I have inherited a WCF project which is hosted under IIS. Its part of a regular website i.e. there are human usable pages as well.
The site is configured in IIS with the following 2 bindings:
1: https://www.example.com/
2: http://www.example.com:8080/
If I visit http://www.example.com:8080/my-service.svc?wsdl I get a WSDL file returned as expected.
If I visit https://www.example.com/my-service.svc?wsdl I get told I need to visit http://www.example.com:8080/my-service.svc?wsdl to create a client.
There is no binding section under system.serviceModel in web.config.
What I want to know is, how does the service know it is associated with the second IIS binding and not the first.
system.ServiceModel follows:
<system.serviceModel>
<extensions>
<behaviorExtensions>
<add name="FormsAuthBehavior" type="My-WCF.FormsAuthBehaviorExtensionElement, EcobuttonWebService" />
</behaviorExtensions>
</extensions>
<behaviors>
<serviceBehaviors>
<behavior name="FormsAuthenticated">
<!--To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment-->
<serviceMetadata httpGetEnabled="true" />
<!--To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information-->
<serviceDebug includeExceptionDetailInFaults="false" />
<!--Pre-authenticates client with server to generate FormsAuthentication cookie. Cookie is submitted with each WCF request.-->
<!--NB: set throwsSecurityExceptions="false" when updating service references in client apps.-->
<FormsAuthBehavior throwsSecurityExceptions="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true" />
<services>
<service name="My-Service" behaviorConfiguration="FormsAuthenticated" />
</services>
</system.serviceModel>
Configure WCF Service for HTTP Transport Security
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
Specify your service and service endpoint as shown in the following XML.
<services>
<service name="MySecureWCFService.Service1">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="MySecureWCFService.IService1"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
Enable httpsGetEnabled
<serviceBehaviors>
<serviceMetadata httpsGetEnabled="true"/>
</serviceBehaviors>
References:
MSDN
Seven simple steps to enable HTTPS on WCF WsHttp bindings
Related
I wrote some wcf web service that work good ( restful ).
I need now to support the calling of those web service only from https
The configuration file code:
<service name="Microsoft.ServiceModel.Samples.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8000/ServiceModelSamples/service"/>
</baseAddresses>
</host>
<endpoint address="" binding="wsHttpBinding" contract="Microsoft.ServiceModel.Samples.ICalculator" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="CalculatorServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
</behavior>
</serviceBehaviors>
</behaviors>
Here are the steps with which you can enable SSL.
First create a self signed certificate,You can use IIS manager to do it.
Open INETMGR and then open Server Certificates then proceed to create self signed certificate,say the name is testcertificate.
Now in your wcf configuration file would be like this
<system.serviceModel>
<services>
<service name="NorthwindServices.ProductService">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="secureHttpBinding"
contract="NorthwindServices.IProducts"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="secureHttpBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
Note I have changed below things
1) In serviceBehaviors for allowing https request I set httpsGetEnabled="true".
2) Set clientCredentialType as None to specify anonymous authentication which does not perform client authetication. The possible values for clientCredentialType are None, Basic, Digest, Ntlm, Windows.
Finally you can host the service in IIS.
In IIS right click on the site and click on Edit Bindings,Now click on Add
button and select https from type dropdown of Add Site Binding window.
From SSL Certificate drop down select testcertificate which you created in first step. Click Ok and close Site Bindings window.
Publish wcf in localhost.
I've poked around dozens of blogs and SO questions and still can't get this to work. I can load my service over HTTP, but I get the following error over HTTPS:
Could not find a base address that matches scheme http for the endpoint with binding secureWeb. Registered base address schemes are [https].
I'm hosting locally in IIS under an SSL site that works for several other apps already. Here is the config that I am trying to get working; any suggestions would be greatly appreciated!
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="secureWeb">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" httpHelpPageEnabled="false" httpsHelpPageEnabled="false" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<services>
<service name="Example.TestService">
<endpoint binding="webHttpBinding" bindingName="secureWeb" bindingNamespace="http://example.com/services"
behaviorConfiguration="webBehavior"
contract="Example.ITestService" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true">
<serviceActivations>
<add relativeAddress="Test.svc" service="Example.TestService" factory="Example.Common.ServiceModel.Activation.FlatWsdlServiceHostFactory" />
</serviceActivations>
</serviceHostingEnvironment>
</system.serviceModel>
In addition to everything else already said, I think you should have bindingConfiguration="secureWeb" instead of bindingName="secureWeb"
(e.g. <endpoint binding="webHttpBinding" bindingConfiguration="secureWeb"...)
Based on a review of your WCF configuration, I think the issue may be related to the service metadata configuration. The configuration seems to specify that the metadata is available via http and https, but the endpoints only contain bindings for secure https (secureWeb).
In the following line, change the httpGetEnabled value from true to false.
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
Note: The Creating a WCF RESTful Service And Secure It Using HTTPS Over SSL blog post mentions changing the service metadata options toward the end:
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
Lastly, we need to update the metadata publishing endpoint to use
HTTPS as well:
Ok, I really need help getting this setup. Currently i have an ssl cert installed. I have a wcf service installed in iis as an application. I have set it to require ssl and i am able to connect to the service. Issue is i want windows authentication. and i want to disable anonymous security. Soon as i disable anonymous and keep windows auth. i get an error:
"the authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly.etc etc...."
When i turn anonymous back on with windows auth. Yes i can access the service but it doesn't use the windows auth.. its weird because other files such as test.html for example still require username/password. i don't know how to properly restrict a webservice for windows auth using ssl... can anyone help me?? please
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
<readerQuotas maxDepth="2147483647"
maxStringContentLength="2147483647"
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</binding>
</wsHttpBinding>
</bindings>
<services>
<service name="WcfConcur.ConcurService">
<endpoint address=""
binding="wsHttpBinding"
bindingConfiguration="TransportSecurity"
contract="WcfConcur.IConcurService"/>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpsGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
on the client side, i add a reference to the wcf. and it downloads this automatically. thing is my intial wcf address that is hosted is https://address/whatever.svc and when it downloads it shows http://internal address i don't know if thats the issue
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client" />
</startup>
<system.serviceModel>
<client>
<endpoint address="http://internal address/wcfConcurService/ConcurService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IConcurService"
contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" />
</client>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IConcurService" />
</basicHttpBinding>
</bindings>
</system.serviceModel>
</configuration>
The error message thrown, when anonymous access is disabled, seems to indicate an issue with the client configuration.
The client configuration appears to be using the basicHttpBinding which is different from the server configuration which is using wsHttpBinding. To resolve the binding issue, you should copy the server binding configuration to the client configuration file and then update the client endpoint to use the new binding configuration.
Your client configuration should look something like:
<system.serviceModel>
<client>
<endpoint address="https://enter-external-address-here/wcfConcurService/ConcurService.svc"
binding="wsHttpBinding" bindingConfiguration="TransportSecurity"
contract="wcfConcurRef.IConcurService" name="BasicHttpBinding_IConcurService" />
</client>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
I'm trying to make my webservice available over http and https, but I'm running into this error:
A child element named 'endpoint' with same key already exists at the same configuration scope. Collection elements must be unique within the same configuration scope (e.g. the same application.config file). Duplicate key value: 'address:;bindingConfiguration;bindingName:;bindingNamespace:;bindingSectionName:basicHttpsBinding;contractType:RestService.Iservice;kind:;endpointConfiguration:;'.
Now, that's a clear error, but I don't know how to alter my configuration to support http and https requests on the same contract.
Notice that I wish to use the WCF4.5 basicHttpsBinding configuration.
Here's my configuration:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="RestService.service">
<!--
<host>
<baseAddresses>
<add baseAddress = "http://www.nl/service.svc/" />
<add baseAddress = "https://www.nl/service.svc/" />
</baseAddresses>
</host>
-->
<endpoint binding="webHttpBinding" contract="RestService.Iservice" />
<endpoint binding="webHttpBinding" address="" bindingConfiguration="webHttpBindingWithJsonP" name="RestService.Iservice" contract="RestService.Iservice">
</endpoint>
<endpoint binding="basicHttpsBinding" contract="RestService.Iservice" />
<endpoint binding="basicHttpsBinding" address="" name="RestService.Iservice" contract="RestService.Iservice">
</endpoint>
</service>
</services>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingWithJsonP" crossDomainScriptAccessEnabled="true">
</binding>
</webHttpBinding>
<basicHttpsBinding>
<binding name="webHttpsBindingWithJsonP">
<security mode="Transport"></security>
</binding>
</basicHttpsBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp />
</behavior>
<behavior name="webHttpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
In your endpoints, you need to set the binding of the Json endpoints to webHttpBinding, not basicHttpBinding. For the secured endpoint, you'll need to add a binding configuration and set the security mode to transport.
Also, please set an address for either the web/basic endpoint. I'm pretty sure you cannot use those two bindings with the same address.
Lastly, since you are hosted under IIS, you can remove the baseAddress section as it is not required. And make sure your web site in IIS is configured to support the http and https protocols (check that through the web site's bindings dialog in the IIS Manager)
I have done following configuration inside configuration file for wsHttpBinding and with transport security. Meta data exchange, base address & bindings all are set for Https but it is still giving this issue.
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpEndpointBinding">
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="WCFWindowsBasicHttpBinding.Service1Behavior" name="WCFWindowsBasicHttpBinding.Service1">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="WsHttpEndpointBinding" name="WsHttpEndpoint" contract="WCFWindowsBasicHttpBinding.IService1">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="Mex" binding="mexHttpsBinding" contract="IMex"></endpoint>
<host>
<baseAddresses>
<add baseAddress="https://localhost/Service1.svc"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WCFWindowsBasicHttpBinding.Service1Behavior">
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="false" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
Are you hosting the service on IIS? If so, make sure the WebSite you're deploying to has an SSL Binding defined in IIS.