I want to use a wcf service in my asp.net application that uses integrated windows-authentication however all the requests to my Model.svc are 401 Unauthorized.
If I change clientCredentialType="Windows" to clientCredentialType="Ntlm" every request is Unauthorized 2 times and the 3rd one is successful.
Here is my web.config:
<configuration>
<appSettings>
</appSettings>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<authentication mode="Windows" />
</system.web>
<!--WCF Configuration-->
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="true"/>
<bindings>
<webHttpBinding>
<binding name="WebHttpBinding_IModel">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</webHttpBinding>
</bindings>
<client />
<services>
<service behaviorConfiguration="ServiceBehavior" name="Model">
<endpoint address="" behaviorConfiguration="JsonBehavior" binding="webHttpBinding" bindingConfiguration="WebHttpBinding_IModel" contract="IModel">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="JsonBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
2 times unauthorized and third working is a part of the protocol. That is the way NTLM authentication works. Is this posing a problem? WCF is made to handle such scenarios, and so your WCF authentication call will work fine.
Related
All,
Env:
Asp.net 4.0
IIS 7 (or greater)
WCF service consumed by SL component
Authentication:
Anonymous/Forms
When I attempt to browse to my WCF web service (using browser) I get the following exception on my web service, I need to get rid of this error:
The authentication schemes configured on the host ('IntegratedWindowsAuthentication') do not allow those configured on the binding 'BasicHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement.
I looked at ALL related posts and none of them help me.
I am not using any authentication or user/pwd transmission for my service.
The service I need to get working is consumed by Silverlight component and has this name in web.config file:
Htmls.WebStore.Services.WebStoreServices (ignore the other service).
Here's my web.config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="WebStoreServices_InsecureTransport" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="4096" />
<security mode="None" />
</binding>
<binding name="basicHttpBinding" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647">
<security mode="None" />
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="SitefinityWebApp.Sitefinity.Services.Content.EventsAspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="EndpBehavior">
<webHttp />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="Telerik.Sitefinity.Web.Services.LocalizationBehavior" />
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="Htmls.WebStore.Services.WebStoreServices">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="WebStoreServices_InsecureTransport" contract="Htmls.WebStore.Services.IWebStoreServices" />
</service>
<service name="SitefinityWebApp.Sitefinity.Services.Content.Events">
<endpoint address="" behaviorConfiguration="SitefinityWebApp.Sitefinity.Services.Content.EventsAspNetAjaxBehavior" binding="webHttpBinding" contract="SitefinityWebApp.Sitefinity.Services.Content.Events" />
</service>
</services>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
The exception was caused by having incorrect permission on the folder where the xxxxx.svc file was. The folder was locked down using security permissions.
I've got an ASP.NET website on my development server (test2.com) that contains two WCF services that are set up in their own IIS application in a subdirectory of that site (test2.com/services). Everything is working on this site as it should. I'm now ready to move this website and the services to my production server (test.com and test.com/services), and I'm continually getting an HTTP 400 message no matter what I try. I've updated the service references on the production website and renamed the appropriate references on the services to point to the production URL. I've also made the appropriate updates in my client web.config file to the following:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_IChatService" />
<binding name="BasicHttpBinding_IOnlineUsersService" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://test.com/services/ChatService.svc/services/chatservice.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IChatService"
contract="Chat.IChatService" name="BasicHttpBinding_IChatService" />
<endpoint address="http://test.com/services/OnlineUsersService.svc/services/onlineusersservice.svc"
binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IOnlineUsersService"
contract="OnlineUsers.IOnlineUsersService" name="BasicHttpBinding_IOnlineUsersService" />
</client>
</system.serviceModel>
The appropriate web.config file on the service contains the following:
<system.serviceModel>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="ChatServiceLibrary.ChatService">
<endpoint address="/services/chatservice.svc" binding="basicHttpBinding" contract="ChatServiceLibrary.IChatService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
<service name="ChatServiceLibrary.OnlineUsersService">
<endpoint address="/services/onlineusersservice.svc" binding="basicHttpBinding" contract="ChatServiceLibrary.IOnlineUsersService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="metadataBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
The web services themselves work fine if I call them from a web browser. What am I missing?
I am working with WCF OData Services and trying to use basic authentication. When I browse to my OData Services in a web browser I get the username/password prompt. But when I enter a user name and password my custom serviceAuthenticationManagerType does not get called and the login fails. Do I have something configured wrong?
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="basicHttp">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Basic"/>
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="dataServiceBehavior">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="WcfResearch.AuthorizationManagers.WcfResearchAuthorizationPolicy, WcfResearch.AuthorizationManagers" />
</authorizationPolicies>
</serviceAuthorization>
<serviceAuthenticationManager authenticationSchemes="Basic" serviceAuthenticationManagerType="WcfResearch.AuthorizationManagers.WcfResearchAuthenticationManager, WcfResearch.AuthorizationManagers"/>
</behavior>
</serviceBehaviors>
</behaviors>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<services>
<service name="WcfResearch.WcfDataService1" behaviorConfiguration="dataServiceBehavior">
<endpoint binding="webHttpBinding" bindingConfiguration="basicHttp" contract="System.Data.Services.IRequestHandler" />
</service>
</services>
I'm getting the following error when my ASP.NET 4.0 site loads, and it's because of my WCF service settings in the web.config file (I'm just not enough of a WCF expert and Google isn't helping :)):
The endpoint at '[Path to my Service.svc]' does not have a Binding
with the None MessageVersion.
'System.ServiceModel.Description.WebScriptEnablingBehavior' is only
intended for use with WebHttpBinding or similar bindings.
I was using webHttpBinding but was getting the following error, so now I'm using basicHttpBinding after following the advice of this post:
Security settings for this service require 'Anonymous' Authentication
but it is not enabled for the IIS application that hosts this
service.
Anyways, here's the relevant info from my web.config. Please help!
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="ABC.ProjectName.Web.ServiceBehavior">
<serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="ABC.ProjectNameDell.Web.ServiceBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"
aspNetCompatibilityEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="webHttpBinding_AnonymousDisabled" >
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="ABC.ProjectName.Web.AjaxService" >
<endpoint address="/"
behaviorConfiguration="ABC.ProjectName.Web.ServiceBehavior"
binding="basicHttpBinding"
contract="ABC.ProjectName.Web.AjaxService" />
</service>
</services>
</system.serviceModel>
You can't use basicHttpBinding with enableWebScript. Set your binding to WebHttpBinding.
<service name="ABC.ProjectName.Web.AjaxService" >
<endpoint address="/" behaviorConfiguration="ABC.ProjectName.Web.ServiceBehavior"
binding="webHttpBinding"
contract="ABC.ProjectName.Web.AjaxService" />
</service>
I am kinda new to WCF and the setting up of service and have 2 questions. My first question I have a service that will be accessed via https on a web server. However locally on my local IIS7, it will be accessed via http as https is not available. How can I set up a service to be accessed by both?
My second question is regarding how I can set up a service that requires a username and password to be accessed. The service that I have in place I dont want methods within it to be accessed unless the calling application has the rights to do so?
Here is an example of the relevant area of my web.config file.
<system.serviceModel>
<bindings>
<webHttpBinding>
<!-- standard AJAX binding that supports SSL -->
<binding name="TransportSecurity">
<security mode="Transport" />
</binding>
<!-- standard AJAX binding for HTTP only -->
<binding name="NoSecurity">
<security mode="None" />
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="EndPointBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceDebug httpHelpPageEnabled="false" httpsHelpPageEnabled="false" includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" />
<services>
<service behaviorConfiguration="ServiceBehavior" name="ServiceName">
<endpoint address=""
behaviorConfiguration="EndPointBehavior"
binding="webHttpBinding"
bindingConfiguration="NoSecurity"
contract="App.Service.ServiceName" />
</service>
</services>
<diagnostics>
<messageLogging logMessagesAtTransportLevel="true" logMessagesAtServiceLevel="false" logMalformedMessages="true" logEntireMessage="false" maxSizeOfMessageToLog="65535000" maxMessagesToLog="500" />
</diagnostics>
</system.serviceModel>
In this config, the service is set up for http only and not username/password applied to it.
You can add the username password configuration to your bindings:
<security mode="Transport">
<transport clientCredentialType="Basic" />
</security>
and
<security mode="TransportCredentialOnly"> <!-- This means http + credential -->
<transport clientCredentialType="Basic" />
</security>
As for authorization, there are a bunch of options. The very simplest is to apply a custom username password validator (artibtrary example taken from Link):
<serviceBehaviors>
<behavior name="CustomValidator">
<serviceCredentials>
<userNameAuthentication
userNamePasswordValidationMode="Custom"
customUserNamePasswordValidatorType=
</behavior>
</serviceBehaviors>
At a more sophisticated level, read up on the ServiceAuthorizationManager:
http://msdn.microsoft.com/en-us/library/system.servicemodel.serviceauthorizationmanager.aspx