I'm connecting to a WCF service in an ASP.NET app. I'm logging in using one username and password and passing the actual username of whoevever is logged into the ASP.NET web app in a message header as below.
using (OperationContextScope scope = new OperationContextScope(myService2.InnerChannel))
{
Guid myToken = Guid.NewGuid();
MessageHeader<string> messageHeader = new MessageHeader<string>(HttpContext.Current.User.Identity.Name);
MessageHeader untyped = messageHeader.GetUntypedHeader("token", "ns");
OperationContext.Current.OutgoingMessageHeaders.Add(untyped);
lblResult.Text = myService2.GetData(1231);
}
I'm also using a service certificate as below
<serviceCredentials>
<serviceCertificate findValue="CN=tempCert" />
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="MySqlMembershipProvider" />
</serviceCredentials>
What I'm worried about is whether this sufficient protection to stop people getting at the username stored in the message header?
ASP.NET config is
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="NewBehavior">
<clientCredentials>
<serviceCertificate>
<authentication revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false"/>
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None" realm=""/>
<message clientCredentialType="UserName" negotiateServiceCredential="true" algorithmSuite="Default" establishSecurityContext="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/WCFTestService/Service.svc" behaviorConfiguration="NewBehavior" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint" contract="WCFTestService.IService" name="wsHttpEndpoint">
<identity>
<certificate encodedValue=""/>
</identity>
</endpoint>
</client>
</system.serviceModel>
and at the service side its
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security>
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="Service">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
name="wsHttpEndpoint" contract="IService">
<!--<identity>
<dns value="" />
</identity>-->
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<serviceCredentials>
<serviceCertificate findValue="CN=tempCert" />
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
membershipProviderName="MySqlMembershipProvider" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
The big question is: do you have any kind of transport-level or message-level security enabled on your binding? What binding are you using?
If you have transport-level security (typically through using HTTPS over SSL), then you have a point-to-point encrypted transport channel which I would deem very safe.
If you have message-level security using a certificate on the client, too, and you do encrypt the whole message, then you should be safe, too.
It really boils down to what binding you're using and what security settings you're using on that binding. Show us the server's config !
Marc
Related
When using firebug, I got this wired error "NetworkError: 415 Cannot process the ...xt/xml; charset=utf-8 in my asp.net project.
Interface is below
[OperationContract]
[FaultContract(typeof(string))]
[WebInvoke(Method="POST",
UriTemplate="Demand",
BodyStyle = WebMessageBodyStyle.Bare,
ResponseFormat=WebMessageFormat.Json)]
ClientResponse postdemand_data(List<demands> demanddata);
web config. we use following web config file in my service
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="LargeWebforHttp" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
<binding name="LargeWebforHttps" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="None"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="DPintegrationHA_FromSR.Service1Behavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" httpsGetUrl="" />
<serviceThrottling maxConcurrentCalls="10000" maxConcurrentSessions="10000"
maxConcurrentInstances="10000" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="DPintegrationHA_FromSR.Service1Behavior" name="DP_ITAPEDGE_HMview_wcf.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="LargeWebforHttp" contract="DP_ITAPEDGE_HMview_wcf.IService1" name="httpPoint">
</endpoint>
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="LargeWebforHttps" contract="DP_ITAPEDGE_HMview_wcf.IService1" name="httpsPoint">
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
</service>
</services>
</system.serviceModel>
<system.serviceModel>
<services>
<service behaviorConfiguration="Complete_Html5.CompleteService.CompleteServiceAspNetAjaxBehavior" name="Complete_Html5.CompleteService.Complete">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Complete" contract="Complete_Html5.CompleteService.Complete" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
<service name="Complete_Html5.Service1" behaviorConfiguration="Complete_Html5.Service1ServiceAspNetAjaxBehavior">
<endpoint address="" binding="basicHttpBinding" contract="Complete_Html5.Service1" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="Complete_Html5.Service1AspNetAjaxBehavior">
<enableWebScript />
</behavior>
<behavior name="Complete_Html5.CompleteService.CompleteServiceAspNetAjaxBehavior">
<enableWebScript />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="Complete_Html5.CompleteService.CompleteServiceAspNetAjaxBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
<behavior name="Complete_Html5.Service1ServiceAspNetAjaxBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_Complete" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="10485760" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="BasicHttpBinding_Complete1" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="BasicHttpBinding_Service1" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="10485760" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true" messageEncoding="Text">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
<binding name="BasicHttpBinding_Service11" />
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://www.examplete.com:83/CompleteService/Complete.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Complete" contract="Complete_Html5.CompleteService.Complete" name="BasicHttpBinding_Complete" />
<endpoint address="http://www.examplete.com:83/CompleteService/Complete.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Complete1" contract="PMCService.Complete" name="BasicHttpBinding_Complete1" />
<endpoint address="http://www.examplete.com:83/Service1.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Service1" contract="ReportService.Service1" name="BasicHttpBinding_Service1" />
<endpoint address="http://www.examplete.com:83/Service1.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_Service11" contract="ReportService.Service1" name="BasicHttpBinding_Service11" />
</client>
</system.serviceModel>
Above is the service setting in web.config what changes I have to make so that I could use both hits http and https while accessing website??
We have added ssl certificate to server and have unchecked required ssl from website ssl certificate setting.
It it working fine http but when hits come is website is with https it's throwing error as:
The provided URI scheme https is invalid; Expected http. Parameter
name: via.
How to solve this so that allow both hits http and https?
This is specially when we calling web service method.!
Have tried by adding httpsGetEnabled="true" in serviceMetadata element but still not working..!
try this
you already have the
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"...
so you will need a separate http and https binding , thus:
<bindings>
<basicHttpBinding>
<binding name="NoSecurity">
<security mode="None" />
</binding>
<binding name="SSL">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttBinding>
</bindings>
then apply those to a couple of endpoints..
<endpoint
address="Basic"
binding="basicHttpBinding"
bindingConfiguration="NoSecurity"
contract="Complete_Html5.CompleteService.Complete" />
<endpoint
address="SSL"
binding="basicHttpBinding"
bindingConfiguration="SSL"
contract="Complete_Html5.CompleteService.Complete" />
you would then get your 2 endpoints
http://path/to/your.service.svc/basic
https://path/to/your.service.svc/ssl
you probably also want to add this to your service behavious
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
so you can get the metadata over https also
I want to publish a Webservice with basicHttpBinding configuration. I am using a basicHttpBinding configuration to increase the default message size of 65536 bytes. The problem I am having is that when I use the web.config settings as shown below, I am getting an error:
Metadata publishing for this service is currently disabled.
My Main goal is to be able to increase the default message size and able to save binary file in database, therefore any other config is welcome, however I was trying to keep it as simple as possible to avoid further issues.
Can you please spot what is wrong with my configuration?
Service.config code is below..
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpEndpointBinding" closeTimeout="01:01:00"
openTimeout="01:01:00" receiveTimeout="01:10:00" sendTimeout="01:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483646" maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646"
messageEncoding="Mtom" textEncoding="utf-8" transferMode="StreamedRequest"
useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483646" maxStringContentLength="2147483646" maxArrayLength="2147483646"
maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="WITSService.WITSService" behaviorConfiguration="DragDrop.Service.ServiceBehavior" >
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basicHttpEndpointBinding" contract="DragDrop.Service.IService">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<!--<services>
<service name="WITSService.WITSService">
<endpoint address="" binding="basicHttpBinding" contract="WITSService.WITSService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="basicHttpBinding" contract="IMetadataExchange" />
</service>
</services>-->
<behaviors>
<serviceBehaviors>
<behavior name="DragDrop.Service.ServiceBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<dataContractSerializer maxItemsInObjectGraph="2147483646"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="500000000" />
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="true" />
</system.webServer>
Put this configuration in your web.config.
<?xml version="1.0"?>
<configuration>
<system.web>
<httpRuntime executionTimeout="4800" maxRequestLength="2097150"/>
<compilation debug="true"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding/>
<customBinding>
<binding name="LargeSilverlight" closeTimeout="00:21:00" openTimeout="00:20:00" receiveTimeout="00:20:00" sendTimeout="00:50:00">
<textMessageEncoding maxReadPoolSize="2147483647" maxWritePoolSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647"/>
</textMessageEncoding>
<httpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647"/>
</binding>
</customBinding>
</bindings>
<client/>
<!--SERVICE-->
<services>
<service name="WITSService.WITSService" behaviorConfiguration="SilverlightWCFLargeDataApplication">
<endpoint address="" binding="customBinding" bindingConfiguration="LargeSilverlight" behaviorConfiguration="SilverlightWCFLargeDataApplication" contract="DragDrop.Service.IService"/>
</service>
</services>
<!--BEHAVIOR-->
<behaviors>
<serviceBehaviors>
<behavior name="SilverlightWCFLargeDataApplication">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="SilverlightWCFLargeDataApplication">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="500000000"/>
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I'm trying to add workflowControlEndpoint to my IIS hosted XAMLX service. I cannot reference the control endpoint from client, I keep getting the following error
The request failed with HTTP status 404: Not Found.
Metadata contains a reference that cannot be resolved: 'http://localhost/Test.xamlx/wce'.
Content Type application/soap+xml; charset=utf-8 was not supported by service 'http://mymachine/Test.xamlx/wce'. The client and service bindings may be mismatched.
The remote server returned an error: (415) Cannot process the message because the content type 'application/soap+xml; charset=utf-8' was not the expected type 'text/xml; charset=utf-8'..
I've the following web.config. Could someone point to me what I'm missing? Thanks and appreciate the help....
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647" transferMode="StreamedResponse">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Windows" proxyCredentialType="Windows" />
</security>
</binding>
<binding name="httpSecurityOff" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" maxReceivedMessageSize="2147483647"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
transferMode="Streamed" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
<service name="Test">
<endpoint address="" binding="basicHttpBinding" contract="IService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
<endpoint address="wce" binding="basicHttpBinding"
bindingConfiguration="httpSecurityOff"
contract="System.ServiceModel.Activities.IWorkflowInstanceMangement"
kind="workflowControlEndpoint" />
</service>
I was trying to get the IWorkflowInstanceManagement to work via the WCF Test Client, but I never could get it to find the metadata. So I just tried to communicate with it via code. It worked for me.
I created a new Workflow Service project, and my web.config looks like this:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<connectionStrings>
<add name="ApplicationServices" connectionString="data source=localhost\SQLEXPRESS;Initial Catalog=WFS;Integrated Security=True" providerName="System.Data.SqlClient" />
</connectionStrings>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name="workflowBehavior">
<serviceMetadata httpGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="true" />
<sqlWorkflowInstanceStore instanceCompletionAction="DeleteAll"
instanceEncodingOption="GZip"
instanceLockedExceptionAction="BasicRetry"
connectionStringName="ApplicationServices"
hostLockRenewalPeriod="00:00:20"
runnableInstancesDetectionPeriod="00:00:05" />
<workflowInstanceManagement authorizedWindowsGroup="AS_Administrators" />
<workflowUnhandledException action="Terminate" />
<workflowIdle timeToPersist="00:01:00" timeToUnload="00:01:00" />
</behavior>
<behavior name="wceBehavior">
<serviceMetadata httpGetEnabled="True" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service name="Service1" behaviorConfiguration="workflowBehavior">
<endpoint binding="basicHttpBinding" address="" contract="IService" />
<endpoint binding="basicHttpBinding" address="wce" kind="workflowControlEndpoint" />
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Then I created a console app with the following code (I know this is not the best way to use ChannelFactory):
var binding = new BasicHttpBinding(BasicHttpSecurityMode.None);
var channelFactory = new ChannelFactory<IWorkflowInstanceManagement>(binding);
var channel = channelFactory.CreateChannel(new EndpointAddress("http://localhost/WorkflowControlTest/Service1.xamlx/wce"));
channel.Cancel(new Guid("DE212DE0-6BFF-4096-BF30-F6ACB2923B50"));
My workflow just runs in a loop running a delay for a few minutes. I was able to start a workflow instance via the WCF Test Client, then grab the Workflow Instance ID from the persistence database, and then run the console app to cancel the workflow.
Go to "Control Panel > Programs and Features > Turn Windows Features on or off" and check if following features are checked:
.NET Framework 3.5
.NET Framework 4.5 Advanced Services > WCF Services
I'm trying to manage my workflow service that hosted on AppFabric through the standard named pipe endpoint. I successfully can do this from the console application, but when try to do the same from ASP.NET I get "Access is denied" exception.
I understand that it's the security configuration problem that should be resolved somehow in web.config but I have no idea how...
Here is the code that I use:
NetNamedPipeBinding binding = new NetNamedPipeBinding();
EndpointAddress addr = new EndpointAddress("net.pipe://localhost/ServiceLibrary/LongRunningService.xamlx/System.ServiceModel.Activities_IWorkflowInstanceManagement");
try
{
var proxy = new WorkflowControlClient(binding, addr);
Guid instanceId = new Guid("<<SOME WORKFLOW INSTANCE ID>>");
proxy.Suspend(instanceId);
}
catch (Exception ex)
{
}
UPDATE:
in theory it possible to register endpoints (either http or net.pipe) in web.config with no security. In this case looks like everything is working... but I don't want to do this for every service registered on the site. I think there should be some way to connect to already registered net.pipe endpoint. Here is the web config with explicit endpoint registration (http, net.pipe):
<behaviors>
<serviceBehaviors>
<behavior>
<remove name="serviceCredentials" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<sqlWorkflowInstanceStore instanceCompletionAction="DeleteNothing" instanceEncodingOption="None" instanceLockedExceptionAction="NoRetry" connectionStringName="ApplicationServerWorkflowInstanceStoreConnectionString" hostLockRenewalPeriod="00:00:30" runnableInstancesDetectionPeriod="00:00:05" />
<workflowInstanceManagement authorizedWindowsGroup="" />
<workflowUnhandledException action="AbandonAndSuspend" />
<workflowIdle timeToPersist="00:00:30" timeToUnload="00:01:00" />
<etwTracking profileName="Troubleshooting Tracking Profile" />
</behavior>
<behavior name="StnandardBehavior">
<remove name="serviceCredentials" />
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
<sqlWorkflowInstanceStore instanceCompletionAction="DeleteNothing" instanceEncodingOption="None" instanceLockedExceptionAction="NoRetry" connectionStringName="ApplicationServerWorkflowInstanceStoreConnectionString" hostLockRenewalPeriod="00:00:30" runnableInstancesDetectionPeriod="00:00:05" />
<workflowInstanceManagement authorizedWindowsGroup="" />
<workflowUnhandledException action="AbandonAndSuspend" />
<workflowIdle timeToPersist="00:00:30" timeToUnload="00:01:00" />
<etwTracking profileName="Troubleshooting Tracking Profile" />
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="httpSecurityOff" closeTimeout="00:10:00" openTimeout="00:10:00" receiveTimeout="00:10:00" sendTimeout="00:10:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
<netNamedPipeBinding>
<binding name="pipeSecurityOff" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" maxConnections="10" maxReceivedMessageSize="65536">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport protectionLevel="None" />
</security>
</binding>
</netNamedPipeBinding>
</bindings>
<services>
<service name="LongRunningService" behaviorConfiguration="StnandardBehavior">
<endpoint address="wce" contract="System.ServiceModel.Activities.IWorkflowInstanceManagement" binding="basicHttpBinding" bindingConfiguration="httpSecurityOff" kind="workflowControlEndpoint" />
<endpoint address="wce" contract="System.ServiceModel.Activities.IWorkflowInstanceManagement" binding="netNamedPipeBinding" bindingConfiguration="pipeSecurityOff" kind="workflowControlEndpoint" />
<endpoint contract="ILongRunningService" binding="basicHttpBinding" bindingConfiguration="httpSecurityOff" />
</service>
</services>
and in this case client code for connection to this new endpoint should be a little be other:
NetNamedPipeBinding binding = new NetNamedPipeBinding();
binding.Security.Mode = NetNamedPipeSecurityMode.None;
EndpointAddress addr = new EndpointAddress("net.pipe://{{MACHINE_NAME}}/ServiceLibrary/LongRunningService.xamlx/wce");
try
{
var proxy = new WorkflowControlClient(binding, addr);
Guid instanceId = new Guid(workflowInstanceId.Value);
proxy.Suspend(instanceId);
proxy.Close();
}
catch (Exception ex)
{
}
You can turn of security to see if you have an issue with ASP.NET app pool identity ACLs:
NetNamedPipeBinding nnpb = new NetNamedPipeBinding();
nnpb.Security.Mode = NetNamedPipeSecurityMode.None;
Have you edited your allowed website/virtual directory bindings for your application in IIS? You need to add net.pipe as an allowed protocol binding.
Try putting Workflow ApplicationPool user in the user group "AS_Administrators".
IIS reset is needed to reload security changes.