I have an issue where I cannot consume the SSRS web services in my production environment but it works in my local development environment and test environment. The only difference is the production environment has the web services installed on a different server, our production database server. However, typing the web service URL into a browser on the production web server correctly prompts for credentials and then loads the web service XML definition when the correct credentials are provided.
The exception I am getting is shown below.
System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentication header received from the server was 'NTLM'. ---> System.Net.WebException: The remote server returned an error: (401) Unauthorized.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelAsyncRequest.CompleteGetResponse(IAsyncResult result)
--- End of inner exception stack trace ---
at System.Runtime.AsyncResult.End[TAsyncResult](IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.SendAsyncResult.End(SendAsyncResult result)
at System.ServiceModel.Channels.ServiceChannel.EndCall(String action, Object[] outs, IAsyncResult result)
at System.ServiceModel.Channels.ServiceChannelProxy.TaskCreator.<>c__DisplayClass5`1.<CreateGenericTask>b__4(IAsyncResult asyncResult)
at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
I have the following XML in my web.config for accessing the SSRS web services.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="ReportingService2010Soap" sendTimeout="00:05:00" maxReceivedMessageSize="5242880">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic" proxyCredentialType="Windows" realm="54.252.119.210"/>
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://xxx/ReportServer/ReportService2010.asmx" binding="basicHttpBinding" bindingConfiguration="ReportingService2010Soap" contract="ReportServer.ReportingService2010Soap" name="ReportingService2010Soap"/>
<endpoint address="http://xxx/ReportServer/ReportExecution2005.asmx" binding="basicHttpBinding" bindingConfiguration="ReportingService2010Soap" contract="ReportExecutionServer.ReportExecutionServiceSoap" name="ReportExecutionServiceSoap"/>
</client>
</system.serviceModel>
I suspect the issue has something to do with the way the production database server is configured, but I have no idea what this could be.
Turns out the issue was the reporting services web services weren't configured to use basic authentication.
SSRS authentication configuration: http://technet.microsoft.com/en-us/library/bb283249(v=sql.105).aspx
SSRS basic authentication configuraiton: http://technet.microsoft.com/en-us/library/cc281309(v=sql.105).aspx
Related
Using VS2019, ASP.NET project running .net 4.0.
I created the soap client adding the Service Reference to the wsdl file. Now I'm configuring the certificate and calls method.
This way worked in the old soap server, but now the soap server changed. I tested with SoapUI using the same Basic Auth configuration and works perfectly, but not with my .Net 4.0 client...
Web.config
<system.serviceModel>
<bindings>
<customBinding>
<binding name="PLATAFORMA">
<textMessageEncoding messageVersion="Soap11WSAddressing10" />
<security
authenticationMode="MutualCertificateDuplex"
messageProtectionOrder="SignBeforeEncrypt"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<secureConversationBootstrap />
</security>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="CERT">
<clientCredentials>
<clientCertificate findValue="ClientCert" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
<serviceCertificate>
<defaultCertificate findValue="*.ServerCert.com" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint
address="endpointURI"
binding="customBinding"
bindingConfiguration="PLATAFORMA"
behaviorConfiguration="CERT"
contract="ServiceReference1.RequestPort1"
name="Request.Request1">
<identity>
<dns value="*.ServerCert.com" />
</identity>
</endpoint>
</client>
</system.serviceModel>
XML Outoing header (catched with intercerptor):
<s:Envelope xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Header>
<a:Action s:mustUnderstand="1">peticionSincrona</a:Action>
<a:MessageID>urn:uuid:e3a5c4bd-f159-48c1-8f3f-cf22da6b7e3b</a:MessageID>
<ActivityId CorrelationId="035f2491-0772-4b1e-a286-9be30720d5ea" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">4d7f76c2-0486-4a81-93ad-32aecf02b035</ActivityId>
<a:ReplyTo>
<a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
</a:ReplyTo>
<VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink">uIDPo9ph/BcvvnBFuLQYdch+LyYAAAAAHsOKxYeqzk+Do5pQmamNIPUdiXOiYjpBl1dsV5pp+SMACQAA</VsDebuggerCausalityData>
</s:Header>
I understand that some information is needed, how can I specify to sign as XMLDsig? why is not soap/envelope/encoding? I need help to configure the soap client.
The server return error 500 with a default tomcat error, is not even soapenv:fault or similar. I think the request envelope is not generating properly.
EDIT: Must be over soap11
Is this the client configuration generated after changing the SOAP server? If it requires the Basic authentication, why do we not need to provide username/password, but just need to provide a client certificate(according to the binding type)?
I suggest you re-generate a client proxy class by adding service reference. this also generates a proper configuration in the webconfig file.
Besides, since the server changes, the server’s certificate used to implement HTTPS security may also change, so the default certificate we provide on the client-side should also be changed.
<serviceCertificate>
<defaultCertificate findValue="*.ServerCert.com" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
</serviceCertificate>
Mutual certificate authentication requires a trust relationship between the client and the server.
<security
authenticationMode="MutualCertificateDuplex"
Not only do we need to install a client certificate on the new server in order to trust the client, we also need to install the server’s certificate on the client-side.
For details,
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/message-security-with-a-certificate-client
Feel free to let me know if there is anything I can help with.
I have an old ASP.NET website that has a WCF service that is used to return a JSON payload. It works fine in localhost, but when I try to deploy it to a shared hosting website, I get an exception:
IIS specified authentication schemes 'IntegratedWindowsAuthentication, Basic, Anonymous', but the binding only supports specification of exactly one authentication scheme. Valid authentication schemes are Digest, Negotiate, NTLM, Basic, or Anonymous. Change the IIS settings so that only a single authentication scheme is used.
I cannot make this change as it is a shared environment.
Is there something I need to change in my configuration in Web.config with regards to the service? Here's what I've got:
<system.serviceModel>
<services>
<service name="BoggleService">
<endpoint binding="webHttpBinding" contract="Solver" behaviorConfiguration="webHttp"/>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="webHttp">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
I also had this configuration, but it was commented out (like I said, a project from long ago, trying to resurrect it):
<serviceHostingEnvironment>
<baseAddressPrefixFilters>
<add prefix="http://www.example.com/"/>
</baseAddressPrefixFilters>
</serviceHostingEnvironment>
But if I uncomment that and include it, I get the following exception in both localhost and in the shared hosting website:
Index was out of range. Must be non-negative and less than the size of the collection.
Here's the full stack trace:
[ArgumentOutOfRangeException: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index]
System.ThrowHelper.ThrowArgumentOutOfRangeException(ExceptionArgument argument, ExceptionResource resource) +64
System.ThrowHelper.ThrowArgumentOutOfRangeException() +15
System.Collections.Generic.List`1.get_Item(Int32 index) +7515544
System.ServiceModel.Web.WebServiceHost.AddAutomaticWebHttpBindingEndpoints(ServiceHost host, IDictionary`2 implementedContracts, String multipleContractsErrorMessage) +82
System.ServiceModel.Web.WebServiceHost.OnOpening() +203
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +229
System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +121
System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +479
[ServiceActivationException: The service '/Solver.svc' cannot be activated due to an exception during compilation. The exception message is: Index was out of range. Must be non-negative and less than the size of the collection.
Parameter name: index.]
System.ServiceModel.AsyncResult.End(IAsyncResult result) +11667006
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +194
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.ExecuteSynchronous(HttpApplication context, Boolean flowContext) +176
System.ServiceModel.Activation.HttpModule.ProcessRequest(Object sender, EventArgs e) +275
System.Web.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() +68
System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) +75
And this is coming from within the bowels of WCF - it's not coming from my code (the stack trace shows it never gets to my code and if I run the debugger and set a breakpoint in my code, it is never reached).
And interestingly, if I set the <baseAddressPrefixFilters> setting to http://localhost, it works on localhost! But not on production.
Thanks!
I think the problem could be simplified given that it uses the WebHttpBinding to host Restful style service.
In .net4.5, we could use the following simplified configuration to host the Restful style service.
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior>
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<protocolMapping>
<add binding="webHttpBinding" scheme="http" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
By default, the webhttpbinding use WebHttpSecurityMode.None. So it is unlikely that the authentication schema error above will occur. If necessary, don't forget to enable the authentication mode in IIS authentication module.
Try to replace your configuration with mine and provide a http binding in IIS site binding module.
Feel free to let me know If there is anything I can help with.
I have a library that contains a Service Reference generated proxy to a remote ASMX web service. When I try to call methods on that proxy from an ASP.NET application, I get the following error:
System.ServiceModel.EndpointNotFoundException: There was no endpoint
listening at https://domain.com/path/to/the.asmx that could accept the
message. This is often caused by an incorrect address or SOAP action.
See InnerException, if present, for more details. --->
System.Net.WebException: The remote server returned an error: (404)
Not Found.
However, if I call the same methods from a simple console app dropped into the bin folder (and therefore referencing the exact same libraries), it works. I have the same, simple configuration in web.config and the console app's app.config:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="ServicesSoap12">
<textMessageEncoding messageVersion="Soap12" />
<httpsTransport />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://domain.com/path/to/the.asmx"
binding="customBinding" bindingConfiguration="ServicesSoap12"
contract="TheContract" name="ServicesSoap12" />
</client>
</system.serviceModel>
Tracing revealed no further useful information. The ASMX endpoint is definitely available. What could cause this behavior, and what other troubleshooting steps can I take?
This turned out to be a parameter issue. My production code was passing null for an optional string parameter, but my test code was passing a guid. The parameter is optional in the contract, so I don't understand why it triggered a 404, but I'm able to consistently reproduce the problem by passing null.
The contract parameter is defined as follows:
<s:element minOccurs="0" maxOccurs="1" name="userdef1" type="s:string"/>
The 404 error threw me off from the beginning. It's a reminder to always write your test code exactly like the code that doesn't work.
I have a ASP.Net web site that get all business logic from a WCF hosting site (IIS). Once in a while, it looks like the backend WCF frozen and that makes web front-end stop responding. I have to recycle both application pools to make it work again.
It happens more often lately, could be because we have more & more customers using the site. Before, it happens once every month, now it happens once every week. Maybe more.
We DO Close connection after each SVC call.
Error message received in Event Log after I recycle the pool
Message: System.ServiceModel.CommunicationException: An error occurred while receiving the HTTP response to .........../.....BusinessServices.svc. This could be due to the service endpoint binding not using the HTTP protocol. This could also be due to an HTTP request context being aborted by the server (possibly due to the service shutting down). See server logs for more details. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host
Web.config of the web app:
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IBusinessServices" closeTimeout="00:31:00" openTimeout="00:31:00"
receiveTimeout="00:10:00" sendTimeout="00:31:00"
bypassProxyOnLocal="false" transactionFlow="false"
hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288"
maxReceivedMessageSize="2147483647" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="999" maxStringContentLength="2147483647" maxArrayLength="1638400"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
<message clientCredentialType="Windows" negotiateServiceCredential="true" algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8890/MyBusinessServices.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IBusinessServices"
contract="MyBusinessServices.IBusinessServices"
name="WSHttpBinding_IBusinessServices" />
</client>
Web.config of the WCF service, with throttling set to 1500
.....
<behavior name="AppServiceBehaviors">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceTimeouts transactionTimeout="00:15:00" />
<serviceThrottling maxConcurrentCalls="1500" maxConcurrentSessions="1500"
maxConcurrentInstances="2147483647" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
This problem is intermittent but it's driving me crazy. Any ideas/suggestions is appreciated.
Eric
The issue you are facing right now can be due to many other factors that needs a lot more description than what we currently have.
The thrown exception is a kind of generic exception that may point to many scenarios possible. For example, if you have a load balancer in front of your service servers and one of them has an error in runtime but the other does not. Another example is the sql server is creating an exception at server side, but your wrapping exceptions may not send the related information to your client. So you cannot know exactly what is going on.
I have a few suggestions for you to check:
I can see that you have expressed that you are closing connection after each call. But you need to make sure that the calls that receive an exception is also closed. So your svc calls should look like this:
try
{
if (this.client != null)
{
IClientChannel channel = this.client as IClientChannel;
if (channel.State == CommunicationState.Faulted)
{
channel.Abort();
}
else
{
channel.Close();
}
}
}
finally
{
this.client = null;
}
Other than that, you may also want to check your Application Pool settings on IIS. You can make sure from event logs, that you are not forced to recycle/shutdown with Maximum Failures setting. (In advanced app pool settings - rapidFailProtectionMaxCrashes)
My 2 cents for you,
Service abort - error due to fatal error occurred inside,
Make sure while debugging WCF in VS IDE in Dev, keep the Exceptions(Ctrl D,E), check all "unhandled exception" columns. This enables IDE to break the application code line exactly, inspite of the CATCHes..this will unearth any bugs.
Please do let us know, if any findings here...
Good Luck,
HydTechie
I am having a tough time deploying a web site to IIS 7 on Windows Server 2008.
The site works fine until it tries to make calls to a WCF service hosted on the same host.
Everything works great for the service from my workstation when the web is ran in Visual Studio 20008
using the exact same web config etc. As soon as I deploye the web in a virtual directory on the server
Bam. Authentication errors. It also works as is when both are deployed on a Windows 2003 Server. What
is different about Server 2008 that is causing this? HELP! Please.
In case it is important, all of the service operations require Active Directory group membership for the
ASP.net page's authenticated user and are adorned as:
[PrincipalPermission(SecurityAction.Demand, Role = "SOAMemberShipService")]
I get the following error from the web site:
The request for security token could not be satisfied because authentication failed.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.ServiceModel.FaultException: The request for security token could not be satisfied because authentication failed.
Source Error:
Line 919:
Line 920: public HSMembersService.MemberSearchResult SearchMembers(HSMembersService.MemberSearch MemberInfoToSearch) {
Line 921: return base.Channel.SearchMembers(MemberInfoToSearch);
Line 922: }
Line 923: }
Source File: c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs Line: 921
Stack Trace:
[FaultException: The request for security token could not be satisfied because authentication failed.]
System.ServiceModel.Security.SecurityUtils.ThrowIfNegotiationFault(Message message, EndpointAddress target) +6375432
System.ServiceModel.Security.IssuanceTokenProviderBase`1.ThrowIfFault(Message message, EndpointAddress target) +25
System.ServiceModel.Security.SspiNegotiationTokenProvider.GetNextOutgoingMessageBody(Message incomingMessage, SspiNegotiationTokenProviderState sspiState) +173
[SecurityNegotiationException: The caller was not authenticated by the service.]
System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) +4596611
System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) +1713
HSMembersService.IHSMembersService.SearchMembers(MemberSearch MemberInfoToSearch) +0
HSMembersService.HSMembersServiceClient.SearchMembers(MemberSearch MemberInfoToSearch) in c:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\csrweb\a4d18657\a6d0910d\App_WebReferences.jgx1svpr.0.cs:921
_default.btnSearch_Click(Object sender, EventArgs e) in e:\CSRWeb\default.aspx.cs:114
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +131
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +140
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +39
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +3215
ASP.net web site's web.config (relevant Service portion):
Services web.config:
<!-- Service Endpoints -->
<!-- Unless fully qualified, address is relative to base address supplied above -->
<endpoint address ="" binding="wsHttpBinding" contract="HSMembersService.IHSMembersService" bindingConfiguration="wsHttpBindingConfig">
<!--
Upon deployment, the following identity element should be removed or replaced to reflect the
identity under which the deployed service runs. If removed, WCF will infer an appropriate identity
automatically.
-->
<!--<identity>
<dns value="localhost"/>
</identity>-->
</endpoint>
<!-- Metadata Endpoints -->
<!-- The Metadata Exchange endpoint is used by the service to describe itself to clients. -->
<!-- This endpoint does not use a secure binding and should be secured or removed before deployment -->
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBindingConfig" >
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="HSMembersService.HSMembersServiceBehavior">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<serviceAuthorization principalPermissionMode="UseWindowsGroups" />
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" /><!-- Change this before deployment -->
</behavior>
</serviceBehaviors>
</behaviors>
Okay, no answers here nor on the MSDN subscription groups.
So, I tried everything. And I mean everything. After what seemed like several days but in reality was probably only 20 hours, it works!
All I did was move the physical path the services files i.e. .dll, .svc etc. to a directory off of my c:root versus the wwwroot and it worked. I had to update my virtual directory to point to it of course.
Why did this location cause a problem? Does IIS7.0/Windows server 2008 change something that doesn't allow services to be deployed from a physical location of wwwroot? I'll probably never find out because I will never try to deploy another service from there.
I triple-checked all account/directory permissions and the ones in the new physical path are identical to the ones in the old physical path so no good there.
If anyone finds out why or knows why. Please let me/us know.
Thanks,
Eddie