I'm developing a WCF service using transport security settings. When testing client proxy and calling service method I get following EndpointNotFoundException:
There was no endpoint listening at https://MyPC/AMTA.WebService/BroadcastInfoService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.
Inner exception:
The remote server returned an error: (404) Not Found.
I'm hosting my service through visual studio.
web.config for service:
<system.serviceModel>
<services>
<service name="AMTA.WebService.Broadcasts.BroadcastInfoService">
<endpoint address="/BroadcastInfoService.svc" binding="wsHttpBinding" contract="AMTA.WebService.Interface.Broadcasts.IBroadcastInfoService"/>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Config for client:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IBroadcastInfoService">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://MyPC/AMTA.WebService/BroadcastInfoService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IBroadcastInfoService"
contract="BroadcastInfoService.IBroadcastInfoService" name="WSHttpBinding_IBroadcastInfoService">
</endpoint>
</client>
</system.serviceModel>
I'm deploying using Web property page of the project to local IIS using this virtual directory:
https://MyPC:443/AMTA.WebService/
I can browse https://MyPC:443/AMTA.WebService/BroadcastInfoService.svc after hitting F5, which shows page with wsdl info. Though when I try to call methods on client proxy, endpoint not found exception is being thrown with following log details
System.ServiceModel.EndpointNotFoundException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The service '/AMTA.WebService/BroadcastInfoService.svc/' does not exist.
StackTrace
at System.ServiceModel.ServiceHostingEnvironment.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath, EventTraceActivity eventTraceActivity)
at System.ServiceModel.ServiceHostingEnvironment.EnsureServiceAvailableFast(String relativeVirtualPath, EventTraceActivity eventTraceActivity)
Https and Http host headers are enabled for IIS and Https is tied to self-signed certificate.
The culprit was missing
bindingConfiguration="TransportSecurity"
from endpoint element in web.config.
By the way you can meet security requirements by just using basicHttpsBinding, which is new to .Net 4.5. This will lead to a more concise xml configs. Which are from the devil anyways.
Related
I am trying to add transport security layer to my WCF service. But after following all the instructions i still get error "Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http]."
Already did all needed configurations in IIS Manager and add need code in web.config but i still have a feeling i am missing something
web.config:
<system.serviceModel>
<services>
<service name="MyNameSpace.MyService" behaviorConfiguration="secureBehavior">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="secureHttpBinding" contract="MyNameSpace.IMyService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="secureBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
There is no problem with your present configuration, configure an https endpoint and it uses Transport security mode. One more thing we need to do is configuring an https binding address in IIS binding module. Like below.
It locates in the IIS site binding module.
Then we could use the above https service address to access it.
https://IP:4431/Service1.svc (service base address)
Feel free to let me know if the problem still exists.
I have developed a .NET WCF service which uses basicHttp binding. This service is going to be hosted in IIS in an intranet and consumed by a non-Windows SAP PO client.
This service doesn't expose any sensitive information So I do not want to invest time on signing or encrypting messages. However, I also do not want the service to be accessed by anyone who knows the URL. so some form of authentication is required.
Can anyone please advise what would be the simplest way to authenticate my service?
UPDATE :
Thanks Keyur PATEL. I managed to host the service in IIS as per the link provided with security mode being set to "TransportCredentialOnly"
I enabled Basic Authentication in IIS
My windows client is able to subscribe the service however It receives below error when an operation is executed.
"The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'Basic realm="MY SERVER NAME"'.
Server Config
<?xml version="1.0"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="CustomAuthentication">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="Basic"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SecurityBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="SimpleService.UserNamePasswordAuthentification, App_Code/UserNameValidator"/>
</serviceCredentials>
<serviceMetadata httpGetEnabled="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="SecurityBehavior" name="SimpleService.SimpleService">
<endpoint address="SimpleService" binding="basicHttpBinding" bindingConfiguration="CustomAuthentication" contract="SimpleService.ISimpleService"/>
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080"/>
</baseAddresses>
</host>
</service>
</services>
</system.serviceModel>
<system.web>
<compilation debug="true"/>
</system.web>
</configuration>
Client Config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISimpleService">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://MYSERVERNAME:PORT/SimpleService.svc/SimpleService"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISimpleService"
contract="SimpleServiceDEV.ISimpleService" name="BasicHttpBinding_ISimpleService" />
</client>
</system.serviceModel>
</configuration>
I am creating a WCF service and exposing couple of end point. One is basicHttpBinding and another is wsHttpBinding. Once I publish this to ISS basicHttpBinding end point is working fine but wsHttpEndPoint is throwing error 400.
There are so many posts about 400 error with WCF like this but I cant resolve my issue.
Here is my configuration:
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehaviour">
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding">
<security mode="Transport" />
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="WsPlainBinding">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehaviour" name="WcfService.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding"
contract="WcfService.IService" />
<endpoint address="wshttp"
binding="wsHttpBinding" bindingConfiguration="WsPlainBinding"
contract="WcfService.IService" />
</service>
</services>
I am using the address from the wsdl generated from the service which is hosted in IIS. Still I cannot reach the end point from Visual Studio using Add Service Reference or from browser.
In IIS go to manage Website->Advance settings and edit enable protocol. Add ,https.
Hope this helps
I am learning WCF and i need to create a simple WCF service with a https binding. Need to have it as secure as possible.
So far i succeeded in creating a self-hosting wcf by using this guide:
Codeproject enable certificates on WCF
Managed to consume it, everything looks great. But the real problems appear when i try to host this in IIS 8. Local IIS, not IIS express.
I created a new wcf application in visual studio 2012, and in project's properties -> Web -> servers, i selected Local IIS, project URL: https://localhost/AdminService , Create virtual directory.
This added an application under Default Web Site in IIS Manager. The thing is, using the same web-config as my self-hosted app, roughly modified, did not work.
After altering it a bit, i got to this:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate"/>
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFServiceCertificate.SecureServiceBehavior"
name="AdminService.AdminService">
<!--<host>
<baseAddresses>
<add baseAddress="https://localhost:1234/AdminService" />
</baseAddresses>
</host>-->
<endpoint address="https://localhost/AdminService" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
contract="AdminServiceContract.IAdminService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
<!--<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />-->
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFServiceCertificate.SecureServiceBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
<serviceCertificate findValue="CertAdminService" storeLocation="LocalMachine"
storeName="My" x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
That CertAdminService certificate was not created with makecert, like i did in the self-hosted wcf, but i created it with iis manager's "create self-signed certificate".
Then, on Default Web Site -> bindings, i added a new binding, https, and selected this certificate.
The problem is, even if i choose browse (*:443) on default web site, or my application, i get the following error:
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.
Error code: ERR_SSL_PROTOCOL_ERROR
I have no idea what am i doing wrong. Also, having the mexHttpsBinding enabled, if i try to add service reference to another project, i can discover the service, but i get the following error:
"There was an error downloading 'https://localhost/AdminService/AdminService.svc/_vti_bin/ListData.svc/$metadata'.
The underlying connection was closed: An unexpected error occurred on a send.
The handshake failed due to an unexpected packet format.
Metadata contains a reference that cannot be resolved: 'https://localhost/AdminService/AdminService.svc'.
An error occurred while making the HTTP request to https://localhost/AdminService/AdminService.svc.
This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
The underlying connection was closed: An unexpected error occurred on a send.
The handshake failed due to an unexpected packet format.
If the service is defined in the current solution, try building the solution and adding the service reference again."
Any help will be much appreciated, i kind of ran out of ideas. According to other posts on stackoverflow that i've read, this should've work. Maybe i'm doing something wrong and i don't know what.
Thank you, and sorry for the long post.
Edit:
Here is the consuming client's web.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IAdminService">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/AdminService"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IAdminService"
contract="AdminServiceContract.IAdminService" name="WSHttpBinding_IAdminService" behaviorConfiguration="CustomBehavior">
<identity>
<dns value="WCfServer" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="CertAdminService" x509FindType="FindBySubjectName"
storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I have a self-hosted WCF service with netTcpBinding bindings. Both my servers and clients will all be in the same domain, so I'd like to use windows authentication, but I'd also like the clients to verify server credentials (to avoid an internal man-in-the-middle/dns tampering attack). I've read that the way to do this is to use an SPN, but I can't seem to get that to work; no matter what the spn is set to the client works (i.e. the server and client don't match, but the client connects anyway). Obviously I've got some kind of configuration error, but I'm not sure where. Here is the service config for the server:
<system.serviceModel>
<services>
<service name="AaaAuthService.AaaAuthService" behaviorConfiguration="AaaAuthServiceBehavior">
<endpoint address="" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IAaaAuth" contract="AAA.IAaaAuthService">
<!--
<identity>
<servicePrincipalName value="AaaShlkjhlkjjjjhhhhjjpn/justink-pc.sgasdf1.allamericanasphaltasdf.casdfom"/>
</identity>
-->
</endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:9000/IAaaAuthService"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="AaaAuthServiceBehavior">
<serviceThrottling maxConcurrentCalls="2147483647" maxConcurrentInstances="2147483647" maxConcurrentSessions="2147483647"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IAaaAuth" closeTimeout="00:00:20" openTimeout="00:00:10" receiveTimeout="00:00:10" sendTimeout="00:00:10" hostNameComparisonMode="StrongWildcard" maxConnections="2147483647">
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
</binding>
</netTcpBinding>
</bindings>
The windows credentials do seem to get passed in - OperationContext.Current.ServerSecurityContext.WindowsIdentity is populated with the account information.
What am I missing here?