I have a simple service and I try to set up authentication. On the client I want the user to enter their Windows user account. And the WCF will use the username/password provided by the client and authenticate them against Windows authentication.
Here is my server app.config
<system.serviceModel>
<services>
<service name="WcfService.Service1" behaviorConfiguration="WcfService.Service1Behavior">
<host>
<baseAddresses>
<add baseAddress = "http://localhost:8731/Design_Time_Addresses/WcfService/Service1/" />
</baseAddresses>
</host>
<endpoint address ="" binding="wsHttpBinding" contract="WcfService.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfService.Service1Behavior">
<serviceMetadata httpGetEnabled="True"/>
<serviceDebug includeExceptionDetailInFaults="True" />
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode = "Windows"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Here is my client app.config
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1">
<security mode = "Message">
<message clientCredentialType = "UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8731/Design_Time_Addresses/WcfService/Service1/"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="ServiceReference1.IService1" name="WSHttpBinding_IService1">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Here is my code on the client
ServiceReference1.Service1Client client = new WcfAuthentication.ServiceReference1.Service1Client();
client.ClientCredentials.UserName.UserName = "mywindowsusername";
client.ClientCredentials.UserName.Password = "mywindowsuserpassword";
Console.WriteLine(client.GetData(5));
But I'm always getting this exception :
{"Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. "}
{"The request for security token has invalid or malformed elements."}
It looks like you generated the service and client configuration separately (by hand). It usually is a good idea to generate the client configuration from the service using svcutil or Visual Studio's 'Add Service Reference'. This way you know that you get the client config that corresponds to the service config.
What you want is possible, but WCF doesn't allow you to transmit your username/password token in plain text when using wsHttpBinding. This means that you must either host your service using https or use a service certificate. Here's a post with some more details.
But I'm also wondering why you would want anything like this. It may be a better idea to use integrated Windows authentication. This is even the default setting for wsHttpBinding. This way you do not need your client(s) to enter their Windows username/password.
I think Windows Authentication with WsHttpBinding only works with https.
See this: http://msdn.microsoft.com/en-us/library/ff650619.aspx
binding.Security = new WSHttpSecurity{Mode = SecurityMode.None};
Related
web.config settings on the server:
<service name="ExporterWebService">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="IExporterWebService"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
and client app.config is:
<client>
<endpoint
address="https://sample.coom/webservice/rwar.svc"
binding="wsHttpBinding" bindingConfiguration="basicHttpBinding"
contract="IRIBExporterWebService.IExporterWebService"
name="BasicHttpBinding_IExporterWebService"/>
</client>
<basicHttpBinding>
<binding name="BasicHttpBinding_IExporterWebService" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
I am trying to test out WCF with SSL and seem to be missing something, I have done a ton of searching and can't seem to find what I'm missing with the config, I have a basic WCF service hosted in IIS, I also have a test client web application that is calling the WCF service.
Please help!!! :-)
You are supposed to type a wrong service address on the client-side when adding service reference.
The client would not generate a service endpoint created by Wshttpbinding when consuming a service created by Basichttpbiding.
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="IExporterWebService"/>
<endpoint
address="https://sample.coom/webservice/rwar.svc"
binding="wsHttpBinding" bindingConfiguration="basicHttpBinding"
contract="IRIBExporterWebService.IExporterWebService"
name="BasicHttpBinding_IExporterWebService"/>
Besides, the server uses an empty relative endpoint address, while your client-side has a webservice prefix.
<client>
<endpoint
address="https://sample.coom/webservice/rwar.svc"
binding="wsHttpBinding" bindingConfiguration="basicHttpBinding"
contract="IRIBExporterWebService.IExporterWebService"
name="BasicHttpBinding_IExporterWebService"/>
Moreover, please trust the server certificate to establish a secure connection before making a call.
i have a mistake, we have tow webservice by tow address on server, & I forgot set config https webService new on server
thank you all friends
I have a WCF Service hosted on a Windows Service that runs on the same network using its own credentials. Security is not important. However, speed and reliability are important.
So, I tried with a netTcpBinding binding. However, I noticed that when I reference the Service into the client. It adds to the configuration file the identity tag with the information of the account that the service is running on:
<identity>
<userPrincipalName value="account#domain" />
</identity>
I really don't want to have this in the client's configuration file, nor I want to pass it programmatically.
When I use instead a basicHttpBinding, I noticed that it does not add this tag. However, I still want to stick with net.tcp. So, my next try was to use a customBinding
So, here is where my problem is. I am not able to reference the custom binding to the client. Can someone verify my configuration? Also. Will this be enough to ignore completely the identity tag? If this is not the proper way, what would be the proper way? Thanks
<system.serviceModel>
<services>
<service name="LicenseServiceLogic.LicenseService">
<endpoint address="net.tcp://localhost:8000/LicenseService"
binding="myCustomBinding"
contract="LicenseServiceLogic.ILicenseService">
</endpoint>
</service>
</services>
<bindings>
<customBinding>
<binding name="myCustomBinding">
<compactMessageEncoding>
<binaryMessageEncoding/>
</compactMessageEncoding>
<tcpTransport listenBacklog ="100"
maxBufferPoolSize ="524288"
maxBufferSize ="2147483647"
maxReceivedMessageSize ="2147483647"/>
</binding>
</customBinding>
</bindings>
<client>
<endpoint binding="customBinding"
bindingConfiguration="myCustomBinding"
contract="IMetadataExchange"
name="http" />
</client>
</system.serviceModel>
First, the reason that we could not reference the custom binding to the client is we should add MEX service endpoint and enable the service metadata behavior. Like below,
<system.serviceModel>
<services>
<service name="VM1.MyService" behaviorConfiguration="mybehavior">
<endpoint address="" binding="netTcpBinding" contract="VM1.IService" bindingConfiguration="mybinding">
</endpoint>
<endpoint address="mex" binding="mexTcpBinding" contract="IMetadataExchange" ></endpoint>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:5566"/>
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="mybinding">
<security mode="None"></security>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="mybehavior">
<serviceMetadata />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Besides, if we don’t want to add the identity tag to the client configuration, just we need to do is to set the Security Mode to NONE. As shown above.
For Mex endpoint details.
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/metadata
Feel free to let me know if there is anything I can help with.
I have the following configuration file for WCF service. There is a host defined in the config. Still, when I print the service address from the client, it does not know about the host. The printed result is:
http://localhost:3187/Service1.svc/MyFolder
Why doesn’t it take into account the host name? What modification do we need to do for it?
Note: I am running from VS 2010 for running service and client website.
Service1Client myClientService = new Service1Client();
Response.Write(myClientService.Endpoint.Address);
Client Configuration (Autogenerated by Visual Studio)
<client>
<endpoint address="http://localhost:3187/Service1.svc/MyFolder"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="MyWCFReference.IService1" name="WSHttpBinding_IService1">
<identity>
<userPrincipalName value="U16990#ustr.com" />
</identity>
</endpoint>
</client>
The server side configuration is:
<services>
<!--MyService-->
<service name="MyWCFServiceApplication.MyService"
behaviorConfiguration="WeatherServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:80/ServiceModelSamples/FreeServiceWorld"/>
</baseAddresses>
</host>
<endpoint address="MyFolder"
binding="wsHttpBinding"
contract="MyWCFServiceApplication.IService1" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WeatherServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
When a WCF service is hosted in an ASP.NET process, through either IIS or the ASP.NET Development Server (a.k.a Cassini), the baseAddresses setting in the service's configuration file is ignored since the service will always be reachable through the URL of the SVC file.
The URL you're seeing on the client is therefore correct:
http://localhost:3187/Service1.svc/MyFolder
As you can see, the base address of the service becomes the URL of the SVC file on the web server.
You're talking about a WCF client - yet, the config you posted only contains config for a service (the server side) ... (the <services> section).
I can't see any client configuration in what you posted - there ought to be a <client> section in your config somewhere
My WCF service is being hosted as a Windows managed service, so I'm unsure of whether or not I can still use the netTcpBinding. I've tried following a couple of guides at MSDN, but for some reason my service always fails to start whenever I do the switch from basicHttpBinding. Perhaps there are additional steps that services outside of the IIS are required to undergo?
Yes you can host WCF service with netTcpBinding outside of IIS, in Windows service or even Console Application if you want to.
Here is config file sample:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceBehavior"
name="XX.XX.Service">
<endpoint address=""
binding="netTcpBinding"
bindingConfiguration="BindingConfiguration"
contract="XX.XX..IService" />
<endpoint address="mex"
binding="mexTcpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:8731/XXService" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<netTcpBinding>
<binding
name="BindingConfiguration">
<security mode="None" />
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
[Edit]
Problems with your config file:
base address is http instead of net.tcp
metadata endpoint is mexHttpBinding instead of metTcpBinding
security - by default windows authorization will be used, if test communication between to boxes, you might have permission problem. I suggest to start with security mode None and then adjust security when everything else works.
you don't need to specify httpGetEnabled for service behavior
if the port that you are going to use is already in use, you will not be able to start service
You absolutely can, and I'd go so far as to say you should.
Here's your problem:
<services>
<service name="Server.FileService" ...
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/Test/file"/>
</baseAddresses>
</host>
<endpoint address="" binding="netTcpBinding" contract="Server.IFile" />
<endpoint address="mex" binding="mexHttpBinding" ...
The net.tcp address must have a net.tcp:// prefix, not a http:// prefix.
I don't normally use baseAddress so can't give advice on that. I'd remove baseAddress and instead use
<endpoint address="net.tcp://localhost:8001/Test/file" ..
(note that I would also choose another port over 8000)
I don't understand what the problem is here. My wsHttpBinding works fine. Here is my configuration. Any help most appreciated.
<?xml version="1.0"?>
<configuration>
.....
<system.serviceModel>
<services>
<service behaviorConfiguration="DataService.Service1Behavior"
name="ODHdotNET.DataService">
<endpoint
address=""
binding="wsHttpBinding"
bindingConfiguration="largeTransferwsHttpBinding"
contract="ODHdotNET.IDataService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint
address="net.tcp://139.149.141.221:8001/DataService.svc"
binding="netTcpBinding"
contract="ODHdotNET.IDataService"/>
<endpoint
address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://139.149.141.221:8000/DataService.svc" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="largeTransferwsHttpBinding2"
maxReceivedMessageSize="5000000" maxBufferPoolSize="5000000">
<security mode ="Message">
<message clientCredentialType="UserName"/>
</security>
</binding>
<binding name="largeTransferwsHttpBinding"
maxReceivedMessageSize="5000000" maxBufferPoolSize="5000000" />
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="DataService.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
edit: I am self-hosting in a Windows Service; I am not using IIS.
do you mean that a WCF client throws this error ?
if so:
please run the follwing at the command prompt:
netstat -ona | find "8001"
if this returns data, please post it
You need to add TCP support to your IIS.
To enable TCP, MSMQ, or named pipes communication specifically, perform the additional step of configuring support for the associated protocol. For TCP communication, bind the default Web site to a net.tcp port by using the Appcmd command-line utility. Appcmd is an IIS utility that enables you to administer virtual sites, directories,applications, and application pools.
%windir%\system32\inetsrv\appcmd.exe set site "Default Web Site" -
+bindings.[protocol='net.tcp',bindingInformation='808:*']
To support the other protocols, run additional commands that enable those protocols for the default Web site. At this point, you have configured the net.tcp protocol at the site level.
%windir%\system32\inetsrv\appcmd.exe set app "Default Web Site/OrderServiceHost"
/enabledProtocols:http,net.tcp
Please look at these for more detail: Extend Your WCF Services Beyond HTTP With WAS
Hosting WCF Services in Windows Activation Service
Make sure the port is open in windows firewall
Make sure your host is running when you invoke methods in client application.