none
Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http]. RRS feed

  • Question

  • I have an application which I need to secure on https. I have changed it to use wsHttpBinding, the security mode is transport and the message credential is windows. The front end web server accesses an endpoint with an https address but throws the error noted below. I am being told by the server admin that when the message reaches the loadbalancer it is decrypted and sent on as http (message below).

    The admin has supposedly changed the loadbalancer to pass the message through as https but I still get the same issue.

    With the load balancer change the admin is telling me that the call from browser to the front-end site on the netscaler is using SSL (then SSL is terminated at load balancer and request sent through to front-end server on port 80), then the call from the front-end server to the middle-tier site on the netscaler is using SSL (then continued SSL on through to the server, but currently only dev is set up this way because of a change made to the middle tier load balancer to pass the message through as SSL).

    If I remove the binding configuration from the endpoint for the back end only the call works.

    What is the proper configuration to send the message over SSL from end to end with a windows credential?

    Here is my binding configuration on the server:

      <

    endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsBindingConfiguration" contract="xxx.Wdd.Services.Contracts.ISecurityService">

      <

    wsHttpBinding>

            <

    binding name="wsBindingConfiguration" maxReceivedMessageSize="200000000">

              <

    security mode="Transport">

                <

    transport clientCredentialType="Windows">

                  <

    extendedProtectionPolicy policyEnforcement="WhenSupported" />

                </

    transport>

            </

    security>

            </

    binding>

          </

    wsHttpBinding>

    Here is my binding configuration on the client:


       <

    endpoint address=xxxx binding="wsHttpBinding" contract="xxx.Wdd.Services.Contracts.ISecurityService" name="WSHttpBinding_Development_ISecurityService" bindingConfiguration="wsBindingConfiguration"/>

    <


    wsHttpBinding>

            <

    binding name="wsBindingConfiguration" maxReceivedMessageSize="200000000">

              <

    security mode="Transport">

                <

    transport clientCredentialType="Windows">

                  <

    extendedProtectionPolicy policyEnforcement="WhenSupported" />

                </

    transport>

              </

    security>

            </

    binding>

          </

    wsHttpBinding>



    • Edited by Steve Kollmorgen Wednesday, January 13, 2016 4:19 PM update contract
    Wednesday, January 13, 2016 4:17 PM

Answers

  • Hi Steve Kollmorgen,
    I don't  test it with load balance. If you host your service on IIS, have you set the https protocol with

    the site. If not, please Right click the web site instance and choose "Edit Bindings...".

    Also check the "SSL Settings" feature to make sure the "Always require" option is not turned on.

    Next, if you use the Load balance on your server, do you use the URL Rewrite ?

    Rewrite the http to https? If so, please check the matches the pattern.

    Best Regards,

    Wanjun Dong (Pactera Technologies)


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Monday, January 18, 2016 9:13 AM
    Moderator

All replies

  • Hi Steve,

    I create a test project to test this issue. It works fine.

    So, according to this case, I thought this issue could relate to not matches the correctly protocol.

    Because, when we use the wsHttpBinding, the default protocol is http.

    As far as I know, if you want to use the https protocol, you need to configure the following

    node in your web.config file.

    <protocolMapping>
          <add binding="wsHttpBinding" scheme="https"/>
          <add binding="basicHttpsBinding" scheme="https" />
    </protocolMapping>    
     

    This node should be add the child note below the <system.serviceModel>

    Also, please make sure that get the service metadata via https protocol.

    you can check the following note:

    <serviceMetadata  httpsGetEnabled="true"/>

    please set the httpsGetEnable as true. This node should be add as child note below the

    <behavior>.

    I hope that will be helpful to you.

    Best Regards,

    Wanjun Dong


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.


    Thursday, January 14, 2016 5:33 AM
    Moderator
  • Wanjun,

    I made the changes you suggested but still receive the same error. Is your test project sitting behind a load balancer which is forwarding on the message as http? This works on my local machine without your suggestions. Have you another idea?

    Also, I am little confused about the default of http you mentioned. If I specify security mode of transport does that not indicate that the transport will manage the security? Since http is plain text I don't understand how that will be using http by default. Perhaps you could explain.

    Thanks,

    Steve

    Friday, January 15, 2016 3:59 PM
  • Hi Steve Kollmorgen,
    I don't  test it with load balance. If you host your service on IIS, have you set the https protocol with

    the site. If not, please Right click the web site instance and choose "Edit Bindings...".

    Also check the "SSL Settings" feature to make sure the "Always require" option is not turned on.

    Next, if you use the Load balance on your server, do you use the URL Rewrite ?

    Rewrite the http to https? If so, please check the matches the pattern.

    Best Regards,

    Wanjun Dong (Pactera Technologies)


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. Click HERE to participate the survey.

    Monday, January 18, 2016 9:13 AM
    Moderator