I have an ASP.NET web application which uses a WCF IIS-based backend service.
I can use Active Directory Authentication for the web application, but I would like to use it also on the WCF service (which is on another IIS server).
Is it possible to do this via configurations only?
Solved it.
In web app config set:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
In WCF-part:
<bindings>
<basicHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Thing is i need to sleep more.
Related
Hi I was wondering if it is possible to access a WCF service by clicking a hyperlink like the following from a browser: https://MyServer/MyWebservice.svc/GetUpdate?id=10
Thanks in advance.
If you want to publish a Http-mode WCF service, you could refer to the following answer.
How can I use a WCF Service?
if you want to host the service via HTTPS protocol, you need to add the following configuration and set up a certificate in IIS.
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="mybinding">
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
Feel free to let me know if there is anything I can help with.
The issue I'm having with the non-WCF client occurs after the secure connection is established, and the requested URL string is passed to the server. Instead of getting a 401 challenge, I get a 403 forbidden error. I have a WCF client that works with both the WsHTTPBinding and BasicHTTPBinding. After testing the WCF client, I can make it fail basic authentication by replacing CertificateName with an empty string in the following line of code prior to calling serviceProxy.CheckIn():
PermissiveCertificatePolicy.Enact(string.Format("CN={0}", CertificateName));
I'm guessing this is either an override forcing the client to accept the server certificate, or it somehow passes it's name to the server for identity validation.
So my question is does a WCF client pass the certificate name to the server during the request? And if so, where in the request string should I place it? And what would it look like?
web.config file bindings:
<wsHttpBinding>
<binding name="HIBridge_SSLBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" negotiateServiceCredential="True" establishSecurityContext="True"/>
</security>
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="HIBridge_BasicBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm=""/>
</security>
<readerQuotas maxStringContentLength="2147483647"/>
</binding>
</basicHttpBinding>
I have ASP.NET MVC 5 project, referenced a SOAP Service from one of our client. I added the service using Visual Studio and, it requires a username/password authentication.
Here is the configuration part for the SOAP reference from the Web.Config file.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SoapBinding">
<readerQuotas maxDepth="32" maxStringContentLength="65536" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="*** SOAP URL ***" binding="basicHttpBinding" bindingConfiguration="SoapBinding" contract="** ContactName**" name="name1">
<headers>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>** username**</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">** password**</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</headers>
</endpoint>
</client>
</system.serviceModel>
Then, I created Azure Cloud Project, and publish the project from Visual Studio, but unfortunately the Instance is keep recycling.
The moment, I remove the <System.ServiceModel>, and remove the SOAP reference and redeploy; the web application works fine.
The MVC project run perfectly on local referencing the SOAP service, and I am able to communicate with the SOAP service.
Note: I have RDC to the azure instance and browse the application from IIS, I can see the page is loading and result are displaying from the SOAP service, but the Instance is keep recycling on Azure dashboard; therefore it won't be accessed from outside.
Any help will be appreciated. Thank you!
I am currently using WCF to connect to our Java web services via the following configuration:
<bindings>
<basicHttpBinding>
<binding name="WebServicePortBindingHttp" maxReceivedMessageSize="500000">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://host:port/url" binding="basicHttpBinding" bindingConfiguration="WebServicePortBindingHttp" contract="Namespace.WSPort" name="WebServicePort" />
</client>
This is using normal HTTP. Even so, the server wouldn't authorize me until I manually added the WSSE headers using the method suggested in this answer. Once I started doing that, I was able to consume the web services without trouble.
On some of our environments, however, the server that my C# client must connect to uses HTTPS instead of HTTP. For this, the configuration given above does not work. To begin with, I had to change the security mode from TransportCredentialOnly to Transport, like so:
<binding name="WebServicePortBindingHttp" maxReceivedMessageSize="500000">
<security mode="Transport">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
</security>
</binding>
I have tried numerous variations on these settings, however all that happens is the request times out. When I use Wireshark to trace the communication, I can see that the server is actually responding, but I can't interpret its response as the text appears garbled (I guess because it is encrypted).
This is what the binding configuration looks like that is automatically created by Visual Studio when I import the WSDL:
<customBinding>
<binding name="HTTPSoapBinding">
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
</customBinding>
But this still does not change the behaviour. It would appear that Microsoft and Oracle technologies do not simply interoperate.
Please advise.
I'm an idiot. There was something else causing the timeout! This configuration actually works:
<binding name="WebServicePortBindingHttp" maxReceivedMessageSize="500000">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
</security>
</binding>
Strangely enough, now that I have identified the cause of my timeout, the webservice seems to accept just about any value for clientCredentialType (so far I have tried None, Basic and Windows, and all of them work). Could anyone explain this?
I apologize if I wasted anyone's time with this question.
I am trying to connect to wcf server. My code works when both server and client on the same computer. However, when the client is set on a different machine it's not working.
I found a few answers that didn't help.
The problem I'm getting is: wcf server rejected client credentials
Here is part of the server config:
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
the client config:
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
client code:
_wcfClient = new wcfServiceClient(context, new NetTcpBinding(SecurityMode.Transport),
new EndpointAddress(#"net.tcp://" + host +
#":7919/wcfControl/name/"));
_wcfClient .Open();
I tried to change the server security to None, but then the server couldn't run.
The only solution did help is to insert on the client side server windows username and password. but I want to find a better solution.
Thanks ahead for the help