none
Calling a WCF service that is exposing an orchestration over HTTPS RRS feed

  • Question

  • Hello all,

    I have a Wcf web service that is exposing an orchestration . On Http I'm able to browse the web service (and the consume it from a C# console application).

    My goal is to consume it now using HTTPS . I enforced HTTPS on the IIS level with a self signed certificate , on the web.config (generated by the Biztalk WCF Service Publishing Wizard) I modified httpsGetEnabled attribute to true and I activated HttsMexEndpoint section. Now I can browse the web service on https (after I'm selecting a client certificate on the browser).

    However , when I'm trying to consume the web service with my client , I get " The remote server returned an error: (404) Not Found." .

    There is something else that I need to do ?

    Thanks

    Tuesday, August 7, 2018 2:49 PM

Answers

  •  

    Hi CezarBotezatu

    Have you tried changing the security mode in the receive location the wizard created?

    To use the endpoint under https you need to set it as  "Transport"

    • Marked as answer by CezarBotezatu Wednesday, August 8, 2018 1:54 PM
    Wednesday, August 8, 2018 2:50 AM

All replies

  • Here's the thing, I don't recall doing any of those things....:)

    When you run the Wizard, it should just create the site ready to go.  Enabling TLS is just a setting in IIS.

    However, something I recommend you consider is weather or not you really need to publish the meta data (browsing).  Pretty much no one does this anymore.  In practice, it's easier to generate any client classes (consume) directly from they schemas.

    I haven't published metadata in years and even when it was a thing, no one used it.  :(

    Tuesday, August 7, 2018 3:34 PM
    Moderator
  •  

    Hi CezarBotezatu

    Have you tried changing the security mode in the receive location the wizard created?

    To use the endpoint under https you need to set it as  "Transport"

    • Marked as answer by CezarBotezatu Wednesday, August 8, 2018 1:54 PM
    Wednesday, August 8, 2018 2:50 AM
  • Hello Daniel ,

    you are correct , that was one think that I did not (in my case I have a Wcf-CustomIsolated adapter) . On Binding tab I have basicHttpBinding and I can select there at the Security -> Transport and on Transport I can select clientCredentialType -> Certificate .

    On the Behaviour tab , I can add the extension serverCredentials to ServiceBehaviour section (where you can add other details like ServiceCertificate (how to find the server certificate in your store) , ClientCertificate , etc...)

    Basically , through this settings done on your adapter you create the structure of a web.config of a server with whom your client suppose to communicate. The config of the client and the server need to match.

    After applying this settings (and the ones from my first post)  I was able to establish a SSL connection with the adapter, thanks all for your support

    Wednesday, August 8, 2018 1:54 PM
  • Hello Johns , sorry but I did not mention that I did not configured the adapter for 2 way SSL , I described it in my last post. Thanks again
    Wednesday, August 8, 2018 1:55 PM
  • So, I presume you mean TLS with Certificate Authentication.  Remember, "Two-Way SSL" is not a real thing.  

    The setting above are not TLS with Cert Authentication though.  What exactly are you trying to do?

    Wednesday, August 8, 2018 2:53 PM
    Moderator
  • I might phrase it in a wrong way , perhaps . I have two self signed certificates , both with a common root CA (they are only for testing purposes). The server certificate in on Personal store on the Local Computer on the server (enforcing SSL on IIS on port 443).On the server there is also the client certificate , installed in Trusted store of Local Computer .

    The receive adapter will be the WCF server application in our case so it has to be configures with all the details related to SSL communication (security -> Transport ,  clientCredentialType -> Certificate , mentioning the certificates , etc)

    The client , that is on another machine , has installed the client certificate with the private key in the My store . Normally , when you connect to the server , the client application (being a web page or my command prompt application , is asking me to select the certificate and the password for the private key) . After I'm providing the password I'm able to communicate with the server , receiving back the response from the server .

    Don't know if this is or not 2-way-SSL or TLS with Certificate Authentication :-)

    Thursday, August 9, 2018 10:06 AM
  • To be clear again, there is no such thing as Two-Way SSL.  There's just TLS between the client and the server which is initiated by a server cert.  Separate from that, you can use Certificate Authentication which is done using a client certificate.  Other than both using certificates, the two have nothing to do with each other.

    So, to use certs you issue yourself ("self-signed") for TLS, you only need to add the servers root certificate to the client.  This tells the client, yes, you can trust TLS connections using certificates issued by this root.

    For authentication, once you've added the client certificate to the Personal Store, you can use the thumbprint when initiating the connection.

    Yeah, unfortunately, these somewhat made up terms really confuse the situation.

    Thursday, August 9, 2018 2:17 PM
    Moderator