I have a WCF service with NetNamedPipe for interprocess communication and I would like to add security on it. Everything works great without security, but when I am trying to use tranport security I am getting "InvalidCredentialException: The server has rejected the client credentials" exception. Can you please help me?
Code sample:
var netPipeBinding = new NetNamedPipeBinding() { MaxReceivedMessageSize = 2147483647, SendTimeout = TimeSpan.FromMinutes(10), ReceiveTimeout = TimeSpan.FromMinutes(10) };
netPipeBinding.ReaderQuotas.MaxDepth = 2147483647;
netPipeBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxArrayLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
netPipeBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
netPipeBinding.Security.Mode = NetNamedPipeSecurityMode.Transport;
netPipeBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
var host = new ServiceHost(typeof(MainService));
var netPipeEA = new EndpointAddress(new Uri("net.pipe://MyProject/ServerSide"));
var contractDescription = ContractDescription.GetContract(typeof (IMainService), typeof (MainService));
host.AddServiceEndpoint(new ServiceEndpoint(contractDescription, netPipeBinding, netPipeEA));
host.Opened += HostOnOpened;
host.Open();
...
...
private void HostOnOpened(object sender, EventArgs eventArgs)
{
var netPipeBinding = new NetNamedPipeBinding() { MaxReceivedMessageSize = 2147483647, SendTimeout = TimeSpan.FromMinutes(10), ReceiveTimeout = TimeSpan.FromMinutes(10) };
netPipeBinding.ReaderQuotas.MaxDepth = 2147483647;
netPipeBinding.ReaderQuotas.MaxStringContentLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxArrayLength = 2147483647;
netPipeBinding.ReaderQuotas.MaxBytesPerRead = 2147483647;
netPipeBinding.ReaderQuotas.MaxNameTableCharCount = 2147483647;
netPipeBinding.Security.Mode = NetNamedPipeSecurityMode.Transport;
netPipeBinding.Security.Transport.ProtectionLevel = ProtectionLevel.EncryptAndSign;
DuplexChannelFactory<IMainService> channelFactory = new DuplexChannelFactory<IMainService>(new InstanceContext(new CalbackHandler()), netPipeBinding,
new EndpointAddress(IMainService));
var proxy = channelFactory.CreateChannel();
proxy.DoPing();
}
Thank you
The machine name, in this case "localhost" because you are using named pipe should be defined in the EndpointAddress URI.
Related
I'm trying to activate transport security for a WCF Client-Server application.
It works fine on our test machine, but in the target environment the connection is always reset after what looks to me like a successful handshake:
Wireshark capture
I've tried deactivating the firewall, although the application worked fine without TLS, but it made no difference. I've also tried TLS1.1 and TLS1.0 but that made no difference either.
Here is the source code for the service host:
public void Start()
{
var binding = new NetTcpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
binding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
binding.ReliableSession.Enabled = true;
binding.ReliableSession.InactivityTimeout = TimeSpan.FromSeconds(30);
binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
binding.SendTimeout = TimeSpan.FromSeconds(5);
binding.MaxReceivedMessageSize = 64 * 1048576;
binding.ReaderQuotas.MaxArrayLength = 2147483647;
binding.ReaderQuotas.MaxStringContentLength = 2147483647;
this.host = new ServiceHost(
this,
new[] { new Uri(string.Format("net.tcp://{0}:{1}", this.hostname, this.port)) }
);
this.host.Description.Behaviors.Add(new ServiceDiscoveryBehavior());
this.host.AddServiceEndpoint(new UdpDiscoveryEndpoint());
this.host.AddServiceEndpoint(typeof(ILvsService), binding, "LvsService");
this.host.Credentials.ServiceCertificate.SetCertificate(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindBySubjectName,
this.hostname
);
this.host.Open();
}
And here is the client side:
public ServiceClient(string server, ushort port)
{
var binding = new NetTcpBinding(SecurityMode.Transport);
binding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
binding.Security.Transport.SslProtocols = System.Security.Authentication.SslProtocols.Tls12;
binding.MaxReceivedMessageSize = 64 * 1048576;
binding.ReaderQuotas.MaxArrayLength = 2147483647;
binding.ReaderQuotas.MaxStringContentLength = 2147483647;
binding.ReceiveTimeout = TimeSpan.FromSeconds(5);
binding.SendTimeout = TimeSpan.FromSeconds(5);
var context = new InstanceContext(this);
this.channelFactory = new DuplexChannelFactory<ILvsService>(
context,
binding,
new EndpointAddress(string.Format("net.tcp://{0}:{1}/LvsService", server, port))
);
}
The server is running as a service on a Windows Server 2016 VM with .NET Framework 4.7.2. The clients are running on Windows 10 machines also with .NET Framework 4.7.2.
I need to set by code the parameter
ServiceBehaviorAttribute
private static BasicHttpBinding getBinding()//BasicHttpBinding getBinding()
{
//WSHttpBinding binding = new WSHttpBinding();
//WSHttpBinding binding = new WSHttpBinding();
BasicHttpBinding binding = new BasicHttpBinding(BasicHttpSecurityMode.None);
binding.TextEncoding = System.Text.Encoding.UTF8;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReceiveTimeout = new TimeSpan(8, 0, 0);
binding.SendTimeout = new TimeSpan(8, 0, 0);
binding.MaxReceivedMessageSize = int.MaxValue;
binding.MaxBufferSize = int.MaxValue;
binding.MaxBufferPoolSize = int.MaxValue;
binding.ReaderQuotas.MaxDepth = 64;
binding.ReaderQuotas.MaxArrayLength = int.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = int.MaxValue;
return binding;
}
private static EndpointAddress getEndPoint()
{
EndpointAddress endPoint = new EndpointAddress(HTTP_SERVER);
return endPoint;
}
ConnectionToServer = new ConnectionToServer (getBinding(), new EndpointAddress(HTTP_SERVER));
Hot to insert in the ConnectionToServer this code ???
ServiceBehaviorAttribute sba = new ServiceBehaviorAttribute();
sba.MaxItemsInObjectGraph = int.MaxValue;
One thing is the endpoint configuration (i.e. the code you posted) and another completely different thing is the service behavior.
To set SBA.MaxItemsInObjectGraph you need to specify it in the execution behavior of the service contract which is done via a ServiceBehaviorAttribute in the WCF Service (not the client as your code implies).
i.e:
[ServiceBehavior(
InstanceContextMode = InstanceContextMode.Single,
ConcurrencyMode = ConcurrencyMode.Reentrant,
MaxItemsInObjectGraph = 34)]
public class WcfService : IDuplexService
{
//service implementation goes here
}
Here's how you can set MaxItemsInObjectGraph on a ChannelFactory:
DuplexChannelFactory<IService> cf = new DuplexChannelFactory<IService>(typeof(ServiceCallback), Server.ServerBinding(), ep);
foreach (OperationDescription operation in cf.Endpoint.Contract.Operations)
{
var dc = operation.Behaviors.Find<DataContractSerializerOperationBehavior>();
if (dc != null)
{
dc.MaxItemsInObjectGraph = int.MaxValue;
}
}
I create WCF application that used Azure Cloud Service.
Sometimes client catch TimeoutException About 3 times a day.
Now, Total of client amounts about 100 clients.So The 100 cleint access wcf server at the same time.
The setting is below.How do I optimize? or Do I mistake?
WorkerRols.cs
ServicePointManager.DefaultConnectionLimit = Int32.MaxValue;
var netTcpBinding = new NetTcpBinding();
netTcpBinding.Security.Mode = SecurityMode.Transport;
netTcpBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.None;
netTcpBinding.MaxBufferPoolSize = 314572800;
netTcpBinding.MaxReceivedMessageSize = 20971520;
netTcpBinding.MaxBufferSize = 20971520;
netTcpBinding.ListenBacklog = 2147483647;
netTcpBinding.MaxConnections = 2147483647;
netTcpBinding.ReceiveTimeout = new TimeSpan(0, 1, 0);
//binding.SendTimeout = new TimeSpan(0, 3, 0);
//binding.CloseTimeout = new TimeSpan(0, 3, 0);
netTcpBinding.ReliableSession.Enabled = true;
netTcpBinding.ReliableSession.InactivityTimeout = new TimeSpan(0, 1, 0);
ServiceThrottlingBehavior throttle;
throttle = host.Description.Behaviors.Find<ServiceThrottlingBehavior>();
if (throttle == null)
{
LogWriter.PutInfo(CLASSNAME, "throttle == null");
throttle = new ServiceThrottlingBehavior();
throttle.MaxConcurrentCalls = Int32.MaxValue;
throttle.MaxConcurrentSessions = Int32.MaxValue;
throttle.MaxConcurrentInstances = Int32.MaxValue;
host.Description.Behaviors.Add(throttle);
}
app.config
<system.net>
<connectionManagement>
<add address="*" maxconnection="65535"/>
</connectionManagement>
</system.net>
I want to get some ListItems of a SharePoint 2010 List with a Win8 App. Everything works fine when I set the Credentials manually like:
BasicHttpBinding basicHttpBinding = new BasicHttpBinding();
basicHttpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
EndpointAddress endpoint = new EndpointAddress("http://site1/site2/_vti_bin/Lists.asmx");
string listName = "{4e661b3b-d0a9-4440-b98f-3f3ef41a44a7}";
string viewName = "{f1ba8d46-ad36-40ef-b4bc-6f74ea87b5d7}";
string rowLimit = "25";
XElement ndQuery = new XElement("Query");
XElement ndViewFields = new XElement("ViewFields");
XElement ndQueryOptions = new XElement("QueryOptions");
MyService.ListsSoapClient client = new MyService.ListsSoapClient(basicHttpBinding, endpoint);
client.ClientCredentials.Windows.ClientCredential.UserName = "user";
client.ClientCredentials.Windows.ClientCredential.Password = "pw";
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
MyService.GetListItemsResponse response = await client.GetListItemsAsync(listName, viewName, ndQuery, ndViewFields, rowLimit, ndQueryOptions, null);
If I try to set the Credentials with the logged on Windows user i get the following Unauthorized error:
The HTTP request is unauthorized with client authentication scheme
'Negotiate'. The authentication header received from the server was
'Negotiate,NTLM'.
client.ClientCredentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
Can you help me?
try this (use default credentials instead of specific):
private ListsSoapClient CreateListsSoapClient(string siteUrl, string siteUserName, string sitePassword)
{
var basicHttpBinding = new BasicHttpBinding
{
CloseTimeout = new TimeSpan(00, 5, 00),
OpenTimeout = new TimeSpan(00, 5, 00),
ReceiveTimeout = new TimeSpan(00, 5, 00),
SendTimeout = new TimeSpan(00, 5, 00),
TextEncoding = Encoding.UTF8,
MaxReceivedMessageSize = int.MaxValue,
MaxBufferSize = int.MaxValue,
Security =
{
Mode = BasicHttpSecurityMode.TransportCredentialOnly
},
ReaderQuotas =
{
MaxArrayLength = int.MaxValue,
MaxBytesPerRead = int.MaxValue,
MaxStringContentLength = int.MaxValue
}
};
basicHttpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
var url = string.Format("{0}/_vti_bin/Lists.asmx", siteUrl);
var address = new EndpointAddress(url);
var listsSoapClient = new ListsSoapClient(basicHttpBinding, address);
listsSoapClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Delegation;
listsSoapClient.ChannelFactory.Credentials.Windows.ClientCredential = new NetworkCredential(siteUserName, sitePassword);
listsSoapClient.ChannelFactory.Credentials.Windows.AllowNtlm = true;
return listsSoapClient;
}
I am using WCF service in my WindowsApplication... when i was running the application both server and client, The server disconnected the connetion in few minutes.... How shall i reconnect the client automatically When Connection was aborted....
This is my Client code:
public void connecttoserver()
{
D:
try
{
EndpointAddress ea = new EndpointAddress(#"net.tcp://10.0.3.33:2222/ClsPCMain");
EndpointAddress ea = new EndpointAddress(StrAddress);
NetTcpBinding binding = new NetTcpBinding(SecurityMode.None, false);
binding.MaxBufferPoolSize = Int32.MaxValue;
binding.MaxReceivedMessageSize = Int32.MaxValue;
binding.PortSharingEnabled = true;
binding.ReceiveTimeout = TimeSpan.MaxValue;
binding.SendTimeout = TimeSpan.MaxValue;
binding.OpenTimeout = TimeSpan.MaxValue;
binding.CloseTimeout = TimeSpan.MaxValue;
binding.MaxReceivedMessageSize = Int32.MaxValue;
binding.MaxBufferPoolSize = Int32.MaxValue;
binding.MaxConnections = Int16.MaxValue;
binding.ReaderQuotas.MaxArrayLength = Int32.MaxValue;
binding.ReaderQuotas.MaxBytesPerRead = Int32.MaxValue;
binding.ReaderQuotas.MaxDepth = Int32.MaxValue;
binding.ReaderQuotas.MaxNameTableCharCount = Int32.MaxValue;
binding.ReaderQuotas.MaxStringContentLength = Int32.MaxValue;
binding.Security.Mode = SecurityMode.None;
ChannelFactory<InterfaceClass.IService> Client = new ChannelFactory<InterfaceClass.IService>(binding,ea);
InterfaceClass.IService serviceobj = Client.CreateChannel(ea);
clsStatus.connectstatus = false;
ClsPC objclsPc = serviceobj.PCInfoMethod(Environment.UserName, Environment.UserDomainName, Dns.GetHostName(), Dns.GetHostEntry(Dns.GetHostName()).AddressList[0].ToString());
if (objclsPc.imageid == 1)
{
clsStatus.FullSizeImage = true;
clsStatus.ThumbnailImage = false;
}
else
{
clsStatus.ThumbnailImage = true;
clsStatus.FullSizeImage = false;
}
Client.Close();
Client=null;
//serviceobj = null;
}
catch (Exception ex)
{
logobj.Write(ex);
}
}
This Is My Server Code:
public clsHostService()
{
string StrAddress = File.ReadAllText(AppDomain.CurrentDomain.BaseDirectory + "url2.txt");
ServiceHost host = new ServiceHost(typeof(clsService));
NetTcpBinding binding = new NetTcpBinding(SecurityMode.None, false);
ServiceEndpoint endpointinfo = host.AddServiceEndpoint(typeof(IService), binding, StrAddress);
endpointinfo.Binding.CloseTimeout = TimeSpan.MaxValue;
endpointinfo.Binding.OpenTimeout = TimeSpan.MaxValue;
endpointinfo.Binding.ReceiveTimeout = TimeSpan.MaxValue;
endpointinfo.Binding.SendTimeout = TimeSpan.MaxValue;
XmlDictionaryReaderQuotas BindingQuota = binding.ReaderQuotas;
BindingQuota.MaxArrayLength = Int32.MaxValue;
BindingQuota.MaxBytesPerRead = Int32.MaxValue;
BindingQuota.MaxDepth = Int32.MaxValue;
binding.MaxConnections = Int16.MaxValue;
binding.MaxBufferPoolSize = Int32.MaxValue;
binding.MaxBufferSize = Int32.MaxValue;
binding.MaxReceivedMessageSize = Int32.MaxValue;
binding.CloseTimeout = TimeSpan.MaxValue;
binding.OpenTimeout = TimeSpan.MaxValue;
binding.ReceiveTimeout = TimeSpan.MaxValue;
binding.SendTimeout = TimeSpan.MaxValue;
ServiceThrottlingBehavior throttlingBehavior =new ServiceThrottlingBehavior();
throttlingBehavior.MaxConcurrentCalls = Int32.MaxValue;
throttlingBehavior.MaxConcurrentInstances = Int32.MaxValue;
throttlingBehavior.MaxConcurrentSessions = Int32.MaxValue;
host.Description.Behaviors.Add(throttlingBehavior);
host.Open();
Console.WriteLine("Server Started");
Console.ReadLine();
}
Now How Shall i Connect to the client Automatically When server cuts the Connection?
Anyone Tell me The Solution of this Problem...
Thanks in Advance.....
I use something like this:
//Somewhere in the main
ConfigureWcf();
ConnectToServer();
//...
void ConnectToServer()
{
myService = new ServiceReference.ServiceClient(context);
myService.Open();
myService.InnerChannel.UnknownMessageReceived += InnerChannel_UnknownMessageReceived;
myService.InnerChannel.Closed += InnerChannel_Closed;
}
void StartConnecting()
{
//use 5 attempts to connect to server
ConnectToServer();
}
void InnerChannel_Closing(object sender, EventArgs e)
{
//Connection to server closed!
//Write to log
StartConnecting();
}
I don't completely understand your question, I'm afraid - your Winforms app is hosting the service, or is it the client calling a WCF service??
WCF doesn't typically use the concept of having a constant connection between client and server.
The client builds a client-side proxy on which is calls methods that the server exposes. Basically, each call is independant of all the others - a connection only exists between the client and the server for the duration of the call. The connection isn't always up - it's only in place when a call is actually happening.
So I don't completely understand what you want to "reconnect" - there is not always-on connection in the first place.
What can happen is that if an exception happens on the server side and isn't caught and handled properly, then the client-side proxy can become invalid. In WCF terms, the "channel" between the client and the server has been "faulted" , e.g. has become unusable. If you were to call the server again with a client-side proxy in a faulted state, you'd receive a client-side exception.
You can check for a faulted channel state on the client-side proxy before making a call with this code:
if(client.State == CommunicationState.Faulted)
{
client = new YourServiceClient();
}
if the channel is indeed faulted, then you need to re-create the proxy again and you should be back in business.