none
WCF via HTTPS (in parts) RRS feed

  • Question

  • Hi,

    on one of our servers that are public accessible I run a WCF service that is reachable with something like

    https://myappname.mycompany.com/Service/MyService.svc

    When doing so in a browser I get the well known page for WCF services:

    Right on this page I can already see something unwanted: The command line for the svcutil.exe and the link to the WSDL have (both the same of course but) another address than the one I typed. It is the address the server is also reachable when called from our company network:

    http://myservername.my-dmz.com/Service/MyService.svc

    This happens when I call the service with the public URL when I call it from within our company network as well as when I call it from an 'external' client. It is public reachable with its HTTPS address but the internal HTTP address is always printed on the page. The link to the WSDL is only reachable when called from within company network, of course.

    Now I try to call the service from my application (.NET Framework 4.7.2, C# 7) and it succeeds when called by the internal HTTP address:

      <system.serviceModel>
        <client>
          <endpoint address="http://myservername.my-dmz.com/Service/MyService.svc" 
                    bindingConfiguration="myServiceBinding" 
                    binding="wsFederationHttpBinding" 
                    contract="myapp.IMyService" />
        </client>
    
        <bindings>
          <wsFederationHttpBinding>
            <binding name="myServiceBinding" 
                     messageEncoding="Mtom">
              <reliableSession enabled="true" ordered="true" />
              <security mode="None" />
            </binding>
          </wsFederationHttpBinding>
        </bindings>
      </system.serviceModel>

    but fails when called by the external address (which is the way I have to call it in production):

      <system.serviceModel>
        <client>
          <endpoint address="https://myappname.mycompany.com/Service/MyService.svc" 
                    binding="customBinding" 
                    bindingConfiguration="mySecureServiceBinding" 
                    contract="myapp.IMyService" />
        </client>
    
        <bindings>
          <customBinding>
            <binding name="mySecureServiceBinding">
              <reliableSession  />
              <httpsTransport />
            </binding>
          </customBinding>      
        </bindings>
      </system.serviceModel>
    What I get in this case is an exception and an error text saying "There was no endpoint listening at https://myappname.mycompany.com/Service/MyService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details."

    which may possibly lead to the point I stated right at the beginning: The service called by HTTPS refers to the HTTP address.

    Unfortunately the IIS where the service is hosted doesn't use HTTPS at the moment. The HTTPS is handles by a firewall and request is then forwarded to the IIS. I don't think this is an uncommon setting (or is it?). How can I get the service to run when called from external client?

    Thursday, April 9, 2020 5:54 AM

All replies

  • Hi,
    I didn’t encounter this kind of issue before.  Is that configuration automatically generated by adding service reference, what is the service address when we use the public service address?  The binding configuration should correspond to the practical service configuration.
    Besides, Does this scenario is applicable for Proxy attribute?
    https://stackoverflow.com/questions/951523/how-can-i-set-an-http-proxy-webproxy-on-a-wcf-client-side-service-proxy
    Best Regards
    Abraham Qian
    Tuesday, April 14, 2020 9:13 AM
    Moderator
  • Hello Abraham,

    https://myappname.mycompany.com/Service/MyService.svc is the public address of the service

    The upper configuration ist the one that is used in Production but with a different server that is also public available but is http, not https. Somethign like http://companyservices.mycompany.com/Service/MyService.svc

    The second configuration is the one I initially thought would be the one that can handle reliableSession via https.

    Both are not auto-generated. And I'm afraid the SO-Link/Thread can help me much. This is not about a (outgoing) proxy.

    Best regards,

    Chris


    Wednesday, April 15, 2020 10:23 AM