How to configure WCF Service with Https WindowsAuthentication? - wpf

I am trying to figure it out how to set configurations on my service and Silverlight client App to work on Secure Windows Authentication.
I have my service configured like this:
<binding name="currentCustomBinding">
<binaryMessageEncoding />
<httpsTransport authenticationScheme="Ntlm" bypassProxyOnLocal="true" />
</binding>
</customBinding>
<serviceMetadata httpGetEnabled="False" httpsGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<service name=" OperationService" behaviorConfiguration=" OperationServiceBehavior">
<endpoint address="" behaviorConfiguration=" OperationServiceBehavior" binding="customBinding" bindingConfiguration="currentCustomBinding" contract="OperationService" />
</service>
Any ideas? 10q

Related

Migrating from Windows Authentication to Azure AD authentication for Asp.net MVC website hosted in IIS

I am migrating my ASP.Net MVC based website to use Azure AD Authentication. My website is successfully migrated to used AAD.
My website makes call to WCF service. How do I pass logged in information to this WCF service?
Here is my ServiceModel configuration in web.config. Appreciate your help
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="AdsPlusValidatorServiceBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IJobManagerService" closeTimeout="00:01:00" OpenTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" ostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" essageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
> <transport clientCredentialType="Windows" />
> </security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8000/Validator/Service" behaviorConfiguration="AdsPlusValidatorServiceBehavior" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IJobManagerService"contract="IJobManagerService" name="BasicHttpBinding_IJobManagerService">
<identity>
<servicePrincipalName value="" />
</identity>
</endpoint>
</client> </system.serviceModel>
take a look to Using AAL to Secure Calls to a Classic WCF Service. Replace AAL code with MSAL.

adding behaviorConfiguration causes (415) Unsupported Media Type.HTTP GET Error

When I add in behaviorConfiguration I get the following from wcftester
The remote server returned an error: (415) Unsupported Media Type.HTTP GET Error
service web.config
<system.serviceModel>
<services>
<service behaviorConfiguration="MaxConfig" name="MyRemoteHostService">
<endpoint address="" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_MyRemoteHostService"
contract="My.Framework.Web.MyRemoteHostService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false"
multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyRemoteHostService"
maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647">
<readerQuotas
maxArrayLength="2147483647"
maxBytesPerRead="2147483647"
maxDepth="2147483647"
maxNameTableCharCount="2147483647"
maxStringContentLength="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MaxConfig">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
ServiceReferences.ClientConfig
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_MyRemoteHostService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<endpoint address="http://localhost:2622/MyRemoteHostService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_MyRemoteHostService"
contract="MyServiceReference.MyRemoteHostService" name="BasicHttpBinding_MyRemoteHostService" />
</client>
</system.serviceModel>
Error:
Cannot obtain Metadata from
http://localhost:2622/MyRemoteHostService.svc If this is a Windows (R)
Communication Foundation service to which you have access, please
check that you have enabled metadata publishing at the specified
address
The remote server returned an error: (415) Unsupported Media Type.HTTP
GET Error URI: http://localhost:2622/MyRemoteHostService.svc The
HTML document does not contain Web service discovery information.
I got a 415 error message took me more than a day to find the cause, turns out that our web.config on the server is different to dev, it specifies a different binding which means the binding is different between the client (SL) and the wcf service on the server which seems to cause a 415 message (kinda makes sense). Your bindings above look correct, could be worth re-checking. Have you tried updating the service reference after adding the behaviorConfiguration, sometimes it works. Unfortunately HTTP error codes can be very misleading at times...

WCF Error Not Found with large objects

I am having an issue with a WCF service call. The service takes a complex object that has many lists of objects inside of it. The problem occurs when the object gets too large. I am getting a communication exception that says Not Found. The call works as long as the item is not too large. Any help would be appreciated. Here is the relevant part of the client config file:
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ICartService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="../Services/CartService.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ICartService"
contract="AccessPoint.RichClient.Wcf.ICartService"
name="BasicHttpBinding_ICartService" />
</client>
The web.config file has the following content:
<bindings>
<basicHttpBinding>
<binding name="basicHttpLargeMessage" closeTimeout="00:02:00"
openTimeout="00:02:00" receiveTimeout="00:10:00" sendTimeout="00:02:00"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="CartService.CartServiceBehavior"
name="AccessPoint.WcfServices.CartService">
<endpoint address="" behaviorConfiguration="CartServiceBehavior"
binding="basicHttpBinding" bindingConfiguration="basicHttpLargeMessage"
contract="AccessPoint.WcfServices.ICartService" />
</service>
<behaviors>
<serviceBehaviors>
<behavior name="CartService.CartServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph ="2147483647"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="CartServiceBehavior">
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</endpointBehaviors>
</behaviors>
Any server error will be reflected in Silverlight as a "Not Found" exception. You need to either use some network sniffing tool (such as Fiddler) to see if the response has some additional information about the error, or enable tracing at the server side to see why it's returning a non-successful response.
The post at http://blogs.msdn.com/b/silverlightws/archive/2010/09/23/debugging-wcf-services-in-silverlight.aspx has a video with lots of information about debugging WCF services in Silverlight.

Silverlight - How to consume a WCF service from the client with windows authentication

I have a silverlight 4 application and I need the client to consume a WCF service secured with SSL and using windows authentication. Only members of a certain active directory group should be able to call the WCF service.
Here is my web.config. With the current configuration anyone can call the WCF service. what should be the correct values?
Thanks,
Kruvi
<configuration>
<system.diagnostics>
</system.diagnostics>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="On" defaultRedirect="~\Errors\Error.htm">
<error statusCode="404" redirect="~\Errors\404.htm"/>
</customErrors>
</system.web>
<connectionStrings>
</connectionStrings>
<system.serviceModel>
<diagnostics>
</diagnostics>
<extensions>
<behaviorExtensions>
<add name="silverlightFaults"
type="ZCUtils.SilverlightFaultBehavior, ZCUtils, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>
</behaviorExtensions>
</extensions>
<behaviors>
<endpointBehaviors>
<behavior name="SilverlightFaultBehavior">
<silverlightFaults />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ZCBehavior">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBindingSsl" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true" />
<services>
<service name="ZC.Web.Services.ZCServices" behaviorConfiguration="ZCBehavior">
<endpoint address="" behaviorConfiguration="SilverlightFaultBehavior"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBindingSsl"
contract="ZC.Web.Services.ZCServices" />
</service>
</services>
</system.serviceModel>
</configuration>
The following article shows how to secure a WCF service with Windows auth for Silverlight clients:
http://msdn.microsoft.com/en-us/library/dd744835(v=vs.95).aspx
This article talks about using the PrincipalPermissionAttribute, which will allow you to restrict with groups can call a particular service operation:
http://msdn.microsoft.com/en-us/library/ms731200.aspx

Silverlight 4 - Configure Self-Hosted WCF Service to use SSL

I have a Silverlight 4 application that uses WCF services on the same server (self-hosted). Everything works fine, but now I want to convert my WCF services to use SSL. I am using CustomBindings and can't quite find the combination to get this done. I am using relative URLs on the client side, and hope this is not causing a problem. Here are the important bits of my Web.config file:
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="6553600"/>
<serviceTimeouts transactionTimeout="00:10:00"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<customBinding>
<binding name="MyApp.Web.Services.ProjectService.customBinding0"
receiveTimeout="00:10:00" sendTimeout="00:10:00">
<binaryMessageEncoding />
<httpsTransport maxReceivedMessageSize="2147483647" />
</binding>
</customBinding>
</bindings>
<services>
<service name="MyApp.Web.Services.ProjectService">
<endpoint address="" binding="customBinding" bindingConfiguration="MyApp.Web.Services.ProjectService.customBinding0"
contract="MyApp.Web.Services.ProjectService" />
</service>
My ClientConfig looks like this:
<configuration>
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_ProjectService">
<binaryMessageEncoding />
<httpTransport maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="../Services/ProjectService.svc" binding="customBinding"
bindingConfiguration="CustomBinding_ProjectService" contract="SearchProxy.ProjectService"
name="CustomBinding_ProjectService" />
</client>
</system.serviceModel>
</configuration>
I just don't understand how the bindings work in both the server and client. I'm hoping someone can point me in the right direction.
A few things:
If you want to use SSL on localhost you'll need to be using IIS Express 7.5 (or full IIS if you're on a server doing dev - unlikely).
You'll need a clientaccesspolicy.xml file stored in the root of the Web application:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers= "SOAPAction">
<domain uri="https://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Example server-side Web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="SecureBasicHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SomeBehavior" >
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<useRequestHeadersForMetadataAddress>
<defaultPorts>
<add scheme="https" port="443" />
</defaultPorts>
</useRequestHeadersForMetadataAddress>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment>
<serviceActivations>
<add relativeAddress="SomeService.svc" service="MySilverlight.Web.SomeService"/>
</serviceActivations>
</serviceHostingEnvironment>
<services>
<service name="MySilverlight.Web.SomeService"
behaviorConfiguration="SomeBehavior">
<endpoint address="SomeService"
binding="basicHttpBinding"
bindingConfiguration="SecureBasicHttpBinding"
bindingNamespace="https://MySilverlight.Web.SomeService"
contract="MySilverlight.Web.ISomeService">
</endpoint>
<endpoint address="mex"
binding="mexHttpsBinding"
contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
Example client-side:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ISomeService" maxBufferSize="2147483647"
maxReceivedMessageSize="2147483647">
<security mode="Transport" />
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost/SomeService.svc/SomeService"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_ISomeService"
contract="MySilverlight.Web.SomeServiceReference.ISomeService"
name="BasicHttpBinding_ISomeService" />
</client>
<extensions />
</system.serviceModel>
</configuration>
IIS 7.5 will setup your localhost certificate automatically.
Can you update the service reference on the client project? That should update the clientconfig file with the correct binding. One thing I am noticing right now is that you're using <httpTransport> on the client binding and <httpsTransport> on the service. Try changing the client to use <httpsTransport> as well.
Also, if your SL app is downloaded from an HTTP:// address, then a call to a service in HTTPS is considered to be a cross-domain call, so you'll need a cross-domain policy file as well.

Resources