tags:

views:

360

answers:

1
Q: 

WsHttpBinding with security mode TransportWithMessageCredential in IIS 7 not working

Hi everybody

We are currently migrating a WCF service from IIS 6 to IIS 7. The service contains some non-SSL endpoints for internal streaming purposes and some exposed endpoints secured with SSL.

The public, secure endpoints are implemented using wsHttpBinding and security mode="TransportWithMessageCredential". The binding reads as follows:

<wsHttpBinding>
  <binding name="CustomSecurityBinding">
    <security mode="TransportWithMessageCredential">
      <message clientCredentialType="UserName" />
    </security>
  </binding>
</wsHttpBinding>

The credentials are authenticated against a custom user repository for validation.

After deploying the service to IIS 7 (64bit Win2k8), all services (basicHttpBindings) respond correctly, expect for the wsHttpBindings. If triggered using https, we always get a HTTP 400 status code (Bad Request).

After enabling tracing in IIS, we could kinda narrow down the problem, although the message from the trace did not really help:

MODULE_SET_RESPONSE_ERROR_STATUS Warning
ModuleName="ManagedPipelineHandler", Notification="EXECUTE_REQUEST_HANDLER",
HttpStatus="400", HttpReason="Bad Request", HttpSubStatus="0", ErrorCode="Der
Vorgang wurde erfolgreich beendet. (0x0)", ConfigExceptionInfo=""

Steps done so far:

  • re-installed WCF extensions in IIS 7 (ServiceModelReg.exe -r -y)
  • enabled https protocol for host, added self-signed certificate to host
  • played around with dns/identity setting in wcf configuration
  • added a base address to wcf service config

After 2 hours of googling and trying to make this work, i ask you as a last resort of hope: Does anybody know this strange behaviour of IIS 7?

A: 

Have you verified that the SSL binding is configured in applicationHost.config (%windir%\system32\inetsrv\config\schema\IIS_Schema.xml) and that the HTTP.sys store contains a valid certificate has and store name for the binding? Secondly, the true error could be masked by the 400 error, have you tried altering your wsHttpBinding in configuration to increase the maxBufferPoolSize and maxReceivedMessageSize to some extremely high values and see if this continues?

RandomNoob  2010-06-03 18:24:28
How can i check for the SSL binding inside applicationHost.config? I searched for ssl inside the xml file, but only found irrelevant settings.The certificate is installed correctly, setting maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" on the wsHttpBinding still leads to HTTP 400.0 status code.
schaermu  2010-06-04 03:37:27
Do you see a <sites> section? There should be a bindings section within it, inside bindings there should be a protocol which should have https
RandomNoob  2010-06-04 16:55:06
thanks alot, binding was missing :) working like a charm now!
schaermu  2010-06-07 19:19:33

related questions

Why is access denied when installing SSL cert on IIS 5?
What does a PHP developer need to know about https / secure socket layer connections?
Am I turning away customers by disabling SSL 2.0 and PCT 1.0 in IIS5?
Coding Dojo with IE and SSL
Enforce SSL in code in an ashx handler
How to connect to PostgreSQL from .NET using TLS with both client and server authentication?
HELP SSL GURUs!!! ... Problems with SSL Connection
What's a clean/simple way to ensure the security of a page?
How to specify accepted certificates for Client Authentication in .NET SslStream
SharePoint stream file for preview
Problem with Oracle Application Server SSL Certificates
Is there a limit with the number of SSL connections?
Testing HTTPS files with MAMP
Cheapest SSL certificates
Limiting traffic to SSL version of page only
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Is there a way to make Firefox ignore invalid ssl-certificates?
How do I create a self signed SSL certificate to use while testing a web app.
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
HTTPS in IIS 5.1
How do you redirect HTTPS to HTTP?
Debugging: IE6 + SSL + AJAX + post form = 404 error
How do I add SSL to a .net application that uses httplistener - it will *not* be running on IIS
Options for Google Maps over SSL