WCF - EndPoint Not Found Exception - web-services

I have been beating my head against this for two days and tried a number of things to try to get this to work to no avail. I'm trying to get this system to work on my local machine for debugging purposes. I'm hoping somebody here can see something that I've become blind to, or can offer some sort of advice.
I have two wcf services (actually 4, but more on that later). One is a SOAP webservice running on IIS. The webservice is trying to make a call to the other service (the agent). In the production environment, there are two firewalls between the two services. They use net.tcp protocol with certificate security to connect.
We use self-signed certificates for development and qa purposes.
I have the client and service certificates installed and have granted the app pool read access to the certificates.
I have verified that Net.Tcp Port Sharing Service, Net.Tcp Listener Adapter, Net.Pipe Listener Adapter are all running.
net.tcp protocal is enabled and net.tcp binding is defined in IIS.
The firewall is off.
Both services connect to an Identity Management service (IMS) which is also a WCF service running on a qa server, not my local machine. The webservice is able to successfully connect to the IMS service. I'm trying to use the same binding to connect to the agent service. As far as I can tell the address, binding and contract are all matching between the webservice and the agent, yet I still get the EndPointNotFoundException. What have I missed?
Here is the system.serviceModel section from the web.config for the webservice:
<system.serviceModel>
<client>
<endpoint address="net.tcp://localhost:8102/Acord/201307" behaviorConfiguration="NetTcpCertificatesBehavior" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" contract="AcordContract.IAcordService201307" name="AcordCertificateEndpoint">
<identity>
<certificateReference findValue="(value redacted)" isChainIncluded="false" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
<dns value="localhost" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="NetTcpCertificatesBehavior">
<clientCredentials>
<clientCertificate findValue="(value redacted)" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="NetTcpCertificatesBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security>
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign" />
</security>
</binding>
<binding name="NetTcpMessageCertificatesBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="100"
maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="100" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
<binding name="NetTcpWindowsBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:10:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard"
listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="65535" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
</binding>
<binding name="NetTcpMessageWindowsBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="100" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="100" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
Here is the system.serviceModel section from the app.config for the agent service:
<system.serviceModel>
<diagnostics performanceCounters="Default"/>
<bindings>
<netTcpBinding>
<binding name="NetTcpWindowsBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:01:00" sendTimeout="00:10:00"
transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard"
listenBacklog="10" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="10" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="65535" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Transport">
<transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"/>
<message clientCredentialType="Windows"/>
</security>
</binding>
<binding name="NetTcpCertificatesBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" sendTimeout="00:10:00" portSharingEnabled="true">
<security>
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/>
</security>
</binding>
<binding name="NetTcpMessageWindowsBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="100" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxConnections="100" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</netTcpBinding>
</bindings>
<services>
<service name="AcordAgent.AcordService" behaviorConfiguration="AcordServiceBehavior">
<endpoint address="http://qaschedapp:8100/Acord" binding="webHttpBinding" behaviorConfiguration="HttpWebGetBehavior" contract="AcordContract.IMeta" name="MetaEndpoint">
<!--the name of this endpoint above (MetaEndpoint) must stay-->
</endpoint>
<!--binding for clients within the firewall calling from C# with WCF -->
<endpoint address="net.tcp://localhost:8101/Acord/201307" binding="netTcpBinding" bindingConfiguration="NetTcpMessageWindowsBinding" name="NetTcpWindowsEndpoint" contract="AcordContract.IAcordService201307">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<!--binding for clients outside the firewall calling from C# with WCF using certs -->
<endpoint address="net.tcp://localhost:8102/Acord/201307" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" name="NetTcpCertificatesEndpoint" contract="AcordContract.IAcordService201307">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="net.tcp://localhost:8102/Acord/mex" binding="mexTcpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="NetTcpCertificatesBehavior">
<clientCredentials>
<clientCertificate findValue="(value redacted)" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
<serviceCertificate>
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="AcordServiceBehavior">
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="(value redacted)" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
<clientCertificate>
<certificate findValue="(value redacted)" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
Addendum: I have just run netstat -a and I don't see anything listening on port 8102. So clearly that is why I'm getting the response I am getting. The question I have now is, why is the agent not listening on 8102? I have the agent service running in Visual Studio 2015 with break points set. Do I need to install the service and then attach to the process?

Well, the problem was that there is an appSetting in this application's config file that controls whether the servicehost gets created or not and the setting was set to false. I can't say why there is such a setting in the config file. Setting the appSetting to true, however, has simply revealed a whole new problem. So, on to the next problem.

Related

How can I do folder to require SSL certificate by IIS

I have to make a WCF service in visual studio 2015 MVC and it needs to be accesible only by SSL certificate, I´m using IIS (in Windows10) and trying to limit SSL for only this service (stored in a specifc folder).
When I change IIS option of this folder to "require SSL" the service said that "the http request is unauthorized with client authentication scheme 'anonymous'"
I changed web.config too, maybe something is bad there, the service´s name is EncServiceSSL
How can I do it?
WEB.config:
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<behavior name="ServiceCredentialsBehavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceAuthorization serviceAuthorizationManagerType="MyNamespace.ClientCertificateValidator, MyAssembly">
<authorizationPolicies>
<add policyType="MyNamespace.AdamAuthorizationPolicy, MyAssembly" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<serviceCertificate findValue="1234xx" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="Root"/>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine" />
</clientCertificate>
</serviceCredentials>
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="https" port="443"/>
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="ServiceCredentialsBehavior" name="System.Web.ApplicationServices.AuthenticationService">
<endpoint address="http://localhost:8111/ServicesSSL/EncServiceSSL"
binding="wsHttpBinding"
bindingConfiguration="QuoteService"
name="SecuredByClientCertificate"
contract="encelogistica.QuoteServiceReference.QuoteServiceSoapChannel" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="QuoteService">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
<binding name="QuoteServiceSoap" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8111/ServicesSSL/EncServiceSSL.asmx"
binding="basicHttpBinding" bindingConfiguration="QuoteServiceSoap"
contract="QuoteServiceReference.QuoteServiceSoap" name="QuoteServiceSoap" />
</client>
</system.serviceModel>
</configuration>

WCF changing from Message to Transport security

Currently our services use Message level security, but as we are using Soap UI for testing. After many hours, we discovered that Soap UI is not good with Message level security, something to do with java core I believe.
Have tried to unravel the web.config to use Transport level security, which I believe is supported by Soap UI, but as soon as I change the security mode to Transport I get the following error:
Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].
Can someone have a look at the config as I am sure that I have missed something.
<system.serviceModel>
<services>
<service name="MyService"
behaviorConfiguration="ServiceBehavior">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="ServiceWsHttpBinding"
name="ClaimServiceHttpEndpoint"
contract="IMyService" />
<endpoint address="mex"
binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ServiceWsHttpBinding"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2000000"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
<security mode="Message">
<message clientCredentialType="UserName"
negotiateServiceCredential="false"
establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ClientEndpointBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate findValue="CN=test.service.com"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectDistinguishedName" />
<userNameAuthentication userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType="MyObject.UserAuthentication, MyObject.Utils" />
</serviceCredentials>
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="MyObject.Utils.AuthPolicy, Myobject.Utils" />
</authorizationPolicies>
</serviceAuthorization>
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />

Exception trying to create WCF bindings from app.config file

Hi I have a c# client application trying to connect to a WCF web service. The configuration for the bindings is in the app.config file of the client.
When I call to instatiate the web service (which is an https connection) I get the following error.
Exception Details:
System.InvalidOperationException: Could not find default endpoint element that references contract 'TcWcfServices.ITcWcfService' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.
at System.ServiceModel.Description.ConfigLoader.LoadChannelBehaviors(ServiceEndpoint serviceEndpoint, String configurationName)
at System.ServiceModel.ChannelFactory.InitializeEndpoint(String configurationName, EndpointAddress address)
at System.ServiceModel.ChannelFactory`1..ctor(String endpointConfigurationName, EndpointAddress remoteAddress)
at System.ServiceModel.ConfigurationEndpointTrait`1.CreateSimplexFactory()
at System.ServiceModel.ClientBase`1.CreateChannelFactoryRef(EndpointTrait`1 endpointTrait)
at System.ServiceModel.ClientBase`1.InitializeChannelFactoryRef()
at xx.Int.Biz.Services.TMOScheduling.TcWcfServices.TcWcfServiceClient..ctor()
My code simple calls
if (_wcfClient == null)
_wcfClient = new TcWcfServiceClient();
In my TMOSAcheduling.exe.config file I have this snippet to try and bind to the WCF service.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpsBinding_ITcWcfService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="33554432" maxBufferPoolSize="524288" maxReceivedMessageSize="33554432"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="999999999" maxStringContentLength="999999999"
maxArrayLength="999999999" maxBytesPerRead="999999999" maxNameTableCharCount="999999999" />
<security mode="Transport">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm=""/>
<message clientCredentialType="UserName"
algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<!-- If Environment is HTTPS then use below client and comment out HTTP Client-->
<!-- HTTPS Client -->
<client>
<endpoint address="https://xyz.externalhttpsAddredd.net/TcWcfServices/TcWcfServices.svc"
behaviorConfiguration="TcWcfServicesBehavior"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpsBinding_ITcWcfService"
contract="TcWfcServices.ITcWcfService"
name="BasicHttpsBinding_ITcWcfService" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="TcWcfServicesBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
I wondered if anyone could give me some suggestion of what the issue would be or how i might go about adding the HTTPS binding so I can instantiate and call the service.
This config file had to be "hand generated" as I was developing against a service with the same name that was not HTTPS and was also sitting on my localhost development webservice site.
Also, this client app can not run on my dev. machine because I can not reach the server URL from the dev. machine
Thanks! I am kind of at a crunch time to get this implemented and have tried everything I can think of with similar results.
EDIT HERE IS THE SECOND CONFIG FILE
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpsBinding_ITcWcfService"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:10:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="33554432" maxBufferPoolSize="524288" maxReceivedMessageSize="33554432"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="999999999" maxStringContentLength="999999999"
maxArrayLength="999999999" maxBytesPerRead="999999999" maxNameTableCharCount="999999999" />
<security mode="Transport">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm=""/>
<message clientCredentialType="UserName"
algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://xxxxxx.testexternal.net/TcWcfServices/TcWcfServices.svc"
behaviorConfiguration="TcWcfServicesBehavior"
binding="basicHttpBinding"
contract="TcWfcServices.ITcWcfService" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="TcWcfServicesBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
Second edit. This worked but had certificate errors due to the https
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ITcWcfService"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Text"
textEncoding="utf-8"
transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32"
maxStringContentLength="8192"
maxArrayLength="16384"
maxBytesPerRead="4096"
maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName"
algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://txxxx.external.net/TcWcfServices/TcWcfServices.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_ITcWcfService"
contract="TcWcfServices.ITcWcfService"
name="BasicHttpBinding_ITcWcfService" />
</client>
</system.serviceModel>
The problem is that your <endpoing> element has a name attribute defined, so you either need to remove it to make it the "default endpoint" for that contract, or specify the endpoint name manually in the constructor of the client proxy object.
From the documentation at http://msdn.microsoft.com/en-us/library/ms731762(v=vs.110).aspx
Optional string attribute. This attribute uniquely identifies an
endpoint for a given contract. You can define multiple clients for a
given Contract type. Each definition must be differentiated by a
unique configuration name. If this attribute is omitted, the
corresponding endpoint is used as the default endpoint associated with
the specified Contract type. The default is an empty string.
the answer ended up being the last edit i made but I also ended up having a cert Issue (another thing all together). So we also ended up going to HTTP instead.
Tomasr - your suggestions were at least helpful in pointing me at some things I did not know about endpoints and the like. And I was able to verify that I was in fact using the correct config - something I was second guessing myself.

Using a particular webservice in Powershell

I am trying to access a webservice in Powershell
Here is my code including the error message that I get
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$proxy = New-WebServiceProxy -uri http://url/webService/platform/CoreWebService.svc?wdsl
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate("test.cer")
$proxy.ClientCertificates.Add($cert)
$proxy.Credentials = Get-Credential
$proxy.WorkspaceList()
#Ausnahme beim Aufrufen von "WorkspaceList" mit 0 Argument(en): "Logon failed: unknown user name, wrong password or account disabled."
#In Zeile:2 Zeichen:5
#+ $proxy.WorkspaceList()
#+ ~~~~~~~~~~~~~~~~~~~~~~
# + CategoryInfo : NotSpecified: (:) [], MethodInvocationException
# + FullyQualifiedErrorId : SoapException
Checked the username several times and confirmed with support that it's the right one and that the account is set up for it. Also: it works in a Visual Studio project
When getting the configuration of the webservice via svcutil it gives me the following configuration
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ICoreWebServiceBasic" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<wsHttpBinding>
<binding name="WSHttpBinding_ICoreWebService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
<binding name="WSHttpBinding_ICoreWebService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://url/webService/platform/CoreWebService.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICoreWebService"
contract="ServiceReference1.ICoreWebService" name="WSHttpBinding_ICoreWebService">
<identity>
<certificate encodedValue="certificate string, which I copied into test.pfx, then imported into certificate store and exported as DER encoded cer file" />
</identity>
</endpoint>
<endpoint address="http://url/webService/platform/CoreWebService.svc/wauth"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ICoreWebService1"
contract="ServiceReference1.ICoreWebService" name="WSHttpBinding_ICoreWebService1">
<identity>
<servicePrincipalName value="host/AMAZONA-1AGOCUI" />
</identity>
</endpoint>
<endpoint address="http://url/webService/platform/CoreWebService.svc/basic"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ICoreWebServiceBasic"
contract="ServiceReference1.ICoreWebServiceBasic" name="BasicHttpBinding_ICoreWebServiceBasic" />
</client>
</system.serviceModel>
</configuration>
In the manual, they give the example for using the WSHttpBinding_ICoreWebService endpoint and that is also what works in a Visual Studio project.
What am I missing in my Powershell script?
Thank you!
Sandro
2014-05-22: updated to reflect latest script
You're trying to load X509Certificate from PFX file not CER. PFX is secure certificate that requires private key to save it to the store.
You can either add it to the certificate store manually or through code (using Import-PfxCertificate). Then you can export the CER certificate and can finally do this line:
$cert = new-object System.Security.Cryptography.X509Certificates.X509Certificate("test.cer")
Not sure about the Get-Certificate cmdlet, but you can go with -UseDefaultCredential option too.
Here is a similar thread:
X509Certificate.CreateFromCertFile - the specified network password is not correct

Calling an ASMX service that is secured with Windows Credentials

I've been given a Web Service (ASMX) to consume witch I need to use Windows credentials for.
So, I have set up my client VPN and called the WSDL, saved as an XML file and generated the proxy class using the svcutil.exe, so far, so good...
I'm calling the service as
// Web Service
client = new CmListSync.Models.WebCorePlayersSoapClient();
client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
client.ClientCredentials.Windows.ClientCredential = new System.Net.NetworkCredential(cUser, cPass, cDoma);
and in the web.config I have this setup:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="true" />
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows" algorithmSuite="Default" negotiateServiceCredential="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://vm-wssrv01/players.asmx" binding="wsHttpBinding"
bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
name="WebCorePlayersSoap" />
</client>
</system.serviceModel>
but when I try to call the service I get an exception saying:
The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'.
What am I missing? shouldn't the service authenticate normally as I have provided the windows credentials? What more should I do?
What I have tried:
set the security mode to Message and I got the same error as in the question above
set the security mode to TransportWithMessageCredential I got: The
provided URI scheme 'http' is invalid; expected 'https'.\r\nParameter
name: via
set the security mode to Transport and I got: Binding validation failed because the WSHttpBinding does not support reliable sessions over transport security (HTTPS). The channel factory or service host could not be opened. Use message security for secure reliable messaging over HTTP.
From John Saunders comment:
I have switched to basicHttpBinding
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" realm="vm-wssrv01" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://vm-wssrv01/players.asmx" binding="basicHttpBinding"
bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
name="WebCorePlayersSoap" />
</client>
</system.serviceModel>
and tried changing the security mode to:
TransportWithMessageCredential
{"The provided URI scheme 'http' is invalid; expected 'https'.\r\nParameter name: via"}
TransportCredentialOnly
{"The HTTP request is unauthorized with client authentication scheme 'Negotiate'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'."}
Message
{"BasicHttp binding requires that BasicHttpBinding.Security.Message.ClientCredentialType be equivalent to the BasicHttpMessageCredentialType.Certificate credential type for secure messages. Select Transport or TransportWithMessageCredential security for UserName credentials."}
Transport
{"The provided URI scheme 'http' is invalid; expected 'https'.\r\nParameter name: via"}
None
{"The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was 'Basic realm=\"vm-wssrv01\"'."}
I'm running out of ideas :(
The service is HTTP only, not HTTPS and I have no Certificate to use...
after 3 days, and with a big help from John Saunders as he stated that the only possible binding for an ASMX service would be basicHttpBinding (my search for an answer started to be much more focused) I got into this:
In the service caller, one must use the client.ClientCredentials.UserName as:
// Web Service
client = new CmListSync.Models.WebCorePlayersSoapClient();
client.ClientCredentials.UserName.UserName = cUser;
client.ClientCredentials.UserName.Password = cPass;
and in the configuration part, one needs to use:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="WebCorePlayersSoap" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://vm-wssrv01/players.asmx" binding="basicHttpBinding"
bindingConfiguration="WebCorePlayersSoap" contract="WebCorePlayersSoap"
name="WebCorePlayersSoap">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</client>
</system.serviceModel>