views:

1352

answers:

2

Hello everyone,

I am using VSTS 2008 + C# + .Net 3.0. I am using self-hosted WCF. When executing the following statement (host.Open()), there is the following binding not found error. I have posted my whole app.config file, any ideas what is wrong?

ServiceHost host = new ServiceHost(typeof(MyWCFService));
host.Open();

Error message,

The value of the property 'algorithmSuite' cannot be parsed. The error is: The value 'Aes128' is not a valid instance of type 'System.ServiceModel.Security.SecurityAlgorithmSuite'.

EDIT1: I have changed the algorithm suit option value to Default, but met with a new error when executing Open(), error message is, any ideas what is wrong,

Binding validation failed because the WSHttpBinding does not support reliable sessions over transport security (HTTPS). The channel factory or service host could not be opened. Use message security for secure reliable messaging over HTTP.

Full app.config,

<?xml version="1.0"?>
<configuration>
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="MyBinding"
            closeTimeout="00:00:10"
            openTimeout="00:00:20"
            receiveTimeout="00:00:30"
            sendTimeout="00:00:40"
            bypassProxyOnLocal="false"
            transactionFlow="false"
            hostNameComparisonMode="WeakWildcard"
            maxReceivedMessageSize="100000000"
            messageEncoding="Mtom"
            proxyAddress="http://foo/bar"
            textEncoding="utf-16"
            useDefaultWebProxy="false">
          <reliableSession 
               enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Digest"
               proxyCredentialType="None"
               realm="someRealm" />
            <message clientCredentialType="Windows"
           negotiateServiceCredential="false"
           algorithmSuite="Default"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="MyWCFService"
                behaviorConfiguration="mexServiceBehavior">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:9090/MyService"/&gt;
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyBinding" contract="IMyService"/>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="mexServiceBehavior">
          <serviceMetadata httpsGetEnabled="True"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
<startup><supportedRuntime version="v2.0.50727"/></startup></configuration>

thanks in advance, George

+2  A: 

You need to update your service behavior, too, if you change the MEX endpoint from http to https - you need to enable the httpsGetEnabled setting (not the httpGetEnabled):

   <behaviors>
      <serviceBehaviors>
        <behavior name="mexServiceBehavior">
          <serviceMetadata httpsGetEnabled="True"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>

UPDATE:
George, check out this MSDN link - there is no "Aes128" algorithm - you must pick one of the existing ones.

UPDATE 2:

Can you try this config - reduce to the max! :-)

  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="MyBinding"
            maxReceivedMessageSize="100000000"
            messageEncoding="Mtom"
            proxyAddress="http://foo/bar"
            textEncoding="utf-16"
            useDefaultWebProxy="false">
          <reliableSession enabled="false" />
          <security mode="None" />
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service name="MyWCFService"
                behaviorConfiguration="mexServiceBehavior">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost:9090/MyService"/&gt;
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MyBinding" contract="IMyService"/>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="mexServiceBehavior">
          <serviceMetadata httpsGetEnabled="True"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

Can you start up your service,and can you add service reference from Visual Studio?

UPDATE 3:
George, I'd recommend you have a look at those security-related links and get some feel for what you really need and want - and how to achieve it.

Marc

marc_s
Thanks Marc, I got the error "The value of the property 'algorithmSuite' cannot be parsed. The error is: The value 'Aes128' is not a valid instance of type 'System.ServiceModel.Security.SecurityAlgorithmSuite'." Any ideas? I am building WCF on .Net 3.0, not .Net 3.5.
George2
Thanks Marc, I have changed the configuration value to "Default", and no such error, but I met with a new error, please refer to EDIT1 section of my original post. Any ideas what is wrong?
George2
I think the MSDN link you referred is more accurate, the MSDN document I refer to is, and you can see aes128 is listed in the sample, I am surprised to see two MSDN documents are conflicting. Do you think the below MSDN document is wrong?http://msdn.microsoft.com/en-us/library/ms731299(VS.85).aspx
George2
The error message tells you what's wrong - you cannot enable reliable messaging over a transport security; you'll need to turn reliable messaging off (<reliableSession enabled="false" />)
marc_s
Thanks Marc, your solution works, but when I use Add Service Reference from client, the client cannot find the service. I am using address https://localhost:9090/MyService to Add Service Reference. Any ideas what is wrong?
George2
I have updated my app.config to disable the reliable session. You can see my updated configuration in my original post. Current issue is, I can not add Service reference from client using address https://localhost:9090/MyService. Any ideas what is wrong?
George2
Have you changed the service behavior to support httpsGetEnabled ??
marc_s
@marc_s, 1. I have tried your posted code works (can add service reference from client side), I saw you disable all security related settings in binding, does it mean if we use https, we can not support mex interface? 2. Yes, I changed the service behavior to support httpsGetEnabled, but not working. I am curious to learn why it does not work and want to make it work in https environment since I need to publish my service in internet environment. Any ideas what is wrong with my configuration (you can see my configurations in my original post).
George2
OK, so the configuration with NO security works - now you can step-by-step start adding security features and see what works or what doesn't :-)
marc_s
If you deploy to an internet scenario, integrated Windows security won't work anymore. How do you plan to do security? Transport-level or message-level? Do you want to use username/password scheme or some form of certificates? You need to know what you want/need - then we can find the config that works for that requirement
marc_s
@marc_s, I want to use transport level (https) when facing internet. I want to encrypt transport message to enable confidential message delivery. I want to learn from you whether it is possible to enable https (facing internet) while enable mex (enable client to add service reference)?
George2
you're mixing a few things up here - either you have TRANSPORT-level security, or you have MESSAGE-level security; one or the other. Check out the new security-related links I provided. You should definitely be able to have your service secured by https and still be able to add a service reference from Visual Studio!
marc_s
Thanks for the links marc!
Terry Donaghe
+2  A: 

The error message is correct, you don't get reliable messages over WSHttp, you need to use a custom binding and protocol.

blowdart
How to fix it? Any ideas?
George2
Do you want to explain exactly what you're trying to achieve - it does look like you're switching things on and off at random (not a criticism, I do that too!), so it's hard to know what to suggest!
blowdart
Thanks! I just want to use wsHttpBinding to develop a service, so simple! :-)I have disabled reliable session in app.config, you can see my updated configuration. But when I use Add Service Reference from client, the client cannot find the service. I am using address https://localhost:9090/MyService to Add Service Reference. Any ideas what is wrong?
George2
I have read your recommended document. Reliable session is not needs. Current issue is I cannot add Service Reference from client side, any ideas what is wrong?
George2
Perhaps too easy: the service must be running for the Add Service Reference wizard to find it.
Dabblernl
Sure it is running. :-)
George2
My service is definitely running, here is the code which I used to self-host the service. If I did not press any key, the service is running, ServiceHost host = new ServiceHost(typeof(MyWCFService)); host.Open(); Console.Read(); host.Close();
George2