locked
WCF Service Configuration on HTTPS Based LoadBalancer. RRS feed

  • Question

  • User-1318947886 posted

    We have 2 Web Servers behind our F5 LoadBalancer which is SSL Enabled. Following are details for e.g.

    F5 LoadBalancer: https: // myloadbalancer/myservice.svc 
    Server1 http: // server01/myservice.svc
    Server2 http :// server02/myservice.svc

    I have hosted my WCF service on both of the servers with MessageSecurity Enabled on them and it is perfectly consumable in .NET applications, and when i hit my loadbalancer address even in browser or in .NET client i am able to see WSDL/Service properly.

    But when i consume WCF service by providing the loadbalancer address stated above & see the web.config of the client then on the endpoint address field it resolves to http://server01 orhttp://server02 which means it doesnt load HTTPS URL rather the .NET client resolves it from one of the clustered servers hostname, which means my client will not be hitting the F5 loadbalancer for the WCF calls as the web.config of the client doesnt know the HTTPS url and thus the loadbalancing will not come into picture.

    If anyone of you can shed some light on it that how to acheive the loadbalancing with MessageSecurity over the SSL-Enabled F5 Server then it will be of much help.

    Thanks.

    Monday, November 16, 2015 7:07 AM

All replies

  • User-166373564 posted

    Hi,

    If anyone of you can shed some light on it that how to acheive the loadbalancing with MessageSecurity over the SSL-Enabled F5 Server then it will be of much help.

    For this issue, I don't have much experience with Wcf Services and https load balancers, but this will be good reference for you, see: Load Balancing

    Regards,

    Angie

    Monday, November 23, 2015 7:21 AM
  • User-1407176908 posted

       For me , the easiest and the simple way of doing the load balancing with respect to IIS servers, is to use the IIS Shared Configuration feature. Even if you are using only one physical server and you share your IIS Configuration to the other computers like windows 7, windows 8, and windows 10, what you configure in your web server will also be with the other computers. if you are hosting for example 1,000 websites in the server, your windows 7 or other PC will likewise host same. Try it.

    Friday, December 4, 2015 7:51 AM
  • User-1318947886 posted

    Thanks for the reply, but unfortunately that article contains very generic and basic level of info, we do have a slight differrent requirement to set up WCF Services.

    Thursday, December 17, 2015 12:59 PM
  • User-1318947886 posted

    Well thanks for the reply, but in our professional environment we have to use F5 Load balancer.  AS it is our approved architecture.!

    Thursday, December 17, 2015 1:17 PM
  • User-1725018434 posted

    Navaidr12 - have you found the solution for problem described?

    Wednesday, November 16, 2016 2:54 PM
  • User-1504977041 posted

    A little late, but here is how I handle this scenario in my environment.

    1) Access your service WSDL at the dev machine, for instance http://localhost/myservice.svc?singleWsdl

    2) Copy the generated XML to a file in your project like "\wsdl\myservice.wsdl" and set its properties to BuildAction=Content and Copy to Output Directory=Copy if newer

    3) Edit the wsdl file at the very bottom of the file changing:

    from:

    <soap:address location="http://localhost/myservice.svc"/>

    to:

    <soap:address location="https://myloadbalancer/myservice.svc"/>

    4) Edit the web.config file of your service:

    <serviceBehaviors>
         <behavior>
             <serviceMetadata httpGetEnabled="true" externalMetadataLocation="https://myloadbalancer/wsdl/myservice.wsdl"/>
        </behavior>
    </serviceBehaviors>

    It will work fine now.

    What I dislike is that, every time you change something that will "break" the contract, you will have to repeat steps 1 to 3 in order to update the WSDL file. But, you should not break the contract anyway! In this case you create another version with a new WSDL, right?!  ;)

    Friday, May 26, 2017 9:23 PM
  • User401460751 posted

    Thanks for the answer. I was having a similar problem with load-balancer at WCF services.  fauresco's method just worked fine!

    Tuesday, February 18, 2020 9:33 AM
  • User771009709 posted

    How did you configure the service on client side?

    When I called http: // server01/myservice.svc I successfully used

    <endpoint address="http://server01/myservice.svc" 
                    bindingConfiguration="myserviceconfig" 
                    binding="wsFederationHttpBinding" 
                    contract="IMyService" />
    <bindings>
      <wsFederationHttpBinding>
        <binding name="myserviceconfig" 
                 messageEncoding="Mtom">
          <reliableSession enabled="true" ordered="true" />
          <security mode="None" />
        </binding>
      </wsFederationHttpBinding>
    </bindings>

    and I can't just change the endpoint address to https: // myloadbalancer/myservice.svc (https not allowed; http expected) so I tried this:

    <endpoint address="https://myloadbalancer/myservice.svc" 
                    bindingConfiguration="myserviceconfig" 
                    binding="customBinding" 
                    contract="IMyService" />
    <bindings>
      <customBinding>
        <binding name="myserviceconfig">
          <mtomMessageEncoding />
          <reliableSession />
          <httpsTransport />
        </binding>
    </bindings>

    but I get this message: "There was no endpoint listening at https://myloadbalancer/myservice.svc that could accept the message."

    When I call the HTTPS address from a browser I get the correct wsdl file

    Friday, April 17, 2020 6:00 AM