Login/Register
WCF Binding to HTTPS
Asked Answered
wcf.net-3.5
G

4

20

I understand that there are many posts about this, and I've been through all of them that came up on my search and implemented everything that was mentioned. I have a WCF web service that works on my local system on HTTP, and it worked on the server on HTTP. But the client requires that this works through HTTPS. The miriad of posts on this and other sites shows me that this is not as straight forward as it should be, since before this, the ASMX web service "just worked" and didn't need complicated configuration.

I'm getting the following error with my current configuration:

Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].

Here is my code as of this moment, after trying for days to configure this to work to no avail:

<system.serviceModel>

    <!--     -->
    <serviceHostingEnvironment  aspNetCompatibilityEnabled="true" >
        <baseAddressPrefixFilters>
            <add prefix="https://mysite.com"/>
            <add prefix="http://mysite.com"/>
        </baseAddressPrefixFilters>
    </serviceHostingEnvironment>

    <!-- Set up Custom Behaviors -->    
    <behaviors>

        <endpointBehaviors>
        </endpointBehaviors>

        <serviceBehaviors>
            <behavior name="WebPostService.WebPostServiceBehavior">
                <serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex"  /> 
                <serviceDebug includeExceptionDetailInFaults="false" />
            </behavior>
        </serviceBehaviors>

    </behaviors>

    <!-- Set up the binding configuration  -->
    <bindings>

        <wsHttpBinding>
            <binding    name="SOAPBinding" 
            >

                <security mode="Transport">
                </security>
            </binding>
        </wsHttpBinding>

    </bindings>

    <services>

        <service    
                    behaviorConfiguration="WebPostService.WebPostServiceBehavior"
                    name="WebPostService.WebPostService"
        >

    <host>
      <baseAddresses>
        <add baseAddress="https://mysite.com/Services/WebPostService.svc"/>
      </baseAddresses>
    </host>
            <endpoint   address="" 
                        binding="wsHttpBinding" 
                        bindingConfiguration="SOAPBinding"
                        contract="WebPostService.IWebPostService"
            >
                <identity>
                    <dns value="mysite.com" />
                </identity>
            </endpoint>

            <endpoint   
                        address="mex" 
                        binding="mexHttpsBinding" 
                        contract="IMetadataExchange" 
            >
            </endpoint>

        </service>

    </services>

</system.serviceModel>

What am I doing wrong and how can I get this to work over HTTPS? I'm frustrated that this is not as simple as it should be. I have been burried in WCF documentation at MSDN for the months working on this project, and have a good grasp of services, end-points and bindings --- enough to frustrate me even more than if I had no knowledge at all.

UPDATE: Still working on this, I had an odd error when trying to put the full URL for the mex address. I changed to this:

address="https://prcwebs.com/Services/WebPostService.svc/mex"

and got the error:

Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.

I'm not trying to use Windows Authentication, the security setting wasn't changed and is still set to

<security mode="Transport" />

Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http] - was not helpful, nothing mentioned that would help Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding - I'm using transport security, this does not apply. tried changing to different security modes, still could not get site to work.

Gilkey answered 30/1, 2013 at 18:50 Comment(6)
Are you running the service locally and getting the HTTPS error, or are is this being served by IIS and you're getting that error?Kym
It is being served by IIS. Locally, I don't have HTTPS set up, just created the default project, everything works fine. When publishing to the Web Server everything worked fine as well, until I tried accessing the site with HTTPS, which sent me into unusually difficult iterations to fix the web.config to work with HTTPS, which seems straightforward, but nothing has worked so far.Gilkey
If this is hosted in IIS, you shouldn't need any base addresses.Kym
I believe the base address is necessary because there are several addresses applied to this server. If I remove it, It gives me the error "This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. Parameter name: item"Gilkey
It shouldn't be based on the server but rather the Web Site under which this service is deployed.Kym
I hear ya buddy, I hear ya! I struggled with the same thing for AGES as well. I share your pain. I've got it all running in .NET 4, you can run it side by side with .NET 3.5, if you want the config setup for v4.0 let me know.Subtotal
D
5

Add multipleSiteBindingsEnabled="true" to the serviceHostingEnvironment and update the security to disable client credentials:

<security mode="Transport">
    <transport clientCredentialType="None"></transport>
</security>

EDIT My final working version under windows 2003 was with the following config.

<system.serviceModel>
    <serviceHostingEnvironment  aspNetCompatibilityEnabled="false" />

    <!-- Set up Custom Behaviors -->    
    <behaviors>
        <endpointBehaviors>
        </endpointBehaviors>
        <serviceBehaviors>
            <behavior name="WebPostService.WebPostServiceBehavior">
                <serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex"  /> 
                <serviceDebug includeExceptionDetailInFaults="false" />
            </behavior>
        </serviceBehaviors>
    </behaviors>

    <!-- Set up the binding configuration  -->
    <bindings>
        <wsHttpBinding>
            <binding name="SOAPBinding">
                <security mode="Transport">
                  <transport clientCredentialType="None"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>

    <services>
        <service behaviorConfiguration="WebPostService.WebPostServiceBehavior"
                 name="WcfService2.Service1">

            <host>
                <baseAddresses>
                    <add baseAddress="https://localhost/Service/Service1.svc"/>
                </baseAddresses>
            </host>
            <endpoint address="" 
                      binding="wsHttpBinding" 
                      bindingConfiguration="SOAPBinding"
                      contract="WcfService2.IService1">
                <identity>
                    <dns value="localhost" />
                </identity>
            </endpoint>

            <endpoint address="mex" 
                      binding="mexHttpsBinding" 
                      contract="IMetadataExchange">
            </endpoint>
        </service>
    </services>
</system.serviceModel>

You can access the website with https so I guess the certificate part of the installation is correct. If you have anything you want to compare with my setup, let me know.

Divisor answered 30/1, 2013 at 20:32 Comment(5)
"multipleSiteBindingsEnabled is not a valid parameter for serviceHostingEnvironment" it isn't valid in .NET 3.5.Gilkey
Another try (I'm trying to replicate it with .NET4.5) remove the baseAddressPrefixFilters tag completely, which solved the problem here.Divisor
No, I get the error "This collection already contains an address with scheme http. There can be at most one address per scheme in this collection. Parameter name: item" if I remove the baseAddressPrefixFilters.Gilkey
On what OS are you hosting your site? I will try to replicate the problem in the specific os.Divisor
Yes, Windows Server 2003, I'm really thinking it is a badly configured SSL cert. I have no clue, this takes way too long.Gilkey
B
4

I used this and it worked for me, maybe it can help you

To enable the Https on WCF WsHttp bindings, there are some simple steps that should be changed in the web.config file.

Those steps are:

Enable transport level security in the web.config file of the service:

In this step you need to change the security mode from none to Transport. The code below shows how you can do it:

<bindings>
    <wsHttpBinding>
        <binding name="TransportSecurity">
            <security mode="Transport">
                <transport clientCredentialType="None"/>
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

Tie up the binding and specify the HTTPS configuration

You need to now associate the bindings, the previews step, with the end points. use the bindingConfiguration tag to specify the binding name. You also need to specify the address where the service is hosted. The code below shows how you can do it

<service name="WCFWSHttps.Service1" behaviorConfiguration="WCFWSHttps.Service1Behavior">
<!-- Service Endpoints -->
    <endpoint address=https://localhost/WCFWSHttps/Service1.svc binding="wsHttpBinding"  bindingConfiguration="TransportSecurity" contract="WCFWSHttps.IService1"/>
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
</service>

. you also need to change httpGetEnabled to httpsGetEnabled in the serviceMetaData. The code below shows how you can it:

<serviceMetadata httpsGetEnabled="true"/>

Hope it helped

Backcross answered 8/2, 2013 at 9:19 Comment(0)
D
3

You are using the wrong bindings for HTTPS.

There is two separate binding classes. wsHttpBinding and wsHttpsBinding notice the s. You need to add a wsHttpsBinding for HTTPS under bindings and you need a new endpoint for that binding.

Also the particular error you are seeing typically I get to see if IIS hasn't been setup for https from that location.

  • Open IIS Manager
  • Open Sites
  • Right click on Default Web Site.
  • Edit Bindings
  • Ensure that there is an entry for https as well as http.
  • Open IIS Manager
  • Find your application (I think its going to be Default Web Site).
  • Right click
  • Manage Website/Application
  • Advanced Settings
  • Enabled Protocols
  • http,https
Dishonorable answered 1/2, 2013 at 16:48 Comment(1)
It isn't the Default Web Site, it is one of hundreds. There is an entry for HTTPS for this particular site. this is IIS 6, in the MMC The IP address for that particular DNS item has an SSL identity set up for SSL port 443. As for the wsHttpsBinding, I get the error: "Unrecognized element 'wsHttpsBinding'." I don't think this is supported until .NET 4.0Gilkey
S
0

I've used your exact configuration in 3.5 setting and it works with Transport mode using clientCredentialType="None" as mentioned below in Luuk's answer. But just to be sure, I went ahead an created a sample project to simulate as much of your environment as I could gather from the information here.

To simulate your environment I set my IIS (7.5) to use standard Asp.Net 2.0 Integrated app pool. I added 3 http bindings and 3 https bindings in order to simulate your "can have only one address per scheme issue" and baseAddressPrefixFilters works with that.

I only did a search and replace on mysite.com to localhost. Below is the copy paste of exact configuration that I used to produce the screenshot:

web.config

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="true" />
    <authentication mode="None"/>
    <customErrors mode="Off"/>
  </system.web>
  <system.serviceModel>
    <!--     -->
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true">
      <baseAddressPrefixFilters>
        <add prefix="https://localhost"/>
        <add prefix="http://localhost"/>
      </baseAddressPrefixFilters>
    </serviceHostingEnvironment>
    <!-- Set up Custom Behaviors -->
    <behaviors>
      <endpointBehaviors/>
      <serviceBehaviors>
        <behavior name="WebPostService.WebPostServiceBehavior">
          <serviceMetadata httpsGetEnabled="true" httpsGetUrl="WebPostServices.svc/mex"/>
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <!-- Set up the binding configuration  -->
    <bindings>
      <wsHttpBinding>
        <binding name="SOAPBinding">
          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <services>
      <service behaviorConfiguration="WebPostService.WebPostServiceBehavior" name="WebPostService.WebPostService">
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost/Services/WebPostService.svc"/>
          </baseAddresses>
        </host>
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="SOAPBinding" contract="WebPostService.IWebPostService">
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
      </service>
    </services>
  </system.serviceModel>
</configuration>

Here's the result:

Screenshot

You'll notice that WebPostService.svc appears twice in mex full url. You need to drop httpsGetUrl to be only mex instead of WebPostService.svc/mex (or drop it out altogether, and it still works fine on my side)

If you'd like to discuss this or what could be different between our envinronments besides IIS version, I'm in WPF chat room almost all day (another 5-6 hours).

Sheepdip answered 7/2, 2013 at 12:16 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.