Exposing HTTP only WCF service behind a HTTPS reverse proxy - web-services

We are currently building a company reverse proxy based on ASP.NET Core, with the intent to expose non-public client services to the internet.
It should work like this:
Browser\App ==HTTPS==> ReverseProxy ==HTTP in VPN Tunnel==> WCF Service
Our current issue is that clients are exposing WCF services in HTTP using WsHttpBinding, while our reverse proxy accepts HTTPS only. This leads to a discrepancy in how an application and the service should communicate, since the WCF Service accepts HTTP only, but the application can only use HTTPS.
This discrepancy causes the client applications that want to use the WCF service behind the reverse proxy to fail with Provided URI scheme 'https' is invalid; expected 'http'. Parameter name: via. All the solutions found on SO basically only points to editing <security mode="None"> to <security mode="Transport">, but doing that on my app.config leads to a different exception: WsHttpBinding doesn't support reliable sessions over transport security (https).
Is there a way, without forcing the client to implement HTTPS in his web service, to allow this to work?
As I understood this is a common problem when using a WCF service behind load balancer (which is basically what my application is doing). If I use my reverse proxy in HTTP, everything works fine, but not if I enable HTTPS. Many issues like that got solved by editing the service definition, which is a thing I cannot do, since the service was made a third-party company.

Related

mule versioning on web service

I have the same mule webservice application with 2 different versions deployed on the same mule server. Let's call it MuleApp.1.0 and MuleApp.1.1. The flow is as simple as the example of webservice flow on mulesoft website. Their wsdl urls are different as:
http://www.myhost.com:25101/MuleApp.1.0/Service?wsdl
http://www.myhost.com:25101/MuleApp.1.1/Service?wsdl
Both of them are working as expected when the other is not deploying on the mule server. The issue happens when I having both of them deployed on the same mule server like what I used to do in WebLogic. Now I am able to access MuleApp.1.1, but when I tried to access MuleApp.1.0, I got the error as below
07-Mar-2013:14:52:57.142 VWILVM3667 [MuleApp.1.1].connector.http.mule.default.receiver.03
WARN org.mule.transport.http.HttpMessageReceiver NA
No receiver found with secondary lookup on connector: connector.http.mule.default with URI key: http://www.myhost.com:25101/MuleApp.1.0/Service
This is supposed to be a very common versionning case. What did I miss in my config?
You can't have two different applications sharing the same HTTP port in the same Mule instance.
So what probably happens is that MuleApp.1.0 doesn't deploy properly (check the logs), which is why there is no endpoint listening on /MuleApp.1.0.
Either:
Use a different port in the two apps,
Put both flows in a single app.
Create a frontal app that listens on port 25101 and both /MuleApp.1.0 and /MuleApp.1.1 paths and that dispatches requests to MuleApp.1.0 and MuleApp.1.1 on private ports (say 25102 and 25103).
I finally deployed my application on tomcat, and replaced http inbound endpoint with servlet inbound endpoint. I configure the web.xml with servlet class org.mule.transport.servlet.MuleReceiverServlet. Now I am able to deploy multiple applications on the same port.

Define Outgoing/Calling Port for SOAP Web Service in Visual Studio 2010

The application application I'm currently working on is required to interface with a web service using SOAP. The service providers want to restrict access to the service via a firewall using BOTH an IP address and a Port. I'm using VS 2010 and the service has been added as a .NET 2.0 Web Service.
Right now the firewall rule for my connection's port is set to 'ANY' and the service team wants to tighten it down to a specific port. I can't seem to find any way to set a specific outgoing port (port used when exiting my web server) in my service.
Is it even possible to do this?
It is possible to do this, but it's a non-trivial customization.
See Ways to Customize your ASMX Client Proxy for the general techniques. Near the bottom, you'll find "Heavy-Duty Customization".
By overriding the GetWebRequest method, you can gain access to the HttpWebRequest instance being used by the request.
HttpWebRequest has a ServicePoint property.
ServicePoint has a BindIPEndPointDelegate property.
Set this property to point to a method that will decide which IP address and port to use.

Security of SOAP based web service in Java, Netbeans, Tomcat

I have created an android application that calls (using kSOAP library) a SOAP based web service (developed in java, netbeans) over the intranet.
Now i want to make the application live, so this will require my web service to be exposed on the internet.
I have following questions...
How do i make sure that no one knows about the web service link except my android application
No one is able to call the web service except my android application
The data transferred between android application and web service is secure and encrypted
What kind of authentication mechanism should be used
I'm new to web services security so forgive me if my questions are dumb :)
This is impossible. Anyone having your app might use a traffic analyzer like wireshark and see all the requests it makes.
Sign each request you app makes(add some soap header) and check the signature on the server side
Use HTTPS
How to do authentication using SOAP?

Disabling HTTPS in Axis2 web service

I have created an Axis2 web service from Netbeans and deployed it successfully in Tomcat 6 on my web server.
When I use for instance SoapUI or Taverna to consume the web service, the server offers both HTTP and HTTPS methods to invoke it. However, using the HTTPS method renders a 404 error. (Probably because there is a server admin panel running on port 8443, but that doesn't matter right now.)
The problem is that my web service clients default to using the HTTPS service. I figured the simplest thing I could do to get the basic service to work, would be to disable the HTTPS endpoint, as the HTTP version runs flawlessly and I don't need the added security. But now I've spent hours on finding out how to do that, without success. The WSDL returned by Axis2 contains entries for HttpsSoap11Endpoint but the WSDL that's bundled in my .AAR file after the build does not.
Does anybody know how to make Axis2 offer just HTTP endpoints?
In axis2.xml, comment out the https transport receiver to disable the HTTPS endpoint.

BizTalk web-service call: unable to connect to remote server

I am trying to call a web service from a BizTalk (2006) orchestration.
Having got the hang of the basics, I have been following this tutorial (page 74 onwards) in which i have a web reference to an external web service (I am using this web service instead of the one in the tutorial), I have my web message in a Send component, and have set up the request / response ports for the web service call.
I'm fairly sure that eveything is set up correctly, but my orchestration fails to call the web service with the following error:
The adapter failed to transmit the message going to send port
"My_Order_Processor.Orchestration-CurrencyConvertPort-36c122f41c5596ae"
with URL "http://www.webservicex/net/CurrencyConvertor.asmx.
WebException: Unable to connect to the remote server.
SocketException: An existing connection was forcibly
closed by the remote host 209.162.186.60:80
The IP 209.162.186.60 is the address for the web service I am trying to connect to. I am trying to narrow down the reasons for the error, e.g.:
Firewall issues
Proxy server issues (I don't know how to configure BizTalk to use a proxy server)
Something else
The BizTalk server can ping the web service, I can access the internet (through IE), I can add the WebReference to the project successfully (meaning at least the orchestration designer can access the web service okay). I have also tried a different web service, with the same result.
Any ideas on finding out why this is happening or how to find out more info? (I'm new to BizTalk)
I've seen this veru vague error before for many different reasons. Two suggestions.
Download something like NetMon and watch what is going on on the wire.
Turn off chunked encoding. For some reason, many web services don't handle this well.
Let us know what you find out.
Could this not be an authentication issue? Check that you can connect to the webservice using the Bts credentials.
This turned out to be a proxy issue.
By navigating to Biz Talk Group -> Platform Settings -> Adapters -> SOAP, I was able to configure the BizTalk server host's SOAP adapter (which is what the web service call uses to make the call) to use our company proxy server correctly. Double click the 'send' SOAP adapter, go to Properties under adapter name.