tags:

views:

1913

answers:

3
+2  Q: 

How can I generate a client proxy for a WCF service with an HTTPS endpoint?

Might be the same issue as this previuos question: WCF Proxy but not sure...

I have an HTTPS service connfigured to use transport security and, I hope, Windows credentials. The service is only accessed internally (i.e. within the intranet). The configuration is as follows:

<configuration>
  <system.serviceModel>
    <services>
      <service name="WCFTest.CalculatorService" behaviorConfiguration="WCFTest.CalculatorBehavior">
        <host>
          <baseAddresses>
            <add baseAddress = "https://localhost:8000/WCFTest/CalculatorService/" />
          </baseAddresses>
        </host>
        <endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>    
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <bindings>
      <basicHttpBinding>
        <binding name="basicHttpBindingConfig">
          <security mode="Transport">
            <transport clientCredentialType = "Windows"/>
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WCFTest.CalculatorBehavior">          
          <serviceAuthorization impersonateCallerForAllOperations="false"  principalPermissionMode="UseWindowsGroups" />
          <serviceCredentials >
            <windowsAuthentication allowAnonymousLogons="false" includeWindowsGroups="true" />
          </serviceCredentials>
          <serviceMetadata httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

When I run the service I can't see the service in IE. I get a "this page can not be displayed" error. If I try and create a client in VS2008 via the "add service reference" wizard I get this error:

There was an error downloading 'https://localhost:8000/WCFTest/CalculatorService/'. There was an error downloading 'https://localhost:8000/WCFTest/CalculatorService/'. The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. Metadata contains a reference that cannot be resolved: 'https://localhost:8000/WCFTest/CalculatorService/'. An error occurred while making the HTTP request to https://localhost:8000/WCFTest/CalculatorService/. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. The underlying connection was closed: An unexpected error occurred on a send. Authentication failed because the remote party has closed the transport stream. If the service is defined in the current solution, try building the solution and adding the service reference again.

I think I'm missing some fundamental basics here. Do I need to set up some certificates? Or should it all just work as it seems to do when I use NetTcpBinding?

Thanks

A: 

ng5000,

Seems like you may have another issue here (maybe IIS). Do you have any issues with transport-level security off? I would also make sure you can get to the web address in IE before checking the WCF stuff. Sounds like a IIS setting that's not correct in the security tab.

If its still a problem try building the proxy with transport-level security off and then go back and change both configs to transport level windows security and see what happens.

-Bryan

Bryan Corazza  2009-04-02 19:26:31
I'm not using IIS, I'm self hosting with a little console app.
ng5000  2009-04-03 08:14:46
A: 

Change

<endpoint address ="basicHttpEP" binding="basicHttpBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>

to

<endpoint address ="basicHttpEP" binding="basicHttpsBinding" contract="WCFTest.ICalculatorService" bindingConfiguration="basicHttpBindingConfig"/>
 2009-04-09 20:15:31
If u did not recognize the difference, check the s in the binding
Costa  2010-06-28 08:27:55
A:  
...
<security defaultAlgorithmSuite="Default" authenticationMode="IssuedTokenOverTransport"
                    requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
                    keyEntropyMode="CombinedEntropy" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                    <issuedTokenParameters keyType="SymmetricKey" tokenType="" />
...

here is my workaround. I got above config file and changed authenticationMode from "IssuedTokenOverTransport" to "UserNameOverTransport". It resolved issue on my environment.

bird  2010-04-21 04:02:08

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security