Develop Reference

How to make my CustomUserNamePasswordValidator work

I have been trying to get this working for hours now and have not had any luck. I am trying to create a WCF web service that has validation. I want the consumer of the service to be required to do:
ServiceReference1.XServiceClient client = new ServiceReference1.XServiceClient();
client.ClientCredentials.UserName.UserName = "username";
client.ClientCredentials.UserName.Password = "password";
before he can call any of the service methods. I found out that I have to create a CustomUserNamePasswordValidator so I created class library project in the solution to contain the Custom Validator class. I just wanted to verify that it works.
namespace XServices
{
public class CustomUserNameValidator : UserNamePasswordValidator
{
public override void Validate(string username, string password)
{
if (!(username == "test" && password == "password"))
{
throw new FaultException("Invalid username or password!");
}
}
}
}
Then I tried to make the necessary changes to my web.config file in the WCF project to support it. Unfortunately, this is where I had my first trouble.
Here is my web.config file as it is now.
<?xml version="1.0"?>
<configuration>
<connectionStrings>
<!-- connection strings ommitted for security reasons -->
</connectionStrings>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
<behavior name="CustomValidator">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="CustomUserNameValidator.XServices.CustomUserNameValidator, CustomUserNameValidator"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
The MSDN docs are very unclear on how the customUserNamePasswordValidatorType works. The example https://msdn.microsoft.com/en-us/library/aa702565(v=vs.110).aspx completely glosses over it so I have no idea if I even did it correctly. And worse, it does not throw an error if what you put for that parameter is incorrect. It just silently ignores it. Long story short, the Validate method of my custom validator is not being called. I can't figure out why and I haven't found anything that has worked after hours of google searching. Please help.

In your service config, you forgot to associate the serviceBehavior with your service. Therefore your service don't know anything about your custom validator.
The following section is missing:
<services>
<service behaviorConfiguration="CustomValidator" name="ServiceName...">
<endpoint name="EndpointName..." bindingConfiguration="Binding1" address="..." binding="wsHttpBinding" contract="..." />
</service>
</services>

WCF Service 404 error on browser

this might be very common question and asked many times but I troubleshooting this issue from the past 2 days.
I have created WCF service below:
IStudentService.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;
using System.ServiceModel.Web;
namespace WcfStudentService
{
// Defines IStudentService here
[ServiceContract ]
public interface IStudentService
{
[OperationContract]
[WebInvoke(Method = "GET", ResponseFormat = WebMessageFormat.Json)]
string GetData();
}
}
StudentService.svc.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;
using Newtonsoft.Json;
namespace WcfStudentService
{
// StudentService is the concrete implmentation of IStudentService.
public class StudentService : IStudentService
{
public string GetData()
{
return "{ Result : " + "Success" + " }";
}
}
}
Web.config(Updated):
<?xml version="1.0" encoding="UTF-8"?>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
-->
<configuration>
<appSettings />
<connectionStrings />
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" targetFramework="4.0" />
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows" />
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages controlRenderingCompatibilityVersion="4.0" clientIDMode="AutoID" />
</system.web>
<system.web.extensions>
<scripting>
<webServices>
<!--
Uncomment this section to enable the authentication service. Include
requireSSL="true" if appropriate.
<authenticationService enabled="true" requireSSL = "true|false"/>
-->
<!--
Uncomment these lines to enable the profile service, and to choose the
profile properties that can be retrieved and modified in ASP.NET AJAX
applications.
<profileService enabled="true"
readAccessProperties="propertyname1,propertyname2"
writeAccessProperties="propertyname1,propertyname2" />
-->
<!--
Uncomment this section to enable the role service.
<roleService enabled="true"/>
-->
</webServices>
<!--
<scriptResourceHandler enableCompression="true" enableCaching="true" />
-->
</scripting>
</system.web.extensions>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<!--Garvit: Commented below code-->
<!--<service name="WcfStudentService.StudentService" behaviorConfiguration="WcfStudentService.StudentServiceBehavior">-->
<service name="WcfStudentService.StudentService" behaviorConfiguration="jsonRestDefault">
<!--Garvit:Host Tag added-->
<host>
<baseAddresses>
<add baseAddress="http:/192.168.X.XXX"/>
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!--<endpoint address="" binding="webHttpBinding" contract="WcfStudentService.IStudentService">-->
<!--Garvit: Added below endpoint and commented above-->
<endpoint behaviorConfiguration="RESTFriendly" binding="webHttpBinding" contract="WcfStudentService.IStudentService">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="jsonRestDefault">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="RESTFriendly">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<defaultDocument>
<files>
<add value="StudentService.svc" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
The above service returns the result when I call it from WcfTestClient but when I browse my service URL on browser like(192.168.X.XXX:8282/IStudentService.svc/GetData) it throws 404 error.
I google and found these two below threads usefull:
Thread1
Thread2
But still its not working. Please help.
Any help

Windows Phone Error Handling: WCF with BasicHttpBinding and TransportWithMessageCredential

I have a WCF service that works as expected when providing proper credentials.
When I try to consume the service with wrong credentials, the service sends an MessageSecurityException error as expected, and I receive an error: "MessageSecurityException was unhandled by user code".
I'm not sure how to handle this exception, since it is raised in the Reference.cs file that is auto-generated and not really under my control:
References.cs
public string EndLogin(System.IAsyncResult result) {
object[] _args = new object[0];
string _result = ((string)(base.EndInvoke("Login", _args, result))); //Here is the error raised
return _result;
}
Ideal would be to check if the service has accepted the credentials instead of relying on an error raised, but have no idea how to check this.
Hope someone can help me, so my App don't have to crash on each wrong login ;)
Web.config : Service:
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5"/>
</system.web>
<system.serviceModel>
<services>
<service name="BiBasicService.SalesMarketingService">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpBinding"
contract="BiBasicService.ISalesMarketingService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
<!-- To enable custom Role validation -->
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="BiBasicService.Security.AuthorizationPolicy, BiBasicService" />
</authorizationPolicies>
</serviceAuthorization>
<!-- To enable custom Username and Password validator-->
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="BiBasicService.Security.CustomValidator, BiBasicService"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<!--
To browse web app root directory during debugging, set the value below to true.
Set to false before deployment to avoid disclosing web app folder information.
-->
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
ServiceReferences.ClientConfig : Client:
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISalesMarketingService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://PUBLICDOMAIN/BasicHttp/SalesMarketingService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISalesMarketingService"
contract="ServiceReference1.ISalesMarketingService" name="BasicHttpBinding_ISalesMarketingService" />
</client>
</system.serviceModel>
</configuration>

The MessageSecurityException: it's a binding error.
Make sure the binding configuration on server side and client side must match.
Please post the server side web.config and client side web.config

You may want to look into the IErrorHandler interface, which would allow you to handle the exception at a more “global level”. The IErrorHandler is an extension that allows explicitly control the behavior of the application when an exception is thrown, implement the IErrorHandler interface and add it to the Dispatcher’s ErrorHandlers property. IErrorHandler enables you to explicitly control the SOAP fault generated, decide whether to send it back to the client, and perform associated tasks, such as logging. Error handlers are called in the order in which they were added to the ErrorHandlers property.
http://msdn.microsoft.com/en-us/library/system.servicemodel.dispatcher.ierrorhandler.aspx
http://blogs.msdn.com/b/carlosfigueira/archive/2011/06/07/wcf-extensibility-ierrorhandler.aspx

WCF and SimpleMembershipProvider. How to manage users?

I have ASP.NET MVC 4 application with user authentication based on SimpleMemebershipProvider. Using Ms SQL database. Everything works fine. I can register new users, log in, log-out etc.
The problem is that I want to create Windows forms application which can connect to the server and after passing credentials it can validate if user exists in database (registered through MVC) and if so, do some stuff, for example change username or password. My idea is to use WCF service library. I know the basic idea of WCF or at least i hope so :) I know that there is possibility to authenticate users.
I was searching the web but i didn't found how to do this with simplememebership provider. I've also tried to write WCF Service library on my own and I've created something like this below but it doesn't work. When I'm testing and put wrong credentials it returns string "bad credentials" which is good. However when i type in valid credentials it shows me an error "NullReference exception" on line:
if (WebSecurity.Login(UserName, password, persistCookie: false)).
I don't think it's secure either :/
Can somebody explain me how to this or what I'm doing wrong ?? Or maybe there is better solution than WCF ?
Sevice1.cs
using System;
using System.Collections.Generic;
using System.Linq;
using System.Runtime.Serialization;
using System.ServiceModel;
using System.Text;
using WebMatrix.WebData;
using System.Web.Mvc;
namespace AR_WCF_Library
{
// NOTE: You can use the "Rename" command on the "Refactor" menu to change the class name "Service1" in both code and config file together.
public class Service1 : IService1
{
public string GetData(string UserName, string password)
{
WebSecurity.InitializeDatabaseConnection("MyDB", "UserProfile", "UserId", "UserName", autoCreateTables: false);
if (WebSecurity.Login(UserName, password, persistCookie: false))
{
return string.Format("Hello: {0}", UserName);
}
else
{
return "bad credentials";
}
}
}
}
App.config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<connectionStrings>
<add name="MyDB" connectionString="Data Source=SERWER\MORPHEUS;Initial Catalog=AOR;Integrated Security=True;Connect Timeout=15;Encrypt=False;TrustServerCertificate=False" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.web>
<compilation debug="true" />
<roleManager enabled="true" defaultProvider="SimpleRoleProvider">
<providers>
<clear/>
<add name="SimpleRoleProvider" type="WebMatrix.WebData.SimpleRoleProvider, WebMatrix.WebData"/>
</providers>
</roleManager>
<membership defaultProvider="SimpleMembershipProvider">
<providers>
<clear/>
<add name="SimpleMembershipProvider"
type="WebMatrix.WebData.SimpleMembershipProvider, WebMatrix.WebData"
enablePasswordReset="true" />
</providers>
</membership>
</system.web>
<!-- When deploying the service library project, the content of the config file must be added to the host's
app.config file. System.Configuration does not support config files for libraries. -->
<system.serviceModel>
<services>
<service name="AR_WCF_Library.Service1">
<host>
<baseAddresses>
<add baseAddress = "http://localhost:8733/Design_Time_Addresses/AR_WCF_Library/Service1/" />
</baseAddresses>
</host>
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address="" binding="wsHttpBinding" contract="AR_WCF_Library.IService1">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information,
set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="False" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

Add the following to the Web.config of whatever hosts your WCF service:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
</system.serviceModel>

Where to put MaxReceivedMessageSize property in WCF service's web.config file?

I need to change my web.config file and add the MaxReceivedMessageSize property in
my web.config - but where?
The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="false"><assemblies><add assembly="System.Data.Entity, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" /></assemblies></compilation>
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>

You need to define a binding configuration for the binding you want to use and then you need to define your services (on the server-side) and clients (on the client side) to use that binding and binding configuration:
<system.serviceModel>
<bindings>
<!-- pick whichever binding you want .... -->
<basicHttpBinding>
<!-- binding configuration with a name -->
<binding name="ExtendedMaxSize"
maxBufferSize="999999" maxReceivedMessageSize="999999" />
</basicHttpBinding>
</bindings>
<services>
<service name="Yournamespace.YourServiceClass" behaviorConfiguration="...">
<!-- define endpoint with your binding and the name of the binding configuration
that you have defined just above -->
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="ExtendedMaxSize"
contract="Yournamespace.IYourServiceContract" />
</service>
</services>

To help those who may end up here like I did.
I cannot add to the comments above yet (Usually someone already has the answers long before I have the problem), so I have to add an answer.
I have an MVC 4 app, and I suspect the initial sample above is from the web.config of the actual WCF service project. One of the comments mentions they suspect it is an MVC 4 app and the default config settings.
But how do you fix the problem? From more research, it appears that the change actually needs to be made to the web.config for the CLIENT, in other words, the web config for the project with the REFERENCE to the WCF service. You will find it is much easier to make the change there. That version of the web.config will actually resemble what you are looking for.
That worked easily for me and fixed my issue.

No need, contrary to often claimed, to set on the server.
Contrary to what MSDN is saying, it is not enough to set the limit on the transport binding element. Need to set on binding itself too.
For example:
var targetBinding = new BasicHttpsBinding();
targetBinding.MaxReceivedMessageSize = MaxWcfMessageSize;
targetBinding.MaxBufferPoolSize = MaxWcfMessageSize;
targetBinding.MaxBufferSize = MaxWcfMessageSize;
var targetBindingElements = targetBinding.CreateBindingElements();
var httpsBindElement = targetBindingElements.Find<HttpsTransportBindingElement>();
httpsBindElement.MaxReceivedMessageSize = MaxWcfMessageSize;
httpsBindElement.MaxBufferPoolSize = MaxWcfMessageSize;
httpsBindElement.MaxBufferSize = MaxWcfMessageSize;
TextMessageEncodingBindingElement tmbebe = targetBindingElements.Find<TextMessageEncodingBindingElement>();
tmbebe.ReaderQuotas.MaxArrayLength = MaxWcfMessageSize;