Okay so scenario goes like this :
I have multiple web applications, which consume a wcf service. and now i am making a change to wcf service to consume Sharepoint 2010 Web Service i.e. UserprofileService.asmx
Web Application - > WCF Service - > Sharepoint WebService
And the problem is if i use the below code in wcf service, it works fine with the Sharepoint Service, and i am able to access the methods available in sharepoint userprofile service, when i test the wcf service from my machine.
C#
service.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
service.ChannelFactory.Credentials.Windows.ClientCredential = System.Net.CredentialCache.DefaultNetworkCredentials;
Web.config
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
But i am no longer able to call the WCF Service from my web application as the web application uses the below.
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="">
<extendedProtectionPolicy policyEnforcement="Never"/>
</transport>
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/>
</security>
I need a way to configure WCF Service in such a way, that it still be able to talk with all the existing applications, and be able to talk to Sharepoint Service at the same time.
Most Importantly i want to use the service account(Ex: b2\deltaUser) under which WCF service runs to access the profiles of different users in share point userprofile service. Do i need to use impersonation ? If yes, how can i use it here.
The solution was easy. To create two separate bindings and that did the trick. :)
Related
Hi I was wondering if it is possible to access a WCF service by clicking a hyperlink like the following from a browser: https://MyServer/MyWebservice.svc/GetUpdate?id=10
Thanks in advance.
If you want to publish a Http-mode WCF service, you could refer to the following answer.
How can I use a WCF Service?
if you want to host the service via HTTPS protocol, you need to add the following configuration and set up a certificate in IIS.
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="mybinding">
<security mode="Transport">
<transport clientCredentialType="None"></transport>
</security>
</binding>
</webHttpBinding>
</bindings>
Feel free to let me know if there is anything I can help with.
I am currently using WCF to connect to our Java web services via the following configuration:
<bindings>
<basicHttpBinding>
<binding name="WebServicePortBindingHttp" maxReceivedMessageSize="500000">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://host:port/url" binding="basicHttpBinding" bindingConfiguration="WebServicePortBindingHttp" contract="Namespace.WSPort" name="WebServicePort" />
</client>
This is using normal HTTP. Even so, the server wouldn't authorize me until I manually added the WSSE headers using the method suggested in this answer. Once I started doing that, I was able to consume the web services without trouble.
On some of our environments, however, the server that my C# client must connect to uses HTTPS instead of HTTP. For this, the configuration given above does not work. To begin with, I had to change the security mode from TransportCredentialOnly to Transport, like so:
<binding name="WebServicePortBindingHttp" maxReceivedMessageSize="500000">
<security mode="Transport">
<transport clientCredentialType="Basic" proxyCredentialType="None" realm="" />
</security>
</binding>
I have tried numerous variations on these settings, however all that happens is the request times out. When I use Wireshark to trace the communication, I can see that the server is actually responding, but I can't interpret its response as the text appears garbled (I guess because it is encrypted).
This is what the binding configuration looks like that is automatically created by Visual Studio when I import the WSDL:
<customBinding>
<binding name="HTTPSoapBinding">
<textMessageEncoding messageVersion="Soap11" />
<httpsTransport />
</binding>
</customBinding>
But this still does not change the behaviour. It would appear that Microsoft and Oracle technologies do not simply interoperate.
Please advise.
I'm an idiot. There was something else causing the timeout! This configuration actually works:
<binding name="WebServicePortBindingHttp" maxReceivedMessageSize="500000">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
</security>
</binding>
Strangely enough, now that I have identified the cause of my timeout, the webservice seems to accept just about any value for clientCredentialType (so far I have tried None, Basic and Windows, and all of them work). Could anyone explain this?
I apologize if I wasted anyone's time with this question.
I am trying to connect to wcf server. My code works when both server and client on the same computer. However, when the client is set on a different machine it's not working.
I found a few answers that didn't help.
The problem I'm getting is: wcf server rejected client credentials
Here is part of the server config:
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
the client config:
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" />
<message clientCredentialType="Windows" />
</security>
client code:
_wcfClient = new wcfServiceClient(context, new NetTcpBinding(SecurityMode.Transport),
new EndpointAddress(#"net.tcp://" + host +
#":7919/wcfControl/name/"));
_wcfClient .Open();
I tried to change the server security to None, but then the server couldn't run.
The only solution did help is to insert on the client side server windows username and password. but I want to find a better solution.
Thanks ahead for the help
tl;dr
Below is the app.config from my class library which simplifies file manipulation in SharePoint. The endpoint addresses point at an arbitrary site but are set dynamically to the correct site when the library is used.
Will the DLL still work if the arbitrary address changes/ceases to exist?
Can I package my class library to dynamically add endpoint's and binding's to the project that references the library (Based on the site they interact with)?
Details
I created a class library in C# to simplify access to SharePoint sites via the Copy and Lists web services. By passing in the site URL and other data, the end user can easily upload, download, and manipulate files in SharePoint. When they pass the site URL, I dynamically set the Copy or Lists reference to use that URL. While this works out fine, I have two questions:
I must include a reference in the app.config/web.config to one SharePoint server to get the web service details when developing. If that URL changes or ceases to exist, then will my library fail?
Even though the DLL is included when referenced, the app.config containing the basicHttpBinding and endpoint addresses is not included. Is there a way to add that data in the web.config/app.config of the project that is using the class library?
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<appSettings>
</appSettings>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="CopySoap" maxReceivedMessageSize="419430400">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="ListsSoap">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.example.com/subsite/_vti_bin/copy.asmx"
binding="basicHttpBinding" bindingConfiguration="CopySoap"
contract="CopyService.CopySoap" name="CopySoap" />
<endpoint address="http://www.example.com/subsite/_vti_bin/Lists.asmx"
binding="basicHttpBinding" bindingConfiguration="ListsSoap"
contract="ListsService.ListsSoap" name="ListsSoap" />
</client>
</system.serviceModel>
</configuration>
Thanks for your time.
My Answers
If you are writing it in App.Config, there is no way it's hard coded. It's a config file. You can change it whenever you want and you do not need to rebuild your project. I hope for you are checking wheather the Site/Server exists before proceeding with functionality. If the server/site does not exist - handle it gracefully and show appropiate message so that a user can go and change the config file to point it to correct server
You can simply add the configs required for your service in the "Referenced Project"'s web or app.config. Since your DLL in running in the context of the Referenced Project, it would pcik the necessary values from its app/web.config
I have an ASP.NET web application which uses a WCF IIS-based backend service.
I can use Active Directory Authentication for the web application, but I would like to use it also on the WCF service (which is on another IIS server).
Is it possible to do this via configurations only?
Solved it.
In web app config set:
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
In WCF-part:
<bindings>
<basicHttpBinding>
<binding>
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Thing is i need to sleep more.