none
I need to add TWO-WAY SSL in a WCF service with token authentication RRS feed

  • Question

  • HI everyone,

    please go through below method DATA and web.config 

    i am done with the token authentication and i need add two way ssl in this code .

    this is my code and i am not add anything now and in this code i need to add SSL and i have the certificate in my local machine .

    please can anyone help me to resolve this one . THANKS IN ADVANCE

              using (var factory = new WebChannelFactory<Services>())
                {
                    using (new OperationContextScope((IClientChannel)client.InnerChannel))
                    {
                        WebOperationContext.Current.OutgoingRequest.Headers.Add("Authorization", "Bearer " + token);                  
                        resp = mi.Invoke(client, new Object[] { req }) as TResp;
                    }
                }

    web.config 

    <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="ServicesBinding" closeTimeout="00:01:00"
              openTimeout="23:00:00" receiveTimeout="23:00:00" sendTimeout="23:00:00"
              allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
              maxBufferPoolSize="524288" maxBufferSize="655360000" maxReceivedMessageSize="655360000"
              textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"
              messageEncoding="Text">
              <readerQuotas maxDepth="32" maxStringContentLength="2147483647 " maxArrayLength="16384"
                maxBytesPerRead="524288" maxNameTableCharCount="2147483647" />
              <security mode="Transport">
                <transport clientCredentialType="None" proxyCredentialType="None"
                  realm="" />
                <message clientCredentialType="UserName" algorithmSuite="Default" />
              </security>
            </binding>
            <binding name="ProductsBinding" closeTimeout="00:01:00"
        openTimeout="23:00:00" receiveTimeout="23:00:00" sendTimeout="23:00:00"
        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferPoolSize="524288" maxBufferSize="655360000" maxReceivedMessageSize="655360000"
        textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"
        messageEncoding="Text">
              <readerQuotas maxDepth="32" maxStringContentLength="2147483647 " maxArrayLength="16384"
                maxBytesPerRead="524288" maxNameTableCharCount="2147483647" />
              <security mode="Transport">
                <transport clientCredentialType="None" proxyCredentialType="None"
                  realm="" />
                <message clientCredentialType="UserName" algorithmSuite="Default" />
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
       
        <client>

          <endpoint address="https://servicelink" behaviorConfiguration="AddClientInfo"
             binding="basicHttpBinding" bindingConfiguration="ServicesBinding"
             contract="Services" name="basicHttpBindingConfig_Services"/>

        </client>

        <behaviors>
          <endpointBehaviors>
            <behavior name="AddClientInfo">
              <AddClientInfoElement/>
            </behavior>
          </endpointBehaviors>
        </behaviors>
        <extensions>
          <behaviorExtensions>
            <add name="AddClientInfoElement" type="test link"/>
          </behaviorExtensions>
        </extensions>
      </system.serviceModel>

    Wednesday, February 26, 2020 7:50 AM

All replies

  • Hi,
    According to the server-side binding above, the Basichttpbinding uses transport security. Therefore we need to bind a certificate to the particular port on the server-side. But we needn’t provide a certificate on the client-side, Due to the clientCredentialType is None.
    Thereby, you need to do the following thing depending on the hosting way.
    Hosting in a console app.
    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
    Hosting in IIS.
    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-an-iis-hosted-wcf-service-with-ssl
    If you want to authenticate the client with a certificate. Please refer to the official guideline. Only with this configuration need the client provides a certificate. under this circumstance, both the server-side and the client-side need to configure a certificate so as to complete the authentication.
    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/transport-security-with-certificate-authentication
    Feel free to let me know if there is anything I can help with.
    Best Regards
    Abraham
    Thursday, February 27, 2020 7:51 AM
    Moderator
  • Hi Abraham,

    THANK YOU FOR YOUR PREVIOUS REPLY 

    I have a another issue to resolve right now , Could you plz look on this once and give me a solution for this .

    in Dev server i got the output fine but when i try to using UAT URL got the same error

    There was no endpoint listening at https:// some link that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.

    web.config same as above 

    Method authorizerequest for token [ Oauth ]

              

     public static string UatAuthorizeRequest()
            {
                string client_id = "wANbaDyxZJV1o3Ydfef34reffqF";
                string client_secret = "1ewgrgreg4SAFS23EFEWF";
                var restClient = new RestClient("https://SOME LINK");

                var request = new RestRequest(Method.POST);
                ServicePointManager.Expect100Continue = false;
                ServicePointManager.DefaultConnectionLimit = 9999;
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12 | SecurityProtocolType.Ssl3;


                restClient.ClientCertificates = new X509CertificateCollection() { certificate };
                restClient.Proxy = new WebProxy("proxy.ebiz.verizon.com", 80);
                ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;
                request.AddHeader("Cache-Control", "no-cache");
                request.AddHeader("Content-Type", "application/json");
                request.AddParameter("client_id", client_id);
                request.AddParameter("client_secret", client_secret);
                restClient.ClientCertificates.Add(certificate);
                IRestResponse restResponse = restClient.Execute(request);
                var responseJson = restResponse.Content;
                var token = JsonConvert.DeserializeObject<Dictionary<string, object>>(responseJson)["access_token"].ToString();

                return token;
            }

    AND SERVICE METHOD

     public TResp CallService(TReq req, string methodName, int tcid = -1, string token = "")
            {
                client = LocalStore.ServiceURL != null ? new CoAServicesClient("basicHttpBindingConfig_IServices", LocalStore.ServiceURL) : new CoAServicesClient();
                Type t = typeof(ServicesClient);

                //set the security protocol to Tls v1.2 for all requests --- roopesh.
                ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12;
                MethodInfo mi = t.GetMethod(methodName);
                TResp resp = default(TResp);

                // Create an WebRequestHandler instance
                var handler = new WebRequestHandler();

                // Add the certificate
                var certFile = Path.Combine(@"C:\Users\thotve\Desktop\New folder\Tests\WebTestClient\", "certificate.pfx");
                X509Certificate2 certificate = new X509Certificate2(certFile, "ssltest");
                handler.Proxy = new WebProxy("LINK", 80);
                ServicePointManager.ServerCertificateValidationCallback += (sender, cert, chain, sslPolicyErrors) => true;            
                handler.ClientCertificates.Add(certificate);

                using (var factory = new WebChannelFactory<IServices>())
                {
                    using (new OperationContextScope((IClientChannel)client.InnerChannel))
                    {
                        WebOperationContext.Current.OutgoingRequest.Headers.Add("Authorization", "Bearer " + token);
               
                        resp = mi.Invoke(client, new Object[] { req }) as TResp;
                    }
                }

                //close the client, not a static method
                client.Close();       

                //End
                return resp;
            }


    Thursday, March 5, 2020 11:37 AM
  • Hi,

    It dues to the fact that WCF service created by basichttpbinding doesn’t support Restful style invocation.

    We need to change WCF to Restful so that we could directly send an HTTP request with HTTP verb and request body.  The WCF service created by Basichttpbinding usually is called by a client proxy.

    https://docs.microsoft.com/en-us/dotnet/framework/wcf/how-to-use-a-wcf-client

    In order to change WCF to Restful, we need to create the service by using Webhttpbinding.

    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-create-a-basic-wcf-web-http-service

    Feel free to let me know if there is anything I can help with.

    Best Regards

    Abraham

    Monday, March 9, 2020 9:42 AM
    Moderator
  • Hi,

    Thank you for your response i will check it and let you know .

    Regards,

    Aditya

    Monday, March 9, 2020 1:39 PM
  • Hi ,

    I have check with above links and go through it and implemented in my code but i have got the same error 

    There was no endpoint listening at https:// some link that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details.

    Regards,

    Aditya

    Tuesday, March 10, 2020 7:40 AM