none
How to host secure and nonsecure services RRS feed

  • Question

  • I've create 2 WCF Service

    Service1 :

    public class Service1 : IService1
    {
    	[PrincipalPermission(SecurityAction.Demand, Role = "SEL")]
    	public string GetData(int value)
    	{
    		return string.Format("You entered: {0}", value);
    	}
    }

    Service2:

    public class Service2 : IService2
    {
    	public string DoWork()
    	{
    		return "DoWork";
    	}
    }

    My web.config of my Web host app

    <system.web>
    	<authorization>
    		<allow roles="SEL" />
    	</authorization>
    	<authentication mode="None" />
    	<compilation debug="true" targetFramework="4.5" />
    	<httpRuntime targetFramework="4.5" />
    
    
    	<membership defaultProvider="membershipProvider">
    		<providers>
    			<clear />
    			<add name="membershipProvider" 
    					type="System.Web.Security.SqlMembershipProvider"
    					connectionStringName="MscSecureDb" 
    					applicationName="Prism.Public.Api" 
    					enablePasswordRetrieval="false"
    				enablePasswordReset="false"
    				requiresQuestionAndAnswer="false"
    				requiresUniqueEmail="true"
    				passwordFormat="Hashed"
    					/>
    		</providers>
    	</membership>
    
    	<roleManager defaultProvider="roleProvider" enabled="true">
    		<providers>
    			<clear />
    			<add name="roleProvider" connectionStringName="MscSecureDb" applicationName="Prism.Public.Api" type="System.Web.Security.SqlRoleProvider" />
    		</providers>
    	</roleManager>
    
    </system.web>
    
    <system.serviceModel>
    	<protocolMapping>
    		<add scheme="http" binding="wsHttpBinding" />
    		<add scheme="http" binding="basicHttpBinding" />
    	</protocolMapping>
    	<behaviors>
    		<serviceBehaviors>
    			<behavior name="SecurizedBehavior">
    				<!-- Configure role based authorization to use the Role Provider -->
    				<serviceAuthorization principalPermissionMode ="UseAspNetRoles"
    										roleProviderName ="roleProvider" />
    				<serviceCredentials>
    					<!-- Configure user name authentication to use the Membership Provider -->
    					<userNameAuthentication userNamePasswordValidationMode ="MembershipProvider"
    											membershipProviderName ="membershipProvider"/>
    					<!-- Configure the service certificate -->
    					<serviceCertificate storeLocation ="LocalMachine"
    										storeName ="My"
    										x509FindType ="FindBySubjectName"
    										findValue="localhost" />
    				</serviceCredentials>
    				<!--For debugging purposes set the includeExceptionDetailInFaults attribute to true-->
    				<serviceDebug includeExceptionDetailInFaults="false" />
    				<serviceMetadata httpGetEnabled="true"/>
    			</behavior>
    			<behavior name="UnsecurizedBehavior">
    				<serviceCredentials useIdentityConfiguration="false">
    					<windowsAuthentication allowAnonymousLogons="true"/>
    				</serviceCredentials>
    				<serviceAuthorization principalPermissionMode="None"/>
    				<serviceDebug includeExceptionDetailInFaults="false" />
    				<serviceMetadata httpGetEnabled="true"/>
    			</behavior>
    		</serviceBehaviors>			
    	</behaviors>
    	<bindings>
    		<basicHttpBinding>
    			<binding name="SecurizedBinding">
    				<security mode="TransportWithMessageCredential">
    				</security>
    			</binding>
    			<binding name="UnsecurizedBinding">
    				<security mode="None"/>
    			</binding>
    		</basicHttpBinding>
    	</bindings>
    	<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    	<services>
    		<service name="Prism.Services.Service1" behaviorConfiguration="SecurizedBehavior">
    			<endpoint binding="basicHttpBinding" bindingConfiguration="SecurizedBinding"
    						contract="Prism.Services.IService1" />
    		</service>
    		<service name="Prism.Services.Service2" behaviorConfiguration="UnsecurizedBehavior">
    			<endpoint binding="basicHttpBinding" bindingConfiguration="UnsecurizedBinding"
    						contract="Prism.Services.IService2" />
    		</service>
    	</services>
    </system.serviceModel>

    In my console test app, it work. Treatment takes much time strangely, but it works

    client.ClientCredentials.UserName.UserName = "SEL";
    client.ClientCredentials.UserName.Password = "!Mutuelle2015";
    string s = client.GetData(2);
    Service2.Service2Client client2 = new Service2.Service2Client();
    s = client2.DoWork();

    In SOAP-UI, when I test Service2, I've this error :

    Cannot process the message because the content type 'application/soap+xml;charset=UTF-8;action="http://tempuri.org/IService2/DoWork"' was not the expected type 'text/xml; charset=utf-8'

    Any Idea ?

    Thursday, February 4, 2016 3:34 PM

Answers

  • Hello SandrAzure,

    In soap ui, it is possible to set the client credentials.  Based on the error message it is hard to tell if this is the failure or not.  When I had these issues in the past, I used the wcf service trace to find these issues.

    My suggestion is to turn on tracing on the service so you can see the exact messages being sent by your console test app and then compare these to the messages sent from SOAP UI.  You will also get more detail as to why the message is rejected.

    Cheers,

    Jeff


    Jeff

    • Marked as answer by SandrAzure Monday, February 8, 2016 8:45 AM
    Thursday, February 4, 2016 9:50 PM

All replies

  • Hello SandrAzure,

    In soap ui, it is possible to set the client credentials.  Based on the error message it is hard to tell if this is the failure or not.  When I had these issues in the past, I used the wcf service trace to find these issues.

    My suggestion is to turn on tracing on the service so you can see the exact messages being sent by your console test app and then compare these to the messages sent from SOAP UI.  You will also get more detail as to why the message is rejected.

    Cheers,

    Jeff


    Jeff

    • Marked as answer by SandrAzure Monday, February 8, 2016 8:45 AM
    Thursday, February 4, 2016 9:50 PM
  • Hello,

    I try with the new version of SOAP UI, and it work.

    Thanks

    Monday, February 8, 2016 8:46 AM