Login/Register
"Configuring Services with Endpoints" Demo Fails For Me (Microsoft/endpoint.tv/Pluralsight)
Asked Answered
Solved wcfexceptionx509wcf-configurationwcf-endpoint
U

6

6

I'm trying to follow along with the demo videos on the beginners to WCF page on MSDN.

The first video worked more or less fine. I'm now towards the end of the second video. I am using VS2010 / .NET 4.0, whereas the video seems to be using VS2008 (I'm assuming .NET 3.5, but I don't recall).

I'm using the following demo

We've just added 3 more end points: a plain http, net.tcp, and net.pipe. When I try to run the project now the Web service fails to start.

System.InvalidOperationException: Cannot load the X.509 certificate identity specified in the configuration.
   at System.ServiceModel.Description.ConfigLoader.LoadIdentity(IdentityElement element)
   at System.ServiceModel.Description.ConfigLoader.LoadServiceDescription(ServiceHostBase host, ServiceDescription description, ServiceElement serviceElement, Action`1 addBaseAddress)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, ServiceElement serviceSection)
   at System.ServiceModel.ServiceHostBase.LoadConfigurationSectionInternal(ConfigLoader configLoader, ServiceDescription description, String configurationName)
   at System.ServiceModel.ServiceHostBase.ApplyConfiguration()
   at System.ServiceModel.ServiceHostBase.InitializeDescription(UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost.InitializeDescription(Type serviceType, UriSchemeKeyedCollection baseAddresses)
   at System.ServiceModel.ServiceHost..ctor(Type serviceType, Uri[] baseAddresses)
   at Microsoft.Tools.SvcHost.ServiceHostHelper.CreateServiceHost(Type type, ServiceKind kind)
   at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)

Based on my Google fu, I came across this thread: "Cannot load the X.509 certificate identity specified in the configuration"

I really didn't want to get involved in certificates just yet since I'm still just experimenting with the basics so I followed the advice in that post and just added the <dns value="localhost" /> tag. The exception changes:

Please try changing the HTTP port to 8732 or running as Administrator.
System.ServiceModel.AddressAccessDeniedException: HTTP could not register URL http://+:8080/EvalService/. Your process does not have access rights to this namespace (see http://go.microsoft.com/fwlink/?LinkId=70353 for details). ---> System.Net.HttpListenerException: Access is denied
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   --- End of inner exception stack trace ---
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()
   at System.ServiceModel.Channels.TransportManager.Open(TransportChannelListener channelListener)
   at System.ServiceModel.Channels.TransportManagerContainer.Open(SelectTransportManagersCallback selectTransportManagerCallback)
   at System.ServiceModel.Channels.TransportChannelListener.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.HttpChannelListener.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.DatagramChannelDemuxer`2.OnOuterListenerOpen(ChannelDemuxerFilter filter, IChannelListener listener, TimeSpan timeout)
   at System.ServiceModel.Channels.SingletonChannelListener`3.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.NegotiationTokenAuthenticator`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityProtocolFactory.Open(String propertyName, Boolean requiredForForwardDirection, SecurityTokenAuthenticator authenticator, TimeSpan timeout)
   at System.ServiceModel.Security.SymmetricSecurityProtocolFactory.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityProtocolFactory.Open(Boolean actAsInitiator, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionSecurityTokenAuthenticator.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.CommunicationObjectSecurityTokenAuthenticator.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenCommunicationObject(ICommunicationObject obj, TimeSpan timeout)
   at System.ServiceModel.Security.SecurityUtils.OpenTokenAuthenticatorIfRequired(SecurityTokenAuthenticator tokenAuthenticator, TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionServerSettings.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Security.WrapperSecurityCommunicationObject.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecuritySessionServerSettings.Open(TimeSpan timeout)
   at System.ServiceModel.Security.SecurityListenerSettingsLifetimeManager.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.SecurityChannelListener`1.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Dispatcher.ChannelDispatcher.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
   at System.ServiceModel.Channels.CommunicationObject.Open()
   at Microsoft.Tools.SvcHost.ServiceHostHelper.OpenService(ServiceInfo info)
System.Net.HttpListenerException (0x80004005): Access is denied
   at System.Net.HttpListener.AddAllPrefixes()
   at System.Net.HttpListener.Start()
   at System.ServiceModel.Channels.SharedHttpTransportManager.OnOpen()

So, I tried doing what it said: changing the port to be 8732, but the exception is still thrown, this time saying Please try changing the HTTP port to 8732...HTTP could not register URL http://+:8732/EvalService/.... :P

I've tried commenting out the new end points to no avail. Even the original ones fail with this error. Doesn't matter either if I put them back to the original port [not so] 1337.

Here's the App.config, and nothing stands out as problematic:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
  <system.web>
    <compilation debug="true" />
  </system.web>
  <system.serviceModel>
    <services>
      <service name="EvalServiceLibrary.EvalService">
        <clear />
        <endpoint address="ws" binding="wsHttpBinding" contract="EvalServiceLibrary.IEvalService"
          listenUriMode="Explicit">
          <identity>
            <dns value="localhost" />
            <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"
          listenUriMode="Explicit">
          <identity>
              <dns value="localhost" />
              <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="basic" binding="basicHttpBinding" contract="EvalServiceLibrary.IEvalService"
          listenUriMode="Explicit">
          <identity>
            <dns value="localhost" />
            <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="net.tcp://localhost:8888/EvalService" binding="netTcpBinding"
          contract="EvalServiceLibrary.IEvalService" listenUriMode="Explicit">
          <identity>
            <dns value="localhost" />
            <certificateReference storeName="My" storeLocation="LocalMachine"
              x509FindType="FindBySubjectDistinguishedName" />
          </identity>
        </endpoint>
        <endpoint address="net.pipe://localhost/EvalService" binding="netNamedPipeBinding"
          bindingConfiguration="" contract="EvalServiceLibrary.IEvalService" />
        <host>
          <baseAddresses>
            <add baseAddress="http://localhost:8080/EvalService" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

What is wrong / how do I fix it?

Usually answered 25/10, 2011 at 15:3 Comment(0)
U
3

A seemingly working solution for the latter of the two problems above (the HTTP could not register URL one) can be found in the VS2010 Training Kit posted in the comments of Gabobcat's answer (by him).

In the 4th exercise, "Ex4-ServiceDiscovery", you are given what appears to be a chat application that uses WCF services to communicate between two clients. It uses a discovery feature to find peers on the network. Long story short, the same exception occurs when you initially try running the completed application (after filling in the discovery events as laid out in the exercise). Bundled with the Training Kit is a couple of batch scripts (which AFAICT uses Microsoft's "open source" license so I should be able to share these scripts) to set or delete "URL ACLs". In practice, they appear to only be a single (useful) command:

File: AddURLACL.cmd

@Echo Off
@Echo Grant permissions for URL reservation
@Echo Parameter 1 "%1" == port
@Echo Parameter 2 "%2" == URL
pause
netsh http add urlacl url=http://+:%1/%2 user=%USERDOMAIN%\%USERNAME%

File: DelURLACL.cmd

@Echo Off
@Echo Deletes permissions for URL reservation
@Echo Parameter 1 "%1" == port
@Echo Parameter 2 "%2" == URL
pause
netsh http delete urlacl url=http://+:%1/%2

Obviously, the netsh commands are the only ones that matter. The example project has you use the following command (from a "Run as Administrator" Command Prompt window) to "fix" this exception:

C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Setup\AddURLACL.cmd 8000

(I used the absolute path just to show you where in the Training Kit you could find these scripts; personally I was in the WhatsNewInWCF4\Source directory when I did this)

The string 8000 only occurs 1 time throughout this project:

C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Ex4-ServiceDiscovery\Begin\C#>findstr /n /s "8000" *
DiscoveryChat\SimpleChat.cs:376:            this.localAddress = new Uri("http://localhost:8000/" + Guid.NewGuid().ToString());

It appears that port 8000 is the port that the chat clients are trying to launch a service host on (don't ask me how they all share it...I assume that the ServiceHost class they use is intelligent enough to reuse an existing service...).

I haven't experimented thoroughly with this yet, but it seems to have "fixed" my EvalService project (when I changed the port to 8000). That is currently with most endpoints removed (only the basicHttpBinding endpoint left) and the baseAddress set to localhost:8000.

Let me know if this works for you too.

Usually answered 27/10, 2011 at 15:15 Comment(0)
A
7

I too followed the same webcast and had the same problems. I got around the cert issue by commenting those entries out as suggested by others.

I corrected the "Please try changing the HTTP port to 8732 or running as Administrator" by adding "Design_Time_Addresses" back into my url

Doesn't Work

<add baseAddress="http://localhost:8732/AMessageService" />

Works!

<add baseAddress="http://localhost:8732/Design_Time_Addresses/AMessageService" />
Ariannaarianne answered 27/2, 2012 at 6:5 Comment(1)
Works also for me in VS 2012.Franz
U
3

A seemingly working solution for the latter of the two problems above (the HTTP could not register URL one) can be found in the VS2010 Training Kit posted in the comments of Gabobcat's answer (by him).

In the 4th exercise, "Ex4-ServiceDiscovery", you are given what appears to be a chat application that uses WCF services to communicate between two clients. It uses a discovery feature to find peers on the network. Long story short, the same exception occurs when you initially try running the completed application (after filling in the discovery events as laid out in the exercise). Bundled with the Training Kit is a couple of batch scripts (which AFAICT uses Microsoft's "open source" license so I should be able to share these scripts) to set or delete "URL ACLs". In practice, they appear to only be a single (useful) command:

File: AddURLACL.cmd

@Echo Off
@Echo Grant permissions for URL reservation
@Echo Parameter 1 "%1" == port
@Echo Parameter 2 "%2" == URL
pause
netsh http add urlacl url=http://+:%1/%2 user=%USERDOMAIN%\%USERNAME%

File: DelURLACL.cmd

@Echo Off
@Echo Deletes permissions for URL reservation
@Echo Parameter 1 "%1" == port
@Echo Parameter 2 "%2" == URL
pause
netsh http delete urlacl url=http://+:%1/%2

Obviously, the netsh commands are the only ones that matter. The example project has you use the following command (from a "Run as Administrator" Command Prompt window) to "fix" this exception:

C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Setup\AddURLACL.cmd 8000

(I used the absolute path just to show you where in the Training Kit you could find these scripts; personally I was in the WhatsNewInWCF4\Source directory when I did this)

The string 8000 only occurs 1 time throughout this project:

C:\VS2010TrainingKit\Labs\WhatsNewInWCF4\Source\Ex4-ServiceDiscovery\Begin\C#>findstr /n /s "8000" *
DiscoveryChat\SimpleChat.cs:376:            this.localAddress = new Uri("http://localhost:8000/" + Guid.NewGuid().ToString());

It appears that port 8000 is the port that the chat clients are trying to launch a service host on (don't ask me how they all share it...I assume that the ServiceHost class they use is intelligent enough to reuse an existing service...).

I haven't experimented thoroughly with this yet, but it seems to have "fixed" my EvalService project (when I changed the port to 8000). That is currently with most endpoints removed (only the basicHttpBinding endpoint left) and the baseAddress set to localhost:8000.

Let me know if this works for you too.

Usually answered 27/10, 2011 at 15:15 Comment(0)
F
1

The problem is in your configuration. You are referencing the certificates in your endpoints. Either you remove them:

<certificateReference storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectDistinguishedName" />

Or you place some certificates in your certificate store. I recomend removing the "identity" configuration sections at this point, until you learn a bit more abour WCF. Try staying just on basic endpoint configuration for starters, and work your way from the point in which you understand the basics of WCF. WCF gives you a large (really large) set of configuration options depending on your specific needs.

Maybe these links help you go into WCF better that the videos you have been watching:

Hope this helps.

Foreword answered 25/10, 2011 at 15:12 Comment(12)
Thanks. Commenting out the <identity> tags gets rid of the X.509 certificate error(s), but I'm still left with the binding error(s). I think the <identity> sections were also automatically added by Visual Studio (without any special action by me), so it seems unintuitive to have to get rid of them for this demo.Usually
How many Enpoint/Bindings do you have? Start with one endpoint with a basicHttpBinding. Remove the other endpoints and the bindings they are referencing. Are you using the VS development server or other web server? If so, let VS control the port numbers. If you are using other web server, stick to port 80 for the sake of your demos. If you need to, post the new exceptions you are getting.Foreword
The first link posted above is the first link in the OP. ;) That's where I found the video. :PUsually
If I comment out all other end points (including the mex) and leave only the <basicHttpBinding> (with the <identity> commented out), then change the <baseAddress> to http://localhost/EvalService, I still get the latter exception from the OP: access denied, don't own the rights to the namespace, etc...Usually
Sorry about that. Still, you should read a litlle bit the documentation on that site before going into the video tutorials.Foreword
Put the entire URL in you browser, all the way to .svc, like localhost/EvalService/EvalService.svc. Do you still get the error?Foreword
let us continue this discussion in chatUsually
The correct path should be localhost/EvalService/ + "The name of your service". I used "EvalService.svc" as an example. Make sure you are using the correct name. If that is not it, then I do not know what else could be happening for the 404 problem has quite a few reasons. I would recomend that you go follow a more simple tutorial.Foreword
Well I don't have an .svc file if that is what you're referring to. Only an interface (ServiceContract), two classes (a DataContract and an implementation of the ServiceContract interface), and an App.config. :) So if you were referring to the path to an .svc file I have none. Otherwise, I am just confused. :P What annoys me is that I'm following the beginners video on the beginners Web site! \o/ It's not like I'm going after advanced stuff. I think this is the very basics..Usually
One last thing I could not post it yesterday. Download the VS2010 TrainingKit. It has step by step tutorial, Begin and End code samples for the tutorial so you can compare your results with the expected results, and it covers many aspects of VS2010 and .NET, not only WCF. Do not get frustrated with the video tutorial. It is basic but it uses some tools that are not helping you to understand WCF, and insted makign thing more obscure. It is never easy at the begining, but keep on going and you will get it. Hope this helps. Good luck.Foreword
The training kit is more difficult to figure out than WCF. >:PUsually
The training kit seems to demonstrate how to solve the latter of the two problems above! Hurray! I haven't tested it out on my original project yet. If I find that it works I'll add an answer with the solution. (Hint: it's in the "What's New In WCF4" lab in the 4th exercise)Usually
I
1

I was frustated with the same issue. Finally I found the solution by myself by running the Visual Studio as Administrator by right clicking Visual Studio 2010 and choosing 'Run As Administrator'.

Inconsequential answered 8/4, 2012 at 4:59 Comment(0)
F
0

Thought I would add an updated consolidated answer from what I was reading.

While we can all go to great lengths to allow permissions with the certificate, most of the people reading this are really just wanting to get the WCF endpoints up and running ASAP.

Thus a few choices.

1. sudipto-kumar-mukherjee above states "I was frustated with the same issue. 
Finally I found the solution by myself by running the Visual Studio as Administrator 
by right clicking Visual Studio 2010 and choosing 'Run As Administrator'."   
--> Yes,  this     will work.
OR
2. nasp.tech response with 
"Doesn't Work"
<add baseAddress="http://localhost:8732/AMessageService" />
"Works!"
<add baseAddress="http://localhost:8732/Design_Time_Addresses/AMessageService" />

Either of these seems to be the fastest ways to get up and running with this issue.

Foch answered 25/2, 2013 at 0:57 Comment(0)
A
-2

To run as an administrator, right click Visual Studio and select Run as Administrator from the context menu. To run as administrator all the time, right click Visual Studio, then go to properties in the context menu Got to the compatibility tab, then select Run this program as an administrator.

Avan answered 19/12, 2013 at 3:8 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.