POST on an SSL-enabled web site gives me a 404 (ASP.NET, WCF)

Question

User623617616 posted

Hello,

I've been developing a WCF services for a couple of weeks now and everything seemed to work perfectly. All development and testing was done on the WCF web service running on a normal HTTP web site.

Today I figured I'll try and run all the tests again, but this time on the SSL (HTTPS) enabled web site, because in production it's supposed to run SSL. I created a self-signed certificate, added a new https binding with the certificate to the main web site and tested if the existing HTTP web site still worked. Which it did. I then opened my browser to see if I could get the WSDL from the web service using the HTTPS address and that too, worked. I then started the tests and they all failed. I got HTTP 404 errors.

It looks like an HTTP GET request works, but anything other than that failed (all HTTP 404).

I've created a request in Fiddler for easy testing and switching from POST to GET is all it takes to make the request work.

I turned on Failed Request Logging and found the request fails here:
ModuleName="ServiceModel-4.0", Notification="AUTHENTICATE_REQUEST", HttpStatus="404", HttpReason="Not Found", HttpSubStatus="0", ErrorCode="The operation completed successfully. (0x0)", ConfigExceptionInfo=""

It's also interesting to note that IIS doesn't send any page back. Not even the default 404 page. According to Fiddler all it returns is this:
HTTP/1.1 404 Not Found
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Thu, 12 May 2011 16:19:28 GMT
Content-Length: 0

Does anyone have any idea?

Answer 1

User1857943804 posted

I had a similar issue using IIS Express 7.5. After stripping the applicationhost.config I uninstalled the entire thing, and then the dev server finally told me I had more than one certificate named localhost...

You might want to check your certificate store.

Happy hunting.

Answer 2

User623617616 posted

I removed the certificates I made and created a new one, but did not see any change.

However, I went back into the settings and where before I tried to configure the web service to be available for both HTTPS and HTTP, I now configured it for either HTTPS or HTTP. And that worked!
I did a little more changing and found out it only breaks when I try to use a named binding.

<system.serviceModel>
  <bindings>
    <basicHttpBinding>
      <binding>
        <security mode="Transport">
          <transport clientCredentialType="Basic"/>
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
  <services>
    <service name="IdentityService.Ws.Portal">
      <endpoint address="" binding="basicHttpBinding" name="PortalSoap" bindingNamespace="urn:mycompany:product:identityservice:portal:1" contract="IdentityService.Ws.IPortal" />
    </service>
  </services>
</system.serviceModel>

Seems to work, but:

 <system.serviceModel>
  <bindings>
    <basicHttpBinding>
      <binding name="MyBinding">
        <security mode="Transport">
          <transport clientCredentialType="Basic"/>
        </security>
      </binding>
    </basicHttpBinding>
  </bindings>
  <services>
    <service name="IdentityService.Ws.Portal">
      <endpoint address="" binding="basicHttpBinding" bindingConfiguration="MyBinding" name="PortalSoap" bindingNamespace="urn:mycompany:product:identityservice:portal:1" contract="IdentityService.Ws.IPortal" />
    </service>
  </services>
</system.serviceModel>

 Does not and, annoyingly enough, either results in an HTTP 404 for one web service (which I figure is the WCF framework way of saying you can't find some configuration), or in an HTTP 500 (where ASP.NET complains it canot activate the web service because it needs Anonymous Access and that has been turned off) for another web service. The difference between these web services is that the first one uses no HTTP authentication methods (we send the credentials as part of the SOAP request) and the latter one uses HTTP Basic Authentication.