Client Side Proxy Generation - request not hitting firewall

Question

Hi.  I have a 3rd part vendor that does not allow discovery of their WSDL.  Instead, I was mailed a Management.xml file which contained their WSDL definitions.

I imported the Xml file into my project and tried to create the client-side proxy using WSCF.blue by right clicking the file and selecting "Generate Web Service Code"->"Client-side proxy".

It didnt' work.  So, I renamed the file to Management.wsdl and tried again.  It successfully created the proxy - the tool generated an IManagementSoap interface, ManagementSoapClient.cs file and other supporting classes.

So, I thought I'd make a simple test from a Windows Form.

private void button1_Click(object sender, EventArgs e)
{
    BasicHttpBinding b = this.GetBasicHttpBinding();
    EndpointAddress ep = new EndpointAddress("https://122.16.13.88:443/");

    TestNameSpace.MobileManagementSoapClient client = new MobileManagementSoapClient(b, ep);
    client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root,
        X509FindType.FindBySubjectName, "dev.mycertificate.mycompany.com");
    client.Open();

    string resp = client.EchoPing("string");
    MessageBox.Show(resp);
}
private BasicHttpBinding GetBasicHttpBinding()
{
    BasicHttpBinding b = new BasicHttpBinding();
    b.Security.Mode = BasicHttpSecurityMode.Transport;
    b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
    return b;
}

I always receive the error: "There was no endpoint listening at https://122.16.13.88/ that could accept the message.....".

I tried to telnet to 122.16.13.88 443 and was successful.

So, I opend up WireShark to monitor my traffic on port 443.  Nothing!!  Absolutely  nothing.  Wireshark does not even show a request being made.  And, our network people can't see where I'm initiating a request either.

What would cause that?  It's like a request isn't even being sent.  Does that mean my MobileManagementSoapClient is bad (ie, that I generated the client-side proxy improperly)?

I'd sure appreciate any assistance.

Thank you very much

Answer 1

Here's some additional information:

The server I am working on has an internal IP of 142.18.203.1.  But, it is also in the DMZ so the external IP is 64.114.3.14.

I have to remote to 142.18.203.1 to run my Windows Form.

When I tried to telent, the tracing showed the following:

Flow Sessions on FPC11 PIC0:

Session ID: 220075214, Policy name: TestApp/437, State: Backup, Timeout: 14414, Valid

  In: 142.18.203.1/64425 --> 122.16.13.88/443;tcp, If: reth16.0, Pkts: 0, Bytes: 0

  Out: 122.16.13.88/443 --> 64.114.3.14/64425;tcp, If: reth0.0, Pkts: 0, Bytes: 0

Total sessions: 1

node1:

When I try to issue a request, it shows the following:

{primary:node1}

dsolt@XXXSRXB> show security flow session destination-prefix 122.16.13.88   

node0:

Basically, nothing!  Is it possible the natting is causing the problem?  I wouldn't think so though because I would expect WireShark to show the initial request from 142.18.203.1

Thanks!!

Answer 2

Hello, can you make sure the service is hosted on the root address? Usually a service is hosted on addresses like http(s)://domainorip/somebaseaddress/yourservice.svc

Please check if you've got the correct service address.

---

Lante, shanaolanxing This posting is provided "AS IS" with no warranties, and confers no rights.
If you have feedback about forum business, please contact msdnmg@microsoft.com. But please do not ask technical questions in the email.

Answer 3

Thanks Yi-Lun.  I asked their project manager twice and she kept giving me the endpoint above.

Finally, I heard from one of their technicians.  He provide the following endpoint:  https://cert-intws.mybills.com/Management.aspx.

That in itself surprises me because an aspx page as a service endpoint seems odd.

Now, I tried to telnet to the address on port 443 and was unable to connect.

Still, in my WinForm where I initialize the aspx endpoint, shouldn't I see some https traffic in Wireshark when  I perform the following:

BasicHttpBinding b = this.GetBasicHttpBinding();
EndpointAddress ep = new EndpointAddress("https://cert-intws.mybills.com/Management.aspx");

TestNameSpace.MobileManagementSoapClient client = new MobileManagementSoapClient(b, ep);
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root,
        X509FindType.FindBySubjectName, "dev.mycertificate.mycompany.com");
  client.Open();

  string resp = client.EchoPing("my string")

Wireshark shows nothing but maybe it's not configured properly to capture https traffic?  What should I use to monitor the https traffic?

Thank you!

Answer 4

Well, if I put the endpoint in the browser, I can see the https traffic in Wireshark.

So, I still can't figure out why I see nothing with the following test snippet.

private void button1_Click(object sender, EventArgs e)
{
     BasicHttpBinding b = this.GetBasicHttpBinding();
     EndpointAddress ep = new EndpointAddress("https://cert-intws.mybills.com/Management.aspx");

     TestNameSpace.MobileManagementSoapClient client = new MobileManagementSoapClient(b, ep);

     client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.Root,
        X509FindType.FindBySubjectName, "dev.mycertificate.mycompany.com");

     client.Open();

     string resp = client.EchoPing("my string")
     MessageBox.Show(resp);
}

private BasicHttpBinding GetBasicHttpBinding()
{
    BasicHttpBinding b = new BasicHttpBinding();
    b.Security.Mode = BasicHttpSecurityMode.Transport;
    b.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
    return b;
}

I would expect to see traffic where my application tries to connect.  I see nothing.

Thanks!

Answer 5

Turned out to be a DNS issue.

https://cert-intws.mybills.com/Management.aspx would not resolve.  Substituting the IP for the cert-intws.mybills.com worked.

Thanks all!