Been wasting a full day arround this problem.
This had never happen to me before.
My service is working in an Azure machine.
I'm trying to generate a .svclog file to trace whats causing my ios app not being able to login on https, but the svclog file is not being generated.
I tried to use fiddler to capture the requests but i get nothing when i try to login by the app.
If I try to use the app with http address im able to login but the svclog is also not generated.
If I use tcptrace i can see a request and an answer but it is encrypted.
I have given permissions to "Everyone" on the folder at c:\logs\
any idea what i might be missing here? is there some sort of pre requirement to make the tracer work
This is my system diagnostics in web.Config:
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging" switchValue="Verbose">
<listeners>
<add type="System.Diagnostics.DefaultTraceListener" name="Default">
<filter type="" />
</add>
<add initializeData="c:\logs\myMessages.svclog" type="System.Diagnostics.XmlWriterTraceListener"
name="messagelistener" traceOutputOptions="DateTime, Timestamp">
<filter type="" />
</add>
</listeners>
</source>
</sources>
<sharedListeners>
<add initializeData="C:\logs\Traces.svclog" type="System.Diagnostics.XmlWriterTraceListener"
name="xmlTraceListener" traceOutputOptions="Timestamp">
<filter type="" />
</add>
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
I am trying to sign in to Tomcat manager and host-manager webapps which I have hosted on Amazon Web Service.
Even after entering the correct password in the popup, the pop up keeps showing and if I cancel it, then I am redirected to 401 error page
I have updated /etc/tomcat8/tomcat-users.xml correctly.
It stopped working after I added <Context path="" docBase="mywebapp" debug="0" privileged="true" /> inside server.xml
/etc/tomcat8/tomcat-users.xml
<role rolename="manager-gui"/>
<user username="supermanager" password="superpassword" roles="manager-gui" />
<role rolename="admin-gui"/>
<user username="superadmin" password="superpassword" roles="admin-gui"/>
</tomcat-users>
server.xml
<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8080" proxyPort="80" protocol="HTTP/1.1"
connectionTimeout="20000"
URIEncoding="UTF-8"
redirectPort="8443" />
<Engine name="Catalina" defaultHost="MYDOMAIN.COM">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<Host name="MYDOMAIN.COM" appBase="webapps"
unpackWARs="true" autoDeploy="true">
<Context path="" docBase="mywebapp" debug="0" privileged="true" />
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
</Host>
</Engine>
</Service>
</Server>
/etc/tomcat8/Catalina/localhost/manager.xml(host-manager.xml)
/etc/tomcat8/Catalina/MYDOMAIN.COM/manager.xml(host-manager.xml)
<Context path="/manager"
docBase="/usr/share/tomcat8-admin/manager"
antiResourceLocking="false" privileged="true" />
All I did was tried to login using Google Chrome instead of Firefox and VOILA!
It worked!!!
I see there are quite a few questions regarding this particular problem. I have spent a day and a half trying all the different suggestions. None so far have worked for me and I'm at a loss as to what to do next. So I'm appealing to the vast knowledge base found here with the hopes that somebody will see the problem and help me out. At one time, a couple of years ago, I had this all working for me, several PCs ago. But when I had to change to a new PC, I was unable to make it work then or any time since but was able to work around it. Now I need to resolve this for a current assignment.
I have a SOAP WCF WebService running in IIS (not IIS Express) on my local machine.
I created an App Pool. Basic Settings are .NET Framework v4.0.30319 with Integrated pipeline mode. Advanced settings have Identity set to ApplicationPoolIdentity.
I created a website (not using the default website.)
Two bindings defined:
We have a client and a Service self-signed certs that we use for development and QA. I have the Service cert assigned to the https binding. The webservice communicates to another wcf service via net.tcp.
In the basic settings, I have defined the physical path to c:\inetpub\websitename. In order to connect successfully, using Test Settings..., I had to connect as a Specific User, using my network domain userid and password. I haven't yet found a way to get around that.
In Advanced Settings.... Application Pool is set to the app pool I created. Physical path is c:\inetpub\wwwroot\websitename. Enabled Protocols set to http,net.tcp.
I am able to browse successfully to the website.
Here is the web.config for the web service:
<system.serviceModel>
<client>
<endpoint address="net.tcp://10.100.13.28:8102/Acord/201307" behaviorConfiguration="NetTcpCertificatesBehavior" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" contract="AcordContract.IAcordService201307" name="AcordEndpoint">
<identity>
<certificateReference findValue="7da522dd75f3fca2687837b7b67e117a8700ec62" isChainIncluded="false" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
<!--<dns value="localhost" />-->
</identity>
</endpoint>
<endpoint address="net.tcp://qaschedapp:8002/IMS/201210" behaviorConfiguration="NetTcpCertificatesBehavior" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" contract="IdentityManagementContract.IIdentityManagementService201210" name="IMSEndpoint">
<identity>
<certificateReference findValue="7da522dd75f3fca2687837b7b67e117a8700ec62" isChainIncluded="false" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
</identity>
</endpoint>
</client>
<services>
<service name="AcordWebService.AcordWebService" behaviorConfiguration="Visible">
<endpoint address="" binding="basicHttpsBinding" contract="AcordWebService.IAcordWebService201307" bindingConfiguration="BasicHttpsBinding">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="https://10.100.13.28:51448/" />
</baseAddresses>
</host>
<!--binding for clients outside the firewall calling from C# with WCF using certs -->
<endpoint address="net.tcp://10.100.13.28:8122/AcordWebService.svc" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" name="NetTcpCertificatesEndpoint" contract="AcordWSContract.IAcordWSService201309">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="NetTcpCertificatesBehavior">
<clientCredentials>
<clientCertificate findValue="631f5a67a9a70bc78540bb809e73fd1dbd00bbeb" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="Visible">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" httpGetUrl=""/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="7da522dd75f3fca2687837b7b67e117a8700ec62" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
<clientCertificate>
<certificate findValue="631f5a67a9a70bc78540bb809e73fd1dbd00bbeb" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpsBinding>
<!--binding for clients within the firewall but calling the old style soap service-->
<binding name="BasicHttpsBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpsBinding>
<netTcpBinding>
<binding name="NetTcpCertificatesBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<!--<readerQuotas maxDepth="32" maxStringContentLength="65535" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />-->
<!--<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />-->
<security>
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
<protocolMapping>
<add binding="wsHttpBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
Here is the full error I am receiving when trying to add a service to the WCF Test Client:
Error: Cannot obtain Metadata from https://10.100.13.28:51448/AcordWebService.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: https://10.100.13.28:51448/AcordWebService.svc Metadata contains a reference that cannot be resolved: 'https://10.100.13.28:51448/AcordWebService.svc'. Could not establish trust relationship for the SSL/TLS secure channel with authority '10.100.13.28:51448'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: https://10.100.13.28:51448/AcordWebService.svc There was an error downloading 'https://10.100.13.28:51448/AcordWebService.svc'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
Lastly, to fill in a few holes in the information:
Any and all help will be appreciated if I'm able to finally resolve this problem.
Thanks in advance.
Here is how I solved my problem:
First, I had to turn on logging in my web.config:
<system.serviceModel>
<diagnostics>
<messageLogging maxMessagesToLog="30000" logEntireMessage="true"
logMessagesAtServiceLevel="true"
logMalformedMessages="true"
logMessagesAtTransportLevel="true"
maxSizeOfMessageToLog="65535000">
</messageLogging>
</diagnostics>
</system.serviceModel>
<system.diagnostics>
<sources>
<source name="System.ServiceModel"
switchValue="Verbose, ActivityTracing"
propagateActivity="true">
<listeners>
<add name="traceListener" />
</listeners>
</source>
</sources>
<sharedListeners>
<add name="traceListener"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="c:\logs\Traces.svclog" />
</sharedListeners>
<trace autoflush="true" />
</system.diagnostics>
Then checking the generated log I finally discovered that my web service's constructor was failing attempting to initialize NLog. Ultimately, I discovered that NLog was attempting to write to EventLog for which it did not have permissions. I followed the instructions found here except that I granted the permissions to the IIS AppPool user. This solved my problem.
I want to compress my files using GZIP. Can you share the web.config code for compressing files with GZIP?
Is there anything more that I have to do after uploading my web.config file?
GZip Compression can be enabled directly through IIS.
First, open up IIS,
go to the website you are hoping to tweak and hit the Compression page. If Gzip is not installed, you will see something like the following:
“The dynamic content compression module is not installed.” We should fix this. So we go to the “Turn Windows features on or off” and select “Dynamic Content Compression” and click the OK button.
Now if we go back to IIS, we should see that the compression page has changed. At this point we need to make sure the dynamic compression checkbox is checked and we’re good to go. Compression is enabled and our dynamic content will be Gzipped.
Testing - Check if GZIP Compression is Enabled
To test whether compression is working or not, use the developer tools in Chrome or Firebug for Firefox and ensure the HTTP response header is set:
Content-Encoding: gzip
If anyone runs across this and is looking for a bit more up-to-date answer or copy-paste answer or answer targeting multiple versions than JC Raja's post, here's what I've found:
Google's got a pretty solid, easy-to-understand introduction to how this works and what is advantageous and not.
https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/optimize-encoding-and-transfer
They recommend the HTML5 Boilerplate project, which has solutions for different versions of IIS:
.NET version 3
.NET version 4
.NET version 4.5 / MVC 5
Available here: https://github.com/h5bp/server-configs-iis
They have web.configs that you can copy and paste changes from theirs to yours and see the changes, much easier than digging through a bunch of blog posts.
Here's the web.config settings for .NET version 4.5:
https://github.com/h5bp/server-configs-iis/blob/master/dotnet%204.5/MVC5/Web.config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="webpages:Version" value="3.0.0.0" />
<add key="webpages:Enabled" value="false" />
<add key="ClientValidationEnabled" value="true" />
<add key="UnobtrusiveJavaScriptEnabled" value="true" />
</appSettings>
<system.web>
<!--
Set compilation debug="true" to insert debugging
symbols into the compiled page. Because this
affects performance, set this value to true only
during development.
-->
<compilation debug="true" targetFramework="4.5" />
<!-- Security through obscurity, removes X-AspNet-Version HTTP header from the response -->
<!-- Allow zombie DOS names to be captured by ASP.NET (/con, /com1, /lpt1, /aux, /prt, /nul, etc) -->
<httpRuntime targetFramework="4.5" requestValidationMode="2.0" requestPathInvalidCharacters="" enableVersionHeader="false" relaxedUrlToFileSystemMapping="true" />
<!-- httpCookies httpOnlyCookies setting defines whether cookies
should be exposed to client side scripts
false (Default): client side code can access cookies
true: client side code cannot access cookies
Require SSL is situational, you can also define the
domain of cookies with optional "domain" property -->
<httpCookies httpOnlyCookies="true" requireSSL="false" />
<trace writeToDiagnosticsTrace="false" enabled="false" pageOutput="false" localOnly="true" />
</system.web>
<system.webServer>
<!-- GZip static file content. Overrides the server default which only compresses static files over 2700 bytes -->
<httpCompression directory="%SystemDrive%\websites\_compressed" minFileSizeForComp="1024">
<scheme name="gzip" dll="%Windir%\system32\inetsrv\gzip.dll" />
<staticTypes>
<add mimeType="text/*" enabled="true" />
<add mimeType="message/*" enabled="true" />
<add mimeType="application/javascript" enabled="true" />
<add mimeType="application/json" enabled="true" />
<add mimeType="*/*" enabled="false" />
</staticTypes>
</httpCompression>
<httpErrors existingResponse="PassThrough" errorMode="Custom">
<!-- Catch IIS 404 error due to paths that exist but shouldn't be served (e.g. /controllers, /global.asax) or IIS request filtering (e.g. bin, web.config, app_code, app_globalresources, app_localresources, app_webreferences, app_data, app_browsers) -->
<remove statusCode="404" subStatusCode="-1" />
<error statusCode="404" subStatusCode="-1" path="/notfound" responseMode="ExecuteURL" />
<remove statusCode="500" subStatusCode="-1" />
<error statusCode="500" subStatusCode="-1" path="/error" responseMode="ExecuteURL" />
</httpErrors>
<directoryBrowse enabled="false" />
<validation validateIntegratedModeConfiguration="false" />
<!-- Microsoft sets runAllManagedModulesForAllRequests to true by default
You should handle this according to need but consider the performance hit.
Good source of reference on this matter: http://www.west-wind.com/weblog/posts/2012/Oct/25/Caveats-with-the-runAllManagedModulesForAllRequests-in-IIS-78
-->
<modules runAllManagedModulesForAllRequests="false" />
<urlCompression doStaticCompression="true" doDynamicCompression="true" />
<staticContent>
<!-- Set expire headers to 30 days for static content-->
<clientCache cacheControlMode="UseMaxAge" cacheControlMaxAge="30.00:00:00" />
<!-- use utf-8 encoding for anything served text/plain or text/html -->
<remove fileExtension=".css" />
<mimeMap fileExtension=".css" mimeType="text/css" />
<remove fileExtension=".js" />
<mimeMap fileExtension=".js" mimeType="text/javascript" />
<remove fileExtension=".json" />
<mimeMap fileExtension=".json" mimeType="application/json" />
<remove fileExtension=".rss" />
<mimeMap fileExtension=".rss" mimeType="application/rss+xml; charset=UTF-8" />
<remove fileExtension=".html" />
<mimeMap fileExtension=".html" mimeType="text/html; charset=UTF-8" />
<remove fileExtension=".xml" />
<mimeMap fileExtension=".xml" mimeType="application/xml; charset=UTF-8" />
<!-- HTML5 Audio/Video mime types-->
<remove fileExtension=".mp3" />
<mimeMap fileExtension=".mp3" mimeType="audio/mpeg" />
<remove fileExtension=".mp4" />
<mimeMap fileExtension=".mp4" mimeType="video/mp4" />
<remove fileExtension=".ogg" />
<mimeMap fileExtension=".ogg" mimeType="audio/ogg" />
<remove fileExtension=".ogv" />
<mimeMap fileExtension=".ogv" mimeType="video/ogg" />
<remove fileExtension=".webm" />
<mimeMap fileExtension=".webm" mimeType="video/webm" />
<!-- Proper svg serving. Required for svg webfonts on iPad -->
<remove fileExtension=".svg" />
<mimeMap fileExtension=".svg" mimeType="image/svg+xml" />
<remove fileExtension=".svgz" />
<mimeMap fileExtension=".svgz" mimeType="image/svg+xml" />
<!-- HTML4 Web font mime types -->
<!-- Remove default IIS mime type for .eot which is application/octet-stream -->
<remove fileExtension=".eot" />
<mimeMap fileExtension=".eot" mimeType="application/vnd.ms-fontobject" />
<remove fileExtension=".ttf" />
<mimeMap fileExtension=".ttf" mimeType="application/x-font-ttf" />
<remove fileExtension=".ttc" />
<mimeMap fileExtension=".ttc" mimeType="application/x-font-ttf" />
<remove fileExtension=".otf" />
<mimeMap fileExtension=".otf" mimeType="font/opentype" />
<remove fileExtension=".woff" />
<mimeMap fileExtension=".woff" mimeType="application/font-woff" />
<remove fileExtension=".crx" />
<mimeMap fileExtension=".crx" mimeType="application/x-chrome-extension" />
<remove fileExtension=".xpi" />
<mimeMap fileExtension=".xpi" mimeType="application/x-xpinstall" />
<remove fileExtension=".safariextz" />
<mimeMap fileExtension=".safariextz" mimeType="application/octet-stream" />
<!-- Flash Video mime types-->
<remove fileExtension=".flv" />
<mimeMap fileExtension=".flv" mimeType="video/x-flv" />
<remove fileExtension=".f4v" />
<mimeMap fileExtension=".f4v" mimeType="video/mp4" />
<!-- Assorted types -->
<remove fileExtension=".ico" />
<mimeMap fileExtension=".ico" mimeType="image/x-icon" />
<remove fileExtension=".webp" />
<mimeMap fileExtension=".webp" mimeType="image/webp" />
<remove fileExtension=".htc" />
<mimeMap fileExtension=".htc" mimeType="text/x-component" />
<remove fileExtension=".vcf" />
<mimeMap fileExtension=".vcf" mimeType="text/x-vcard" />
<remove fileExtension=".torrent" />
<mimeMap fileExtension=".torrent" mimeType="application/x-bittorrent" />
<remove fileExtension=".cur" />
<mimeMap fileExtension=".cur" mimeType="image/x-icon" />
<remove fileExtension=".webapp" />
<mimeMap fileExtension=".webapp" mimeType="application/x-web-app-manifest+json; charset=UTF-8" />
</staticContent>
<httpProtocol>
<customHeaders>
<!--#### SECURITY Related Headers ###
More information: https://www.owasp.org/index.php/List_of_useful_HTTP_headers
-->
<!--
# Access-Control-Allow-Origin
The 'Access Control Allow Origin' HTTP header is used to control which
sites are allowed to bypass same-origin policies and send cross-origin requests.
Secure configuration: Either do not set this header or return the 'Access-Control-Allow-Origin'
header restricting it to only a trusted set of sites.
http://enable-cors.org/
<add name="Access-Control-Allow-Origin" value="*" />
-->
<!--
# Cache-Control
The 'Cache-Control' response header controls how pages can be cached
either by proxies or the user's browser.
This response header can provide enhanced privacy by not caching
sensitive pages in the user's browser cache.
<add name="Cache-Control" value="no-store, no-cache"/>
-->
<!--
# Strict-Transport-Security
The HTTP Strict Transport Security header is used to control
if the browser is allowed to only access a site over a secure connection
and how long to remember the server response for, forcing continued usage.
Note* Currently a draft standard which only Firefox and Chrome support. But is supported by sites like PayPal.
<add name="Strict-Transport-Security" value="max-age=15768000"/>
-->
<!--
# X-Frame-Options
The X-Frame-Options header indicates whether a browser should be allowed
to render a page within a frame or iframe.
The valid options are DENY (deny allowing the page to exist in a frame)
or SAMEORIGIN (allow framing but only from the originating host)
Without this option set, the site is at a higher risk of click-jacking.
<add name="X-Frame-Options" value="SAMEORIGIN" />
-->
<!--
# X-XSS-Protection
The X-XSS-Protection header is used by Internet Explorer version 8+
The header instructs IE to enable its inbuilt anti-cross-site scripting filter.
If enabled, without 'mode=block', there is an increased risk that
otherwise, non-exploitable cross-site scripting vulnerabilities may potentially become exploitable
<add name="X-XSS-Protection" value="1; mode=block"/>
-->
<!--
# MIME type sniffing security protection
Enabled by default as there are very few edge cases where you wouldn't want this enabled.
Theres additional reading below; but the tldr, it reduces the ability of the browser (mostly IE)
being tricked into facilitating driveby attacks.
http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx
-->
<add name="X-Content-Type-Options" value="nosniff" />
<!-- A little extra security (by obscurity), removings fun but adding your own is better -->
<remove name="X-Powered-By" />
<add name="X-Powered-By" value="My Little Pony" />
<!--
With Content Security Policy (CSP) enabled (and a browser that supports it (http://caniuse.com/#feat=contentsecuritypolicy),
you can tell the browser that it can only download content from the domains you explicitly allow
CSP can be quite difficult to configure, and cause real issues if you get it wrong
There is website that helps you generate a policy here http://cspisawesome.com/
<add name="Content-Security-Policy" "default-src 'self'; style-src 'self' 'unsafe-inline'; script-src 'self' https://www.google-analytics.com;" />
-->
<!--//#### SECURITY Related Headers ###-->
<!--
Force the latest IE version, in various cases when it may fall back to IE7 mode
github.com/rails/rails/commit/123eb25#commitcomment-118920
Use ChromeFrame if it's installed for a better experience for the poor IE folk
-->
<add name="X-UA-Compatible" value="IE=Edge,chrome=1" />
<!--
Allow cookies to be set from iframes (for IE only)
If needed, uncomment and specify a path or regex in the Location directive
<add name="P3P" value="policyref="/w3c/p3p.xml", CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"" />
-->
</customHeaders>
</httpProtocol>
<!--
<rewrite>
<rules>
Remove/force the WWW from the URL.
Requires IIS Rewrite module http://learn.iis.net/page.aspx/460/using-the-url-rewrite-module/
Configuration lifted from http://nayyeri.net/remove-www-prefix-from-urls-with-url-rewrite-module-for-iis-7-0
NOTE* You need to install the IIS URL Rewriting extension (Install via the Web Platform Installer)
http://www.microsoft.com/web/downloads/platform.aspx
** Important Note
using a non-www version of a webpage will set cookies for the whole domain making cookieless domains
(eg. fast CD-like access to static resources like CSS, js, and images) impossible.
# IMPORTANT: THERE ARE TWO RULES LISTED. NEVER USE BOTH RULES AT THE SAME TIME!
<rule name="Remove WWW" stopProcessing="true">
<match url="^(.*)$" />
<conditions>
<add input="{HTTP_HOST}" pattern="^(www\.)(.*)$" />
</conditions>
<action type="Redirect" url="http://example.com{PATH_INFO}" redirectType="Permanent" />
</rule>
<rule name="Force WWW" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^example.com$" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:0}" redirectType="Permanent" />
</rule>
# E-TAGS
E-Tags are actually quite useful in cache management especially if you have a front-end caching server such as Varnish. http://en.wikipedia.org/wiki/HTTP_ETag / http://developer.yahoo.com/performance/rules.html#etags
But in load balancing and simply most cases ETags are mishandled in IIS, and it can be advantageous to remove them.
# removed as in https://stackoverflow.com/questions/7947420/iis-7-5-remove-etag-headers-from-response
<rewrite>
<outboundRules>
<rule name="Remove ETag">
<match serverVariable="RESPONSE_ETag" pattern=".+" />
<action type="Rewrite" value="" />
</rule>
</outboundRules>
</rewrite>
-->
<!--
### Built-in filename-based cache busting
In a managed language such as .net, you should really be using the internal bundler for CSS + js
or get cassette or similar.
If you're not using the build script to manage your filename version revving,
you might want to consider enabling this, which will route requests for
/css/style.20110203.css to /css/style.css
To understand why this is important and a better idea than all.css?v1231,
read: github.com/h5bp/html5-boilerplate/wiki/Version-Control-with-Cachebusting
<rule name="Cachebusting">
<match url="^(.+)\.\d+(\.(js|css|png|jpg|gif)$)" />
<action type="Rewrite" url="{R:1}{R:2}" />
</rule>
</rules>
</rewrite>-->
</system.webServer>
<runtime>
<assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
<dependentAssembly>
<assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-5.0.0.0" newVersion="5.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.Optimization" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.1.0.0" newVersion="1.1.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
</dependentAssembly>
<dependentAssembly>
<assemblyIdentity name="WebGrease" publicKeyToken="31bf3856ad364e35" />
<bindingRedirect oldVersion="1.0.0.0-1.5.2.14234" newVersion="1.5.2.14234" />
</dependentAssembly>
</assemblyBinding>
</runtime>
</configuration>
Edit: One update if you need Gzip compression on WebAPI responses.
I wasn't aware our WebAPI wasn't returning Gzipped responses until recently and scratched my head for a while because we had dynamic and static compression turned on in web.config. We looked at writing our own compression services and response handlers (still on WebAPI 2 not on .NET Core where it's easier now), but that was too cumbersome for what seemed like something we should just be able to turn on.
(If you're interested here's what we were looking at for our own compression service https://krzysztofjakielaszek.com/2017/03/26/webapi2-response-compression-gzip-brotli-deflate/
EDIT: Link is now offline, but you can view the code/content here: https://web.archive.org/web/20190608161201/https://krzysztofjakielaszek.com/2017/03/26/webapi2-response-compression-gzip-brotli-deflate/ )
Instead, we found this great post by Ben Foster (http://benfoster.io/blog/aspnet-web-api-compression)
If you can modify applicationHost.config (running your own servers), you can pop that config file open and add the mimeTypes you want to compress (I pulled the relevant ones based on what our API was returning to clients from our Web.Config). Save that file, IIS will pickup your changes, recycle app pools, and your WebAPI will start returning gzip compressed responses to clients who request it.
If you don't see gzipped responses, check the response content type with Fiddler or Chrome/Firefox Dev Tools, and ensure it matches what you added. I had to change the view mode (use large request rows) in Chrome Dev Tools to ensure it showed the total size vs transferred size. If everything validates, try rebooting the server once to just ensure it was properly applied. I did have one syntax error where when I opened up the site in IIS, IIS poppped open a message about a parsing error that I had to fix in the config file.
<httpCompression directory="%TEMP%\iisexpress\IIS Temporary Compressed Files">
<scheme name="gzip" dll="%IIS_BIN%\gzip.dll" />
<dynamicTypes>
...
<!-- compress JSON responses from Web API -->
<add mimeType="application/json" enabled="true" />
...
</dynamicTypes>
<staticTypes>
...
</staticTypes>
</httpCompression>
Global Gzip in HttpModule
If you don't have access to shared hosting - the final IIS instance. You can create a HttpModule that gets added this code to every HttpApplication.Begin_Request event:-
HttpContext context = HttpContext.Current;
context.Response.Filter = new GZipStream(context.Response.Filter, CompressionMode.Compress);
HttpContext.Current.Response.AppendHeader("Content-encoding", "gzip");
HttpContext.Current.Response.Cache.VaryByHeaders["Accept-encoding"] = true;
Filing this under #wow
Turns out that IIS has different levels of compression configurable from 1-9.
Some of my dynamic SOAP requests have been getting out of control recently. With the uncompressed SOAP being about 14MB and compressed 3MB.
I noticed that in Fiddler when I compressed my request under Transformer it came to about 470KB instead of the 3MB - so I figured there must be some way to get better compression.
Eventually found this very informative blog post
http://weblogs.asp.net/owscott/iis-7-compression-good-bad-how-much
I went ahead and ran this commnd (followed by iisreset):
C:\Windows\System32\Inetsrv\Appcmd.exe set config -section:httpCompression -[name='gzip'].staticCompressionLevel:9 -[name='gzip'].dynamicCompressionLevel:9
Changed dynamic level up to 9 and now my compressed soap matches what Fiddler gave me - and it about 1/7th the size of the existing compressed file.
Milage will vary, but for SOAP this is a massive massive improvement.
This is more an add-on to the best answer above (GZip Compression can be enabled directly through IIS) which is correct if your running IIS on Windows desktop however...
If your running IIS on Windows Server, this content compression feature is found in a different place to desktop Windows (not in programs and features in Control Panel). First open "Server Manager" then click Manage -> "Add Roles & Features" then keep clicking NEXT (make sure you select the correct server when you see the list of servers if your managing multiple servers from this instance) until you get to SERVER ROLES, scroll down to and open "Web Server (IIS)..." then "Web Server" then "Performance" then tick "Dynamic Content Compression" then click INSTALL. I tested this on Server 2016 Standard so there may be slight differences if your on an earlier version of Server.
Then follow the instructions from Testing - Check if GZIP Compression is Enabled
Sometimes no matter what you do or follow whole internet posts. Try on the MIMETYPES of applicationhost.config of the server.
https://learn.microsoft.com/en-us/iis/configuration/system.webserver/httpcompression/#configuration-sample
I have 2 WCF service working together. One is Class Library and another one in webservice.
Its working fine until now. But if i try to send large amount of data it throw me 413 error...
An exception was thrown: The remote server returned an error: (413) Request Entity Too Large.
Below is web.config file-
For Class Library-
<add key="SMTP" value ="dummy"/>
<add key="BookingEmailFrom" value ="dummy"/>
<add key="BookingEmailToWBD" value ="dummy"/>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<!--
The <authentication> section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
<authentication mode="Windows"/>
<!--
The <customErrors> section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<!--
The system.webServer section is required for running ASP.NET AJAX under Internet
Information Services 7.0. It is not necessary for previous version of IIS.
-->
<system.serviceModel>
<services>
<service name="JSONWebService.Service1" behaviorConfiguration="JSONWebService.Service1Behavior">
<endpoint address="../Service1.svc" binding="webHttpBinding" contract="JSONWebService.IService1"
behaviorConfiguration="webBehaviour"/>
For web service client-
<?xml version="1.0"?>
<configuration>
<!--
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\vx.x\Config
-->
<configSections>
</configSections>
<appSettings>
<add key="ConnectionString" value="Server=dummy;uid=sa;pwd=dummy;database=dummy"/>
---------------------- -->
section enables configuration
of the security authentication mode used by
ASP.NET to identify an incoming user.
-->
section enables configuration
of what to do if/when an unhandled error occurs
during the execution of a request. Specifically,
it enables developers to configure html error pages
to be displayed in place of a error stack trace.
<customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
<error statusCode="403" redirect="NoAccess.htm" />
<error statusCode="404" redirect="FileNotFound.htm" />
</customErrors>
-->
<pages>
<controls>
<add tagPrefix="asp" namespace="System.Web.UI" assembly="System.Web.Extensions, Version=3.5.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"/>
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<endpoint address="basic" binding="webHttpBinding" contract="JSONWebService.IService1"
behaviorConfiguration="webBehaviour"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior" >
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before
deployment -->
</bindings>
</system.serviceModel>
</configuration>
Any help would be really appreciated.
Thanks
You are encountering a WCF default limit on the message size. To raise the limit, use the maxReceivedMessageSize attribute in your web.config file (server side).
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding maxReceivedMessageSize="10000000">
</basicHttpBinding>
</bindings>
</system.serviceModel>
This is probably really late, but for anyone else that is also stuck.
The initial problem is solved by what BilalAlam described (increase the maxRecievedMessageSize) but your issue is the bindings need to be tied to the endpoint via the bindingConfiguration in the endpoint and the name in the binding.
Example
<bindings>
<webHttpBinding>
<binding maxReceivedMessageSize="2147483647" name="NAMETOTIEENDPOINT">
<readerQuotas maxStringContentLength="2000000"/>
</binding>
</webHttpBinding>
</bindings>
<services>
<service>
<endpoint address="basic" bindingConfiguration="NAMETOTIEENDPOINT" binding="webHttpBinding" contract="JSONWebService.IService1" />
</service>
</services>