none
Security Not Working RRS feed

  • Question

  • I am using HTTPBINDING and SSL .

    Even though IIS is set to use HTTPS request , calls from outside the domain enter our domain and the service gets called. Although the Certificate is configured the client is not being prevented from making the call.

    How can this be resolved?

    Here is the config file:

    <?xml version="1.0"?>
    <configuration>

      <appSettings>
        <add key="domain" value="colecapital"/>
        <add key="CertificateSubjectDistinguishedName" value="E=klint.price@colereit.com, CN=DelegateSSO-Int, OU=Information Technology, O=Cole Real Estate, L=Phoenix, S=Arizona, C=US" />
      </appSettings>
      <system.web>
        <compilation debug="true" targetFramework="4.0" />
        <customErrors mode="Off"/>
      </system.web>

      <system.diagnostics>
        <trace autoflush="true"/>
        <sources>
         <source name="System.ServiceModel" switchValue="Information, ActivityTracing">
            <listeners>

              <add name="ServiceModelTraceListener" type="System.Diagnostics.XmlWriterTraceListener"
                    initializeData="myMessagePPPVASMACXC2.svclog" >

              </add>
            </listeners>
          </source>
          
          <source name="System.ServiceModel.MessageLogging">
            <listeners>
              <add name="messagelistener"
                 type="System.Diagnostics.XmlWriterTraceListener"
                    initializeData="myMessagePPPVMLABXC1.svclog"></add>
            </listeners>
          </source>
        </sources>
      </system.diagnostics>

      <system.serviceModel>

        <diagnostics>
          <messageLogging
                  logEntireMessage="true"
                  logMalformedMessages="true"
                  logMessagesAtServiceLevel="true"
                  logMessagesAtTransportLevel="true"
                  maxMessagesToLog="3000"
                  maxSizeOfMessageToLog="2000"/>
        </diagnostics>

        <behaviors>
          <serviceBehaviors>
            <behavior name="ADServiceBehavior">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata   httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <clientCertificate>
                  <authentication certificateValidationMode="PeerOrChainTrust"/>
                </clientCertificate>
               <!--  <serviceCertificate storeLocation = "LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="services.colecapital.com"/> -->
               <serviceCertificate storeLocation = "LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"
                findValue="E=klint.price@colereit.com, CN=DelegateSSO-Uat, OU=Information Technology, O=Cole Real Estate, L=Phoenix, S=Arizona, C=US"/>
                
                
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>

        <bindings>
            <basicHttpBinding >
               <binding name="SSLBinding">        
             <security mode="Transport">
                       <transport clientCredentialType="Certificate" />           
                   </security>
               </binding>
            </basicHttpBinding>
        </bindings>


        <services>
          <service name="Sforce.ADService.Service1" behaviorConfiguration="ADServiceBehavior">
             <endpoint address="" binding="basicHttpBinding" contract="AuthenticationPortType" name="HTTP" bindingConfiguration="SSLBinding" >
                <!--    <endpoint address="" binding="wsHttpBinding" contract="AuthenticationPortType" name="HTTP" bindingConfiguration="SSLBinding" > -->
            <!--        
            <identity>
                <dns value="services.colecapital.com"/>
                <certificateReference storeLocation = "LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName"
                        findValue="E=klint.price@colereit.com, CN=DelegateSSO-Uat, OU=Information Technology, O=Cole Real Estate, L=Phoenix, S=Arizona, C=US"/>
                
            
            </identity> -->
                    
            </endpoint>
            <host>
            <baseAddresses>
               <add baseAddress="https://services.colecapital.com/DelegateSSO-Uat" />
            </baseAddresses>
          </host>
         <!-- <endpoint address="mex" binding="mexHttpsBinding"
                    contract="IMetadataExchange" /> -->
            
          </service>
        </services>

        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />


      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
      </system.webServer>

    </configuration>


    Friday, October 25, 2013 9:37 PM

Answers