none
Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].

    Question

  • Hi guys,

            With the below config file, I am getting the error

    Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].

           Could you please help me out.

    <system.serviceModel>
        <bindings>
          <wsHttpBinding>
            <binding name="CalcSSLBinding">
              <security mode="Transport">
                <transport clientCredentialType="Certificate"/>
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
    	<services>
       <service behaviorConfiguration="CalcSSL.Service1Behavior" name="CalcSSL.CalcSSLService">
         <host>
           <baseAddresses>
             <add baseAddress = "http://localhost:49924/" />
           </baseAddresses>
         </host>
        <endpoint address="" binding="wsHttpBinding" contract="CalcSSL.ICalcSSLService" bindingConfiguration="CalcSSLBinding">
         <identity>
          <dns value="localhost" />
         </identity>
        </endpoint>
        <endpoint address="mex" binding="wsHttpBinding" contract="IMetadataExchange" />
       </service>
      </services>
    		<behaviors>
    			<serviceBehaviors>
    				<behavior name="CalcSSL.Service1Behavior">
    					<serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost:49924/CalcSSLService.svc"/>
    					<serviceDebug includeExceptionDetailInFaults="false"/>
    				</behavior>
    			</serviceBehaviors>
    		</behaviors>
    	</system.serviceModel>


    Regards, CPK_2011

    Wednesday, May 16, 2012 2:21 PM

Answers

  • Hi,

    Sorry for the delay in getting back to you. I did see the sample project and saw that you were using a website to build your services and the namespace in which your service exists is not PostageCalcSSL. Please use the below config and that should get things working:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <system.web>
        <compilation debug="true" targetFramework="4.0">
        </compilation>
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />
      </system.web>
      <system.serviceModel>
        <bindings>
          <wsHttpBinding>
            <binding name="secureWsHttp">
              <security mode="Transport">
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
        <services>
          <service name="Service" behaviorConfiguration="defaultSecure">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="secureWsHttp" contract="IService" />        
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="defaultSecure">
              <dataContractSerializer maxItemsInObjectGraph="2147483647" />
              <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
            <behavior name="">
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="false" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
        </modules>
      </system.webServer>
    </configuration>

    Just replace your web.config with the above entires.


    Rajesh S V

    Monday, May 21, 2012 10:29 AM

All replies

  • Can you remove the httpsGetUrl specified in the serviceMetadata element.

    Also how is your service hosted? Is it on IIS?


    Rajesh S V

    Wednesday, May 16, 2012 2:27 PM
  • Hi Rajesh,

              I am hosting it in IIS. Even after removing the httpsGetUrl, I am getting the same error.


    Regards, CPK_2011

    Wednesday, May 16, 2012 2:33 PM
  • If you are hosting in IIS, what is the URL you are trying to access the service with?

    Also the host element is not needed if hosting in IIS, so can you remove the host element completely as well. 

    Also did you add the https binding to your IIS? Also do remove the mex endpoint as it might cause the exception when accessing via https.


    • Edited by Rajesh S V Wednesday, May 16, 2012 2:58 PM
    Wednesday, May 16, 2012 2:58 PM
  • Hi,

        Now I am getting this error

    The HttpsGetEnabled property of ServiceMetadataBehavior is set to true and the HttpsGetUrl property is a relative address, but there is no https base address.  Either supply an https base address or set HttpsGetUrl to an absolute address.


    Regards, CPK_2011


    • Edited by CPK_2011 Thursday, May 17, 2012 7:01 AM
    Thursday, May 17, 2012 5:05 AM
  • In case you want to use https then provide a base url with https in it instead of <baseAddresses> <add baseAddress = "http://localhost:49924/" /> </baseAddresses> give <baseAddresses> <add baseAddress = "https://localhost:49924/" /> </baseAddresses> In case you want to use http then remove the service behavior i.e. remove the below block <behaviors> <serviceBehaviors> <behavior name="CalcSSL.Service1Behavior"> <serviceMetadata httpsGetEnabled="true" httpsGetUrl="https://localhost:49924/CalcSSLService.svc"/> <serviceDebug includeExceptionDetailInFaults="false"/> </behavior> </serviceBehaviors> </behaviors>

    ViBi

    Thursday, May 17, 2012 8:58 AM
  • Hi,

            I need https. So, I have changed the base address to

    <host>
           <baseAddresses>
             <add baseAddress = "https://localhost:49924/" />
           </baseAddresses>
         </host>

          But now I am getting this error

    Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].       


    Regards, CPK_2011

    • Edited by CPK_2011 Thursday, May 17, 2012 9:52 AM
    Thursday, May 17, 2012 9:51 AM
  • See the above config file, the wsHttpBinding are using transport as security moed and set its clientCredentialType as Certificate, so it needs https protocol with ssl, but your baseAddress does not use https, make sure SSL is enabled for your server and add https binding to your IIS and try changing the mexHttpBinding to mexHttpsBinding.

    Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework

    Thursday, May 17, 2012 10:46 AM
    Moderator
  • Hi,

            The documentation of WCF Security with SSL talks about setting up of certificate in Server Systems. I am just trying to execute it in Windows 7 system. Will that be not possible? Should it be always in Server systems? Could anyone tell how to coordinate with Server System and Development System in implementing WCF Transport Security with SSL.

            Any help on this would be really appreciated.


    Regards, CPK_2011

    • Edited by CPK_2011 Thursday, May 17, 2012 1:36 PM
    Thursday, May 17, 2012 12:58 PM
  • I have the below config that works without any problem when exposing a WCF service using wsHttpBinding over SSL

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>   
      <system.web>    
        <compilation debug="true" targetFramework="4.0">
        </compilation>
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />    
      </system.web>
      <system.serviceModel>    
        <bindings>      
          <wsHttpBinding>
            <binding name="secureWsHttp">
              <security mode="Transport">            
              </security>
            </binding>
          </wsHttpBinding>      
        </bindings>    
        <services>      
          <service name="MySample.Sample1" behaviorConfiguration="defaultSecure">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="secureWsHttp" name="Sample1" contract="MySample.ISample1" />        
          </service>      
        </services>    
        <behaviors>
          <serviceBehaviors>                
            <behavior name="defaultSecure">
              <dataContractSerializer maxItemsInObjectGraph="2147483647" />
              <serviceMetadata httpsGetEnabled="true" httpGetEnabled ="false"/>
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />        
      </system.serviceModel>  
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
        </modules>               
      </system.webServer>  
    </configuration>

    Now i have hosted my WCF Service on IIS and i have added the https binding as shown below:

    

    Now i browse to the service using a browser as shown: 

    Since  i am using self signed certificate i get the cross mark in the browsers URL as its not from a trusted authority.

    • Edited by Rajesh S V Friday, May 18, 2012 11:41 AM
    Friday, May 18, 2012 11:38 AM
  • Hi,

    1. You need to create the SSL certificate in IIS server.

    2. In IIS, you need add https binding (SSL) and select the certificate that you created in 1 step..


    Regards, Harikrishna Y

    Friday, May 18, 2012 11:53 AM
  • Hi,

          I am working on a single machine Windows 7 with IIS 7.0 in it. I am using Visual Studio 2008 i.e., .Net Framework 3.5 version. I am configuring the certificate and development is done in the same system.

          1. To Configure Certificate in my Single System I have followed the steps as mentioned in the following link

              http://msdn.microsoft.com/en-us/library/ff648498.aspx 

           In "Step 4: Configure Your Temporary Service Certificate in IIS to Support SSL", it is mentioned to configure in Server System. But I have skipped this section totally. Now I have the available certificate in IIS 7-> Server Certificates.

            2.  I have followed the steps mentioned in http://msdn.microsoft.com/en-us/library/ff648431.aspx  to create WCF Service with Transport Security.

              In "Step 3: Configure the Virtual Directory to Require SSL",  I have enabled "Require SSL" with Ignore for Client Certificates in SSL Settings of IIS 7.

             3. I have attached the certificate for port 443.

             4. I have created the client project in the same solution. When trying to discover the Service Reference in the current solution, I am getting the following error.

            

              On click of yes, i get the error as follows

    There was an error downloading 'https://localhost/CalcSSL/Service.svc'.
    The request failed with HTTP status 503: Service Unavailable.
    Metadata contains a reference that cannot be resolved: 'https://localhost/CalcSSL/Service.svc'.
    The HTTP service located at https://localhost/CalcSSL/Service.svc is too busy.
    The remote server returned an error: (503) Server Unavailable.
    If the service is defined in the current solution, try building the solution and adding the service reference again.                                                                                                                                                                                                                                                     


    Regards, CPK_2011


    • Edited by CPK_2011 Friday, May 18, 2012 12:42 PM
    Friday, May 18, 2012 12:35 PM
  • Hi,

              I am writing in continuation to the above post of mine. When I browse the application from IIS, I get the following error.

           Service Unavailable


              HTTP Error 503. The service is unavailable.

              The certificate error shows "Mismatched Address"

              This is happening even after changing the configuration code from http://msdn.microsoft.com/en-us/library/ff648431.aspx to Rajesh's Code mentioned above with pictures.

               Is it something I have to compulsory use the Server System. If so, could you please guide me out on how to coordinate with  Server System.


    Regards, CPK_2011


    • Edited by CPK_2011 Friday, May 18, 2012 1:01 PM
    Friday, May 18, 2012 12:40 PM
  • That is correct as you have your clientCredentialType set to Certificate in your config and IIS is trying to see if the request has a client certificate which is not and hence throwing a 503 error.

    Try removing the clientCredentialType =certificate in your config and that should work.

    If you want 2 way SSL  i.e. transport secured with SSL and client authentication via certificates you need to create another certificate and install in at the following folders when you are trying to browse from the same machine:

    1. Install the .pfx to Current User Personal store 

    2. Install the .cer to Local Machine  Trusted People store


    Rajesh S V

    Friday, May 18, 2012 1:33 PM
  • Hi,

           I am not using Certificate in ClientCredentialType. As I have followed the steps of http://msdn.microsoft.com/en-us/library/ff648498.aspx, it should  work fine. What is that i am missing here.


    Regards, CPK_2011

    Friday, May 18, 2012 3:04 PM
  • Please see this section from your config posted above:

     <security mode="Transport">
                <transport clientCredentialType="Certificate"/>
              </security>


    Rajesh S V

    Friday, May 18, 2012 3:09 PM
  • Hi,

          This is the config file i am using right now

          

    <system.serviceModel>
    		<bindings>
    			<wsHttpBinding>
    				<binding name="secureWsHttp">
    					<security mode="Transport">
    					</security>
    				</binding>
    			</wsHttpBinding>
    		</bindings>
    		<services>
    			<service name="CalcSSL.Service" behaviorConfiguration="defaultSecure">
    				<endpoint address="" binding="wsHttpBinding" bindingConfiguration="secureWsHttp" name="Service" contract="CalcSSL.IService"/>
    			</service>
    		</services>
    		<behaviors>
    			<serviceBehaviors>
    				<behavior name="defaultSecure">
    					<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
    					<serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" httpsGetUrl="https://localhost/CalcSSL/Service.svc"/>
    					<serviceDebug includeExceptionDetailInFaults="true"/>
    				</behavior>
    			</serviceBehaviors>
    		</behaviors>
    		<serviceHostingEnvironment aspNetCompatibilityEnabled="true"/>
    	</system.serviceModel>

     


    Regards, CPK_2011

    Friday, May 18, 2012 3:13 PM
  • If the certificate used on the service is self signed you might get an exception when browsing to the service page in IE showing security exception about not a valid certificate (since you are using self signed certificate) and click to proceed. You can click to proceed and then you should be able to see the service page.

    Again i see that you have used the "httpsGetUrl" this needs to be used when you have a different location for the metadata to be dowloaded. Leaving it to the default would be ideal as shown in my example above.

    If still you are not able to get through can you send me the sample project to rajeshsv.5@gmail.com for me to have a look at it and help you out.


    Rajesh S V

    Friday, May 18, 2012 3:19 PM
  • Hi Rajesh,

           I have sent you the project. Could you please check it.


    Regards, CPK_2011

    Friday, May 18, 2012 4:28 PM
  • Hi,

    Sorry for the delay in getting back to you. I did see the sample project and saw that you were using a website to build your services and the namespace in which your service exists is not PostageCalcSSL. Please use the below config and that should get things working:

    <?xml version="1.0" encoding="utf-8"?>
    <configuration>
      <system.web>
        <compilation debug="true" targetFramework="4.0">
        </compilation>
        <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID" />
      </system.web>
      <system.serviceModel>
        <bindings>
          <wsHttpBinding>
            <binding name="secureWsHttp">
              <security mode="Transport">
              </security>
            </binding>
          </wsHttpBinding>
        </bindings>
        <services>
          <service name="Service" behaviorConfiguration="defaultSecure">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="secureWsHttp" contract="IService" />        
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="defaultSecure">
              <dataContractSerializer maxItemsInObjectGraph="2147483647" />
              <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>
            <behavior name="">
              <serviceMetadata httpGetEnabled="true" />
              <serviceDebug includeExceptionDetailInFaults="false" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true">
        </modules>
      </system.webServer>
    </configuration>

    Just replace your web.config with the above entires.


    Rajesh S V

    Monday, May 21, 2012 10:29 AM