Configuring Elementary Security
-
Sunday, October 29, 2006 2:30 AM
I'm trying to just get a service working from outside a domain and am getting nothing but headaches trying to get it going. Here's my configuration for now:
<bindings>
<wsDualHttpBinding>
<binding name="wsDualHttpBinding">
<security mode="Message"/>
</wsDualHttpBinding>
</bindings>This works locally, but I get an error on the client saying it couldn't work out the SOAP security. As I understand it, WCF uses Windows credentials by default for wsDualHttpBinding and this would make sense because it works locally, but not on the other computer.
To get around this, I tried changing the configuration like so:
<
bindings>
<wsDualHttpBinding>
<binding name="wsDualHttpBinding">
<security mode="Message">
<message clientCredentialType="None"/>
</security>
</binding>
</wsDualHttpBinding>
</bindings>and like:
<bindings>
<wsDualHttpBinding>
<binding name="wsDualHttpBinding">
<security mode="None"/>
</wsDualHttpBinding>
</bindings>but then I get an error saying the service couldn't communicate because it was in a faulted state.
Right now I simply want to get my sample app going. I don't even care if it's secured (initially). Can someone tell me how to get a wsDualHttpBinding going across the internet (i.e. not within the same domain).
Edit:
I've since tried:
<
wsDualHttpBinding>
<binding name="wsDualHttpBinding">
<security mode="None">
<message clientCredentialType="None"
negotiateServiceCredential="false"
algorithmSuite="TripleDes" />
</security>
</binding>
</wsDualHttpBinding>...but I get the error: "Security negotiation failed because the remote party did not send back a reply in a timely manner. This may be because the underlying transport connection was aborted."
This happens even on the local network.
Please help! This is driving me nuts and I have a tight deadline!
All Replies
-
Monday, October 30, 2006 5:47 PM
What was the error you got with
<bindings>
<wsDualHttpBinding>
<binding name="wsDualHttpBinding">
<security mode="None"/>
</wsDualHttpBinding>
</bindings>?
-
Monday, October 30, 2006 9:32 PMSame error as above (after I corrected the typo I made posting with the unclosed binding tag).
-
Tuesday, October 31, 2006 1:57 AMDoes same error as above mean "Security negotiation failed because the remote party did not send back a reply in a timely manner. This may be because the underlying transport connection was aborted."? If so, you were accidentally running a binding with security enabled, not the binding with security mode = none.
-
Tuesday, October 31, 2006 8:05 AM
I looked over the configuration and the code and I don't see where my endpoint is askew. Perhaps you can spot my mistake.
Again, if using the default security, everything works locally, but if using "None" I can't connect to the service from anywhere (including the local machine).
Configuration:
<?
xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<services>
<service name="WcfConsole.HelloService" behaviorConfiguration="MyServiceTypeBehaviors">
<endpoint address="http://(my IP address)/hello"
binding="wsDualHttpBinding"
contract="WcfConsole.IPublisher"
bindingConfiguration="wsDualHttpBinding"/>
</service>
</services>
<bindings>
<wsDualHttpBinding>
<binding name="wsDualHttpBinding">
<security mode="None"/>
</binding>
</wsDualHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="MyServiceTypeBehaviors" >
<serviceMetadata httpGetEnabled="true" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>Code:
static
void Main(string[] args)
{
try
{
Uri baseURI = new Uri("http://localhost/hello");
using (ServiceHost HService = new ServiceHost(typeof(HelloService), baseURI))
{
HService.Open();
Console.WriteLine("Service started.");
Console.ReadKey();
HService.Close();
}
}
catch (Exception ex)
{
System.Diagnostics.Debug.WriteLine(ex.Message);
throw;
}
} -
Tuesday, October 31, 2006 5:00 PM
Those bits look fine. It's hard to say much more without a complete repro or at least some information about how the client's configured and what errors are occuring.
-
Tuesday, October 31, 2006 6:16 PM
I was wondering if there was just some goofiness with the client configuration but I think it's something with the service-side because I can't view the service or the WSDL via the browser on the local machine with the above configuration (where there's no client config involved).
Basically all I'm doing is extending the "Hello World" example found here: http://wcf.netfx3.com/content/BuildingHelloWorld.aspx so it includes callbacks.
I'll post the actual code in a little bit.
-
Tuesday, October 31, 2006 6:55 PMMetadata export is off by default. Unfortunately the full docs haven't shown up yet at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/WCF_Con/html/b6c4dfd0-f270-43ec-961a-e16eb6af2f2c.asp?frame=true, but you enable it via a ServiceMetadataBehavior with HttpGetEnabled or such set to true.
-
Tuesday, October 31, 2006 8:28 PM
In the above configuration, I have httpGetEnabled set to true. Is that what you mean?
I can actually generate a proxy via svcutil under the default security configuration, it's when I try to run the service with a different security setup that things turn sour.
-
Wednesday, November 01, 2006 4:23 PM
Here's the code for the service. The configuration and hosting code (console app) are above.
Again, I want to emphasize that everything actually works locally with default security, I just get the errors I mentioned when I try to change the security settings.
Any ideas anyone?
//attribute moved here after original post because of typo
PendingOrders : IPendingOrders
[ServiceBehavior(InstanceContextMode = InstanceContextMode.Single, ConcurrencyMode = ConcurrencyMode.Multiple)]
class
{
private List<IPendingOrderSubscriber> subscribers = new List<IPendingOrderSubscriber>();
private object _subscriberLock = new object();#region
IPendingOrders Members
public object GetPendingOrders()
{
this.subscribers.Add(
OperationContext.Current.GetCallbackChannel<IPendingOrderSubscriber>()
); //send all current pending orders (null for demo)
return null;
} private void NotifySubscribers()
{
lock (_subscriberLock)
{
for (int index = this.subscribers.Count - 1; index >= 0; index--)
{
try
{
//load new order
//notify subscribers
this.subscribers[index].NewOrderNotification("Test");
}
catch (Exception exception)
{
Trace.TraceError("Removing subscriber due to exception {0}.", exception.ToString());
this.subscribers.RemoveAt(index);
}
}
}
}
#endregion}
[
ServiceContract(SessionMode = SessionMode.Allowed, CallbackContract = typeof(IPendingOrderSubscriber))]
interface IPendingOrders
{
[OperationContract]
List<OrderView> GetPendingOrders();
}[
ServiceContract]
interface IPendingOrderSubscriber
{
[OperationContract(IsOneWay = true)]
void NewOrderNotification(OrderView view);
} -
Thursday, November 02, 2006 12:21 AM
[ServiceBehavior] should be on the PendingOrders class, not on GetPendingOrders(). That doesn't explain the security negotiation timeout in the cross machine case; again, I'd need to know details of the account configuration to guess what might be going on. The misplaced attribute might explain problems with SecurityMode.None, but I would need to see the errors from that case and preferably the client side code to say.
-
Thursday, November 02, 2006 6:25 AM
Oops! That was actually a typo in the post when I was cutting and pasting/trimming information. I'll change it in the above post.
The ServiceBehavior is actually applied properly to the class in the real example but I can try to get you the error information if you'd like.
-
Monday, January 25, 2010 7:35 AMHi boulderbum,
Have you found the solution for your problem? Please give me solution, I am facing same issue. -
Wednesday, November 24, 2010 9:12 AM
SanketK, this is a really old thread. Maybe you can start a new thread and post your config file.
Please provide a link on this thread so I get notified.
