageBodyStyle.Bare, UriTemplate = "HouseSearch")]
string HouseSearch(int? vSagsNr, string vFacilitet, string vAdresse1, string vAdresse2, string vPostNr);
Edit: Actually it should look more like this probably:
http://localhost:58637/WCFTest3/Service1.svc/HouseSearch?vSagsnr=5
Edit: My webconfig now looks like this:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime requestPathInvalidCharacters="" requestValidationMode="2.0" targetFramework="4.6.1"/>
<pages validateRequest="false" />
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="WCFTest3_Behavior" name="WCFTest3.Service1">
<endpoint
address =""
binding="webHttpBinding"
bindingConfiguration="webHttpEndpointBinding"
name="WCFTest3.Service1"
contract="WCFTest3.IService1"
behaviorConfiguration="web"/>
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" name="mexEndPoint" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFTest3_Behavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpEndpointBinding">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
<connectionStrings>
<add
name="UnikBoligCon"
connectionString="server=??;database=??;user=??;password=??"
providerName="System.Data.SqlClient"
/>
</connectionStrings>
</configuration>
But I get this error:
No base address found that matches the https form for the endpoint with the WebHttpBinding link. Registered base address schemas are [http].
Edit: Oh wait I guess I need to fill in the adress, services in the webconfig now looks like this
<services>
<service behaviorConfiguration="WCFTest3_Behavior" name="WCFTest3.Service1">
<endpoint
address ="http://localhost:58532/Service1.svc"
binding="webHttpBinding"
bindingConfiguration="webHttpEndpointBinding"
name="WCFTest3.Service1"
contract="WCFTest3.IService1"
behaviorConfiguration="web"/>
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" name="mexEndPoint" contract="IMetadataExchange"/>
</service>
</services>
And I've gotten rid of "multipleSiteBindingsEnabled="true"" because it threw an error and I don't think I need it.
Now getting this error though:
The authentication schemes configured on the host (Anonymous) do not allow those configured on the binding WebHttpBinding (“Anonymous”). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
I have done something much the same as you described. A WCF service that can be switched (by changing the web.config) to serve Http, NetTCP, or REST. It was easy enough to get Http and NetTCP configs to sit side by side, but I was unable to figure out how to incorporate the REST config with the other two, so I kept them separate (and my requirements didn't call for a REST api, I just wanted to do it anyway).
My Operation Contract is:
[OperationContract]
[
WebInvoke(Method = "GET",
BodyStyle = WebMessageBodyStyle.Wrapped,
RequestFormat = WebMessageFormat.Json,
ResponseFormat = WebMessageFormat.Json,
UriTemplate = "TestMethod/{applicationCode}/?ignoreStatus={ignoreStatus}&logonName={logonName}&userProfileId={userProfileId}")
]
String TestMethod(String applicationCode, Boolean ignoreStatus = false, String logonName = "", String userProfileId = "");
Which can be called via a Url (tested using an Internet Browser).
http://localhost/JayVServerV2/DataAccess/DataAccess.svc/TestMethod/Tom?ignoreStatus=true&logonName=JayV&userProfileId
The most important part of the solution was getting the Web.Config setup correctly. So, I have included the whole of my Web.Config for you to see how I did it.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.5.2"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode="Windows"/>
<authorization>
<allow users="*"/>
</authorization>
<identity impersonate="false"/>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="JayVServer_Behavior" name="JayVServerV2.DataAccess.DataAccess">
<endpoint
address =""
binding="webHttpBinding"
bindingConfiguration="webHttpEndpointBinding"
name="RestJayVServerV2.DataAccess.DataAccess"
contract="DataServerV2.DAtaAccess.IDataAccess"
behaviorConfiguration="web"/>
<endpoint address="mex" binding="mexHttpBinding" bindingConfiguration="" name="mexEndPoint" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="JayVServer_Behavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpEndpointBinding">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
I'm developing a WCF project using C# and I need to consume a web service with ws-security. Problem is I will only know the credentials to use at run time immediatly before consuming the web service, so I can't really use the webconfig file to setup the soap header security section.
My webconfig file looks like this:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6.1" />
<httpRuntime targetFramework="4.6.1"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="GuiaAcompanhamentoImplServiceSoapBinding1" maxReceivedMessageSize="1000000" useDefaultWebProxy="false">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://qualsiliamb.apambiente.pt/egar/services/GuiaAcompanhamentoWs/v2"
binding="basicHttpBinding" bindingConfiguration="GuiaAcompanhamentoImplServiceSoapBinding1"
contract="APAeGARv2.GuiaAcompanhamentoWs" name="GuiaAcompanhamentoWsPort1" >
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>XXXXXXXXXX</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">XXXXXXXXXX</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</client>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
My C# code looks like this:
public string egAnularGuia2(string token, string nifInterveniente, string idUser, int idInstalacao, int idPda, string idMatricula, string numeroGuia, string codigoVerificacao, string Observacoes)
{
APAeGARv2.GuiaAcompanhamentoWsClient ws = new APAeGARv2.GuiaAcompanhamentoWsClient();
// I'd like to insert credencials for ws-security here, but don't know how
APAeGARv2.anularGuiaInput inp = new APAeGARv2.anularGuiaInput();
inp.tokenCertificacao = tokenCertificacao;
inp.nifInterveniente = nifInterveniente;
inp.idGuia = new APAeGARv2.identificadorGuia();
inp.idGuia.numeroGuia = numeroGuia;
inp.idGuia.codigoVerificacao = codigoVerificacao;
inp.observacoes = Observacoes;
APAeGARv2.anularGuiaOutput outp = new APAeGARv2.anularGuiaOutput();
try
{
outp = ws.anularGuia(inp);
}
catch (Exception Erro)
{
outp.result = ErroOutput2(outp.result, Erro);
}
return SerializeOutput(outp);
}
Using this method works very well. But as I've mentioned I'm limited to the credentials I set up in the webconfig file at design-time.
My question is: How can I change my C# code to be able to change credentials at run-time?
Thanks!
After a bit of research and asking a few coleagues someone came up with a solution which I tested and works well:
public string egAnularGuia2(string token, string nifInterveniente, string idUser, int idInstalacao, int idPda, string idMatricula, string numeroGuia, string codigoVerificacao, string Observacoes)
{
EndpointAddress address = new EndpointAddress("https://qualsiliamb.apambiente.pt/egar/services/GuiaAcompanhamentoWs/v2");
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
CustomBinding customBinding = new CustomBinding(binding);
SecurityBindingElement element = customBinding.Elements.Find<SecurityBindingElement>();
element.IncludeTimestamp = false;
APAeGARv2.GuiaAcompanhamentoWsClient ws = new APAeGARv2.GuiaAcompanhamentoWsClient(customBinding, address);
ws.ClientCredentials.UserName.UserName = "XXXXXXXXX";
ws.ClientCredentials.UserName.Password = "XXXXXXXXX";
APAeGARv2.GuiaAcompanhamentoWsClient ws = new APAeGARv2.GuiaAcompanhamentoWsClient();
// the rest remains the same...
}
I have a WCF service application set up so when I call the address it just returns true.
IRemoteService.cs
[OperationContract]
[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Json,
BodyStyle = WebMessageBodyStyle.Wrapped,
UriTemplate = "ValidationResult/")]
bool ValidationResult();
RemoteService.svc.cs
namespace RemoteService
{
public class RemoteService : IRemoteService
{
public bool ValidationResult()
{
return true;
//throw new NotImplementedException();
}
}
}
I have added an application on IIS and now I can access the service on the following url :
https://localhost/ValidationServiceApp/RemoteService.svc/validationresult/
This returns :
{"ValidationResultResult":true}
Works great. But when I run the following powershell script, I cant access the service :
$url = "https://localhost/ValidationServiceApp/SASRemoteService.svc/validationresult/"
$result = Invoke-RestMethod -Method GET -Uri $url
Write-Host $result
I must point out, I have tried on a client application called 'I'm only resting' and this returns whats expected. So I think it must be something to do with powershell. Either I haven't allowed something in the web.config file or some setting missing in powershell. I have also tried to ignore certificate errors on powershell. This didn't help.
Error from powershell :
Invoke-RestMethod : The underlying connection was closed: An unexpected error occurred on a send.
At line:18 char:11
+ $result = Invoke-RestMethod -Method GET -Uri $url
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Here is the web.config file for the service :
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true"/>
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.6"/>
<httpRuntime targetFramework="4.6"/>
<httpModules>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web"/>
</httpModules>
</system.web>
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpTransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
</webHttpBinding>
</bindings>
<services>
<service name="RemoteService.RemoteService" behaviorConfiguration="ServiceBehaviour">
<endpoint address =""
binding="webHttpBinding"
contract="RemoteService.IRemoteService"
bindingConfiguration="webHttpTransportSecurity"
behaviorConfiguration="web" />
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="webHttpBinding" scheme="https"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true">
<remove name="ApplicationInsightsWebTracking"/>
<add name="ApplicationInsightsWebTracking" type="Microsoft.ApplicationInsights.Web.ApplicationInsightsHttpModule, Microsoft.AI.Web"
preCondition="managedHandler"/>
</modules>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
<validation validateIntegratedModeConfiguration="false"/>
</system.webServer>
</configuration>
Managed to find the problem.
I needed to edit permissions on the hosted service in IIS. So I added Users ({pcname}/Users) to the list of allowed users.
I would delete the question, but perhaps this may help someone in the future :)
I'm not very experienced with WCF, as such I'm a little stuck with this one, I allow my WCF service to configure it's own endpoints (my manual attempts have been less than successful). Now this works fine appart from one issue, It adds a second endpoint using the local machine name, and the local windows domain.
My Config file is such:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="https" port="443"/>
</defaultPorts>
</useRequestHeadersForMetadataAddress>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
However when adding this WCF to a WPF application, it generates the following config (Url changed for security)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IAdminService">
<security mode="None">
<transport clientCredentialType="None" />
<message clientCredentialType="UserName" />
</security>
</binding>
<binding name="BasicHttpsBinding_IAdminService">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://machinename.domain.local/PortalServices/AdminService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IAdminService"
contract="AdminService.IAdminService" name="BasicHttpBinding_IAdminService" />
<endpoint address="https://mysite.co.uk/PortalServices/AdminService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpsBinding_IAdminService"
contract="AdminService.IAdminService" name="BasicHttpsBinding_IAdminService" />
</client>
</system.serviceModel>
As you can see, it adds a working URL and a local domain URL
http://machinename.domain.local/PortalServices/AdminService.svc
How can i prevent this from being added? as it becomes a bit of a pain having to remember to manually remove it after every deploy/service update.
As Requested, this is one of the Interface classes.
[ServiceContract]
public interface IAdminService
{
[OperationContract]
List<PortalApp> GetApplications();
[OperationContract]
int AddApplication(string AppName, string Desc, string version, bool enabled);
[OperationContract]
bool EditApplication(int appid, string AppName, string Desc, string version, bool enabled);
[OperationContract]
bool AddAppAccess(int appid, Int16 uid);
[OperationContract]
bool RemAppAccess(int appid, Int16 uid);
[OperationContract]
List<PortalUser> GetUsers();
}
Ok, thanks to Jontatas mentioning the fact the endpoints have seperate binding types it got me thinking.
Turns out i had forgotten to remove the http binding from IIS itself (which is not used). Removing that binding from IIS also removed the incorrect binding in the generated config.
I have a WCF service that works as expected when providing proper credentials.
When I try to consume the service with wrong credentials, the service sends an MessageSecurityException error as expected, and I receive an error: "MessageSecurityException was unhandled by user code".
I'm not sure how to handle this exception, since it is raised in the Reference.cs file that is auto-generated and not really under my control:
References.cs
public string EndLogin(System.IAsyncResult result) {
object[] _args = new object[0];
string _result = ((string)(base.EndInvoke("Login", _args, result))); //Here is the error raised
return _result;
}
Ideal would be to check if the service has accepted the credentials instead of relying on an error raised, but have no idea how to check this.
Hope someone can help me, so my App don't have to crash on each wrong login ;)
Web.config : Service:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="BiBasicService.SalesMarketingService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding"
contract="BiBasicService.ISalesMarketingService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<!-- To enable custom Role validation -->
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="BiBasicService.Security.AuthorizationPolicy, BiBasicService" />
</authorizationPolicies>
</serviceAuthorization>
<!-- To enable custom Username and Password validator-->
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="BiBasicService.Security.CustomValidator, BiBasicService"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
ServiceReferences.ClientConfig : Client:
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISalesMarketingService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://PUBLICDOMAIN/BasicHttp/SalesMarketingService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISalesMarketingService"
contract="ServiceReference1.ISalesMarketingService" name="BasicHttpBinding_ISalesMarketingService" />
</client>
</system.serviceModel>
</configuration>
The MessageSecurityException: it's a binding error.
Make sure the binding configuration on server side and client side must match.
Please post the server side web.config and client side web.config
You may want to look into the IErrorHandler interface, which would allow you to handle the exception at a more “global level”. The IErrorHandler is an extension that allows explicitly control the behavior of the application when an exception is thrown, implement the IErrorHandler interface and add it to the Dispatcher’s ErrorHandlers property. IErrorHandler enables you to explicitly control the SOAP fault generated, decide whether to send it back to the client, and perform associated tasks, such as logging. Error handlers are called in the order in which they were added to the ErrorHandlers property.
http://msdn.microsoft.com/en-us/library/system.servicemodel.dispatcher.ierrorhandler.aspx
http://blogs.msdn.com/b/carlosfigueira/archive/2011/06/07/wcf-extensibility-ierrorhandler.aspx