none
The provided URI scheme 'http' is invalid; expected 'https'.Parameter name: via' RRS feed

  • Question

  • The error is 

    The provided URI scheme 'http' is invalid; expected 'https'.Parameter name: via' .

    Similar to the below link

    http://rishitnandan.com/posts/81669/WCF_Client_The_provided_URI_scheme_http_is_invalid_expected_https_

    Client Program

                EndpointAddress endpoint = new EndpointAddress(new Uri("http://localhost:62422/Services.svc"));
                BasicHttpBinding httpBinding = new BasicHttpBinding();
                httpBinding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                httpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

                ServicesClient.NOC_ServicesClient client = new ServicesClient.ServicesClient(httpBinding, endpoint);

    WCF Service - Web.config

      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="MyBinding">
              <security mode="TransportWithMessageCredential">
                <message clientCredentialType="UserName"/>
              </security>

            </binding>
          </basicHttpBinding>
        </bindings>
        <services>
          <service name="Services.Services" behaviorConfiguration="MyBehavior">
            <endpoint address="/" binding="basicHttpBinding" contract="Services.IServices" bindingConfiguration="MyBinding"/>   
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="MyBehavior">
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
              <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Services.ServiceAuthenticator,Services"/>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <!--<add binding="basicHttpsBinding" scheme="https"/>-->
          <add binding="basicHttpBinding" scheme="http" />
        </protocolMapping>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
        <!--
            To browse web app root directory during debugging, set the value below to true.
            Set to false before deployment to avoid disclosing web app folder information.
          -->
        <directoryBrowse enabled="true"/>    
      </system.webServer>

    Friday, January 31, 2020 6:18 PM

All replies

  • I changed the authentication from userNameAuthentication to NTLM.

    We can restrict the user authentication in IIS. Can we configure the username,password and domain in the web.config under serviceCredentials rather than configuring in IIS ?

     # User Name Authentication

    <serviceCredentials>

       <windowsAuthentication allowAnonymousLogons="false"  />

     </serviceCredentials>

    Saturday, February 1, 2020 6:05 PM
  • Hi,
    When we create a WCf service with TransportWithMessageCredential, we should provide an HTTPS binding address in site binding module of IIS.
    https://i.stack.imgur.com/YzivT.png
    This is due to the fact the security of the message layer is implemented by the SSL certificate.
    Subsequently, we should provide a client credential  of the Message layer security mode.
    httpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;
    Therefore, please refer to the below code segments written on the client-side.
    Client-side.
    //if the certificate trust relationship hasn't been established,
                //we could validate the server certificate with the below statement manually
                //ServicePointManager.ServerCertificateValidationCallback += delegate
                //{
                //    return true;
                //};
    
                //preferentially uses the configuration in the Appconfig file.
                ServiceReference1.ServiceClient client = new ServiceClient();
                client.ClientCredentials.UserName.UserName = "administrator";
                client.ClientCredentials.UserName.Password = "abcd1234!";
                var result = client.Test();
                Console.WriteLine(result);
    

    Appconfig/Webconfig
      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="BasicHttpBinding_IService">
              <security mode="TransportWithMessageCredential" />
            </binding>
          </basicHttpBinding>
        </bindings>
        <client>
          <endpoint address="https://vabqia969vm:21011/" binding="basicHttpBinding"
            bindingConfiguration="BasicHttpBinding_IService" contract="ServiceReference1.IService"
            name="BasicHttpBinding_IService" />
        </client>
      </system.serviceModel>
    

    The service address and the type of the bind are configured in the Appconfig/Webconfig. these settings are automatically generated while adding the service reference. we might need to change the service address in the configuration since it uses "Localhost" address by default.
    As regards to the authentication configured in the service credential section,  we can't configure it in the webconfig file, it needs the corresponding feature support of IIS.
    Feel free to let me know if there is anything I can help with.
    Best Regards
    Abraham
    Monday, February 3, 2020 3:33 AM
    Moderator
  • I changed  the authentication to NTLM.
    Monday, February 3, 2020 4:49 PM
  • Hi,

    If you change the authentication to NTLM, likewise, you should provide a pair of windows credential while calling the service.

    ServiceReference1.ServiceClient client = new ServiceClient();
                client.ClientCredentials.Windows.ClientCredential.UserName = "administrator";
                client.ClientCredentials.Windows.ClientCredential.Password = "abcd1234!";


    These credentials usually are the login account on the server-side.
    Feel free to let me know if the problem still exists.

    Best Regards

    Abraham

    Tuesday, February 4, 2020 6:11 AM
    Moderator
  • Used the following code for accessing the WCF for NTLM Authentication and it is working.

    In IIS, we can restrict the domain user. Is there any option of adding the domain,user name and password in web.config of WCF serice  instead of restricting from IIS ?

                 EndpointAddress endpoint = new EndpointAddress(new Uri(""));
                BasicHttpBinding httpBinding = new BasicHttpBinding();
                httpBinding.Security.Mode = BasicHttpSecurityMode.TransportCredentialOnly;
                httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Ntlm;
                httpBinding.Security.Transport.ProxyCredentialType = HttpProxyCredentialType.Ntlm;

               ServicesClient.test_ServicesClient client = new ServicesClient.test_ServicesClient(httpBinding, endpoint);

                client.ClientCredentials.Windows.AllowedImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Impersonation;
                client.ClientCredentials.Windows.ClientCredential.Domain = "";
                client.ClientCredentials.Windows.ClientCredential.UserName = "";
                client.ClientCredentials.Windows.ClientCredential.Password = "";
            

    Tuesday, February 4, 2020 7:18 AM
  • Hi,
    I don’t know much about how to restrict the domain user. I would like to know that solution. It seems that the server only validates the username/password, not domain name.
    Best Regards
    Abraham
    Wednesday, February 5, 2020 7:38 AM
    Moderator
  • IIS level, we can restrict the domain users. I just want  to know whether it is possible to add the allowed domain user in the web.config of the WCF Service. 
    Wednesday, February 5, 2020 7:49 AM
  • Hi,
    As far as I know, we can’t control the authenticated user in the webconfig file while setting the authentication mode to NTLM/Windows. But if we change it to

                BasicHttpBinding binding = new BasicHttpBinding();
                binding.Security.Mode = BasicHttpSecurityMode.TransportWithMessageCredential;
                binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Windows;
                binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;


    The client-side should provide a pair of username/password while calling the remote service. In this case, In webconfig file we can configure other options for authentication, such as using specific database data.

    <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="SqlMembershipProvider"/>
              </serviceCredentials>

    Best Regards

    Abraham

    Wednesday, February 5, 2020 9:28 AM
    Moderator