I have an IIS hosted WCF service with the following binding configuration (I removed all the attributes from the binding for space) for wsHttpBinding and TransportWithMessageCredential
<wsHttpBinding>
<binding name="BindingName" .../>
<security mode="TransportWithMessageCredential">
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
with a service behaviour of:
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="Windows" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
Anonymous authentication is disabled and windows authentication enabled.
On the client side the Credentials are being set using a valid windows user and password but i get the following exception on every call to the service:
The HTTP request is unauthorized with client authentication scheme
'Anonymous'. The authentication header received from the server was
'Negotiate,NTLM'. --->
System.ServiceModel.Security.MessageSecurityException: The HTTP
request is unauthorized with client authentication scheme 'Anonymous'.
The authentication header received from the server was
'Negotiate,NTLM'. ---> System.Net.WebException: The remote server
returned an error: (401) Unauthorized.
With a self hosted version of the WCF service it works fine running under a valid windows account.
Any help is appreciated.
Enabling Windows authentication in IIS requires that the credentials are supplied on the transport layer whereas your configuration defines that authentication happens at the message layer
To fix this problem you need to do one of the following
1) enable anonymous access in IIS as authentication will be handled at the message layer
or
2) update your security mode to be transport
<wsHttpBinding>
<binding name="BindingName" .../>
<security mode="Transport">
<transport clientCredentialType="Ntlm" />
</security>
</binding>
</wsHttpBinding>
Related
I have made a REST service that receives a ZIP-file, process and check some stuff, and returns an ID. This works fine for smaller ZIP-files, but when sending larger files (currently testing with 17 Mb), and the processing takes longer, the service returns "502 Bad gateway - Web server received an invalid response while acting as a gateway or proxy server".
I have tried to change all the variables I could find in the web config:
<binding name="webHttpTransportSecurity" maxReceivedMessageSize="163840000" maxBufferSize="163840000" closeTimeout="04:00:00" openTimeout="04:00:00" receiveTimeout="04:00:00" sendTimeout="04:00:00">
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<requestFiltering>
<requestLimits maxAllowedContentLength="2147483648" />
<httpRuntime maxRequestLength="2147483647" enable="true" requestLengthDiskThreshold="10240" useFullyQualifiedRedirectUrl="true" executionTimeout="1000" appRequestQueueLimit="4000000" />
<serviceBehaviors>
<behavior>
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
Anyone have any idea how to make this work with bigger files? Where is this restriction, in IIS or something?
UPDATE: my code on server continue to run in the background and receives the whole file even though the caller of the service gets 'bad gateway'. So this is a 'false' 502.
I have created a Workflow service using Microsoft WF (https://msdn.microsoft.com/en-us/library/ff432975%28v=vs.110%29.aspx)
When i run the service in visual studio I'm getting the below error
Error: Cannot obtain Metadata from http://localhost/OrderService/Service1.xamlx
If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address.
For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: http://localhost/OrderService/Service1.xamlx
Metadata contains a reference that cannot be resolved: 'http://localhost/OrderService/Service1.xamlx'.
The server did not provide a meaningful reply; this might be caused by a contract mismatch, a premature session shutdown or an internal server error.HTTP GET Error URI: http://localhost/OrderService/Service1.xamlx
There was an error downloading 'http://localhost/OrderService/Service1.xamlx'. The request failed with an empty response.
My config is below. I have added the Meta Exchange lines in the config file also.
<system.serviceModel>
<services>
<service behaviorConfiguration="metadataBehavior" name="MyService">
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="metadataBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true"/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<!--Connection String for the WF SQL Presistance-->
<sqlWorkflowInstanceStore connectionString="Data Source=AAAAA;Initial Catalog=KK_SQLPersistenceStore;Asynchronous Processing=True" instanceEncodingOption="None" instanceCompletionAction="DeleteAll" instanceLockedExceptionAction="BasicRetry" hostLockRenewalPeriod="00:00:30" runnableInstancesDetectionPeriod="00:00:02" />
<workflowIdle timeToUnload="0"/>
</behavior>
</serviceBehaviors>
</behaviors>
Try changing you endpoint address to this
<endpoint address="http://localhost/OrderService/Service1.xamlx/mex" binding="mexHttpBinding" contract="IMetadataExchange" />
I have a WCF web service built in .NET 4.0 that is configured to require a username/password on each call and uses a Server certificate in the behaviour to encrypt the request. It currently uses wsHttpBinding. I have a .NET 4 utility app that lets me call the methods on this WCF web service just fine.
I need to call this service from a .NET 2.0 class library. The library is in VS 2010 but targetting .NET 2.0 - I would like to simply switch to .NET 4.0 but can't for political reasons and time constraints. So therefore wsHttpBinding and the server certificate as used now are out of the question from what I've read so far.
From reading bits and pieces I did the following:
Changed the binding to use
basicHttpBinding
Removed mention of the server certificate from the behaviours
Installed and
enabled WSE on the class library
project.
Try to use on the WCF web service methods in .NET 2.0 winforms app - epic fail!!
It doesn't matter how I seem to configure the binding at the server end HTTPS is just not acceptible; the only way to get it to let me call it at all is do use security mode of "None", grrrghhh! That of course allows me to call it but then the username/password details are not supplied and never get set on the WCF service and hence when it eventually tries to save it fails because the user ID is 0.
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="false"/>
<services>
<service name="MyService.NameHere" behaviorConfiguration="NameOfMyConfigHere">
<endpoint binding="basicHttpBinding" bindingConfiguration="basicBinding" contract="DirectoryServices.IDirectorySubmitService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="MyBehaviourName">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="basicBinding" maxReceivedMessageSize="5242880">
<readerQuotas maxStringContentLength="5242880"/>
<security mode="None">
<transport clientCredentialType="Basic" proxyCredentialType="Basic" />
<message clientCredentialType="UserName"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
If anyone could help me figure out the correct magic mumbo to put in I would be most appreciated.
All I want to do is call a WCF web method supplying a username/password and have it use SSL to encrypt. The service is running on IIS. The client is a winforms app.
The .NET 2.0 Framework does not include WCF (which was introduced in 3.0), so I don't see how you will achieve this easily. You might have to tell the politicians to bite the bullet and migrate to .NET 4.0.
I'm doing a iCal Service to allow sync between Calendar instances and runs fantastic on localhost (under VS2010 Web Server)
But now That I hosted on a Windows 2008 R2 (IIS 7.5.7600) I couldn't create not even update an event :-o
Thunderbird always said
So I rush into Fiddler and found out the problem
a 405 error
That says PUT is not allowed :(
How can I enabled this method? Application Pool? WebSite definition? IIS Settings?
We just need to remove the WebDav Service
Control Panel > Program and Features > Turn Windows features on or off
then navigate to Server Manager > Roles > Web Server (IIS) and wait until Roles Services come up.
Then Remove Role Service and Remove WebDAV Publishing
You need to restart the Server to finalize this action.
I hope it helps someone
You can do it from configuration file.
<system.webServer>
<handlers>
<remove name="WebDAV" />
<remove name="ExtensionlessUrlHandler-ISAPI-4.0_64bit" />
<add name="ExtensionlessUrlHandler-ISAPI-4.0_64bit"
path="*."
verb="GET,HEAD,POST,DEBUG,PUT,DELETE,PATCH,OPTIONS"
modules="IsapiModule"
scriptProcessor="%windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll"
preCondition="classicMode,runtimeVersionv4.0,bitness64"
responseBufferLimit="0" />
</handlers>
</system.webServer>
Source: http://www.asp.net/web-api/overview/testing-and-debugging/troubleshooting-http-405-errors-after-publishing-web-api-applications
I have a j2ee web application using spring web flow ang spring security. I want to redirect the user to page(maybe an error page) if the user's role has no access on the page being accessed because currently I get the error
Error 404--Not Found
From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
10.4.5 404 Not Found
The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
If the server does not wish to make this information available to the client, the status code 403 (Forbidden) can be used instead. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address.
How do I do this redirection.I tried the access-denied-page attribute of security:http but I still get the error. Here's my configuration for security-http.
By the way.I am using Spring Faces and Facelets. Could this have been the cause of the problem?
<!-- Configure Spring Security -->
<security:http auto-config="true" access-denied-page="/deniedpage.xhtml"
session-fixation-protection="newSession">
<security:intercept-url pattern="/main.do"
access="ROLE_SUPERVISOR, ROLE_USER" />
<security:intercept-url pattern="/logoutSuccess.do"
access="ROLE_SUPERVISOR, ROLE_USER" />
<security:intercept-url pattern="/edit.do"
access="ROLE_SUPERVISOR" />
<security:intercept-url pattern="/register.do"
access="ROLE_SUPERVISOR" />
<security:intercept-url pattern="/admin_main.do"
access="ROLE_SUPERVISOR" />
<security:intercept-url pattern="/*"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:form-login login-page="/loginForm.do"
default-target-url="/main.do" authentication-failure-url="/loginForm.do?login_error=1" />
<security:logout logout-url="/logout.do"
invalidate-session="true" logout-success-url="/logoutSuccess.do" />
<security:concurrent-session-control
max-sessions="-1" exception-if-maximum-exceeded="true" expired-url="/loginform.do" />
</security:http>
The access-denied-page attribute of security:http should be enough, show us the Spring configuration you are using.
In the meantime try adding this to web.xml:
<error-page>
<error-code>404</error-code>
<location>notfound.jsp</location>
</error-page>