none
Custom binding with authentication RRS feed

  • Question

  • I get the below error when I try browsing the wsdl (http://localhost:51230/OrderPlacementService.svc)

    <pre>The 'CustomBinding'.'http://tempuri.org/' binding for the 'IOrderPlacementService'.'http://tempuri.org/' contract is configured with an authentication mode that requires transport level integrity and confidentiality. However the transport cannot provide integrity and confidentiality.</pre>

    The namespace is <pre>OrderPlacement</pre>
    Interface is <pre>IOrderPlacementService</pre>
    Class that implements the Interface is <pre>OrderPlacementService</pre>

    Below is the entire web.config

    <pre><?xml version="1.0"?>
    <configuration>
      <appSettings>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
        <add key="DBConnectionString" value="Server=localhost;Database=orderplacement;Uid=root;Pwd=root;" ></add>
      </appSettings>
      <system.web>
        <compilation debug="true" targetFramework="4.6.1" />
        <httpRuntime targetFramework="4.6.1"/>
      </system.web>
      <system.serviceModel>
        <bindings>
          <customBinding>
            <binding name="CustomBinding_IOrderPlacementService">
              <security defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport" requireDerivedKeys="false" includeTimestamp="false" canRenewSecurityContextToken="true">
                <secureConversationBootstrap defaultAlgorithmSuite="Default" authenticationMode="UserNameOverTransport" requireDerivedKeys="true" includeTimestamp="true" >
                  <localClientSettings detectReplays="false"/>
                  <localServiceSettings detectReplays="false"/>
                </secureConversationBootstrap>
                <localClientSettings detectReplays="false"/>
                <localServiceSettings detectReplays="false"/>
              </security>
              <textMessageEncoding writeEncoding="utf-8" />
             
              <httpTransport manualAddressing="false" maxBufferPoolSize="524288"
                             maxReceivedMessageSize="65536" allowCookies="false"
                             authenticationScheme="Anonymous" bypassProxyOnLocal="false"
                             hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true"
                             maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" realm=""
                             transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                             useDefaultWebProxy="true"   >
          
              </httpTransport>
               
            </binding>
          </customBinding>
        </bindings>
        <services>
          <service name="OrderPlacement.OrderPlacementService" behaviorConfiguration="OrderPlacementBehavior">
            <endpoint address="OrderPlacementService.svc" binding="customBinding" bindingConfiguration="CustomBinding_IOrderPlacementService" name="CustomBinding_IOrderPlacementService" contract="OrderPlacement.IOrderPlacementService"/>
            <!-- <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> -->
            <endpoint address="mex" binding="mexHttpBinding" contract="OrderPlacement.IOrderPlacementService"/>
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="OrderPlacementBehavior">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> 
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="OrderPlacement.UserNameValidator, OrderPlacement"/>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
        <!--
            To browse web app root directory during debugging, set the value below to true.
            Set to false before deployment to avoid disclosing web app folder information.
          -->
        <directoryBrowse enabled="true"/>
      </system.webServer>
    </configuration>
    </pre>
    ----
    Though I have a <pre>httpTransport</pre> defined the error says <pre>authentication mode that requires transport level integrity</pre> I tried googling could not find a solution.


    Thursday, December 26, 2019 10:27 AM

All replies

  •       

    HI,
    Buddy, for providing the integrity and confidentiality of the SOAP message, we should use a certificate to secure the communication. We are supposed to replace the HttpTransport section with HttpsTransport section.

        <!--<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
                             maxReceivedMessageSize="65536" allowCookies="false"
                             authenticationScheme="Anonymous" bypassProxyOnLocal="false"
                             hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true"
                             maxBufferSize="65536" proxyAuthenticationScheme="Anonymous" realm=""
                             transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
                             useDefaultWebProxy="true"   >
    
              </httpTransport>-->
              <httpsTransport>
              </httpsTransport>



    Then configure an HTTPS binding in IIS site binding module.
    https://i.stack.imgur.com/2lFZE.png
    Also, there is a little issue in your code snippets.

    <!-- <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/> -->
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
    


    Besides the UsernameOverTransport authentication mode, the UserNameForCertificate authentication mode also is capable of authenticating the client with username/password, only we need to do is configure an extra certificate to support HTTP protocol.

       <behavior name="OrderPlacementBehavior">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" findValue="5ba5022f527e32ac02548fc5afc558de1d314cb6"/>
              </serviceCredentials>
            </behavior>
    

    For details about the authencation mode in Custombinding.
    https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/securitybindingelement-authentication-modes
    Feel free to let me know if the problem still exists.

    Best Regards

    Abraham

    Friday, December 27, 2019 5:20 AM
    Moderator