Q
quortex
Hi all,
I am having a strange problem when enabling WCF message security with
username password authentication via a custom asp.net provider. To
start with here is the service configuration I am using:
------------------
-- SERVER
------------------
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior"
name="My.Framework.Core.Services.RoleService">
<endpoint address="" bindingConfiguration="ServiceBinding"
binding="wsHttpBinding"
contract="My.Framework.Core.Services.IRoleService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ServiceBinding">
<security mode ="None">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceAuthorization principalPermissionMode
="UseAspNetRoles"
roleProviderName ="MyRoleProvider" />
<serviceCredentials>
<!-- Configure user name authentication to use the
Membership Provider -->
<userNameAuthentication userNamePasswordValidationMode
="MembershipProvider"
membershipProviderName
="MyMembershipProvider"/>
<!-- Configure the service certificate -->
<serviceCertificate storeLocation ="LocalMachine"
storeName ="My"
x509FindType="FindBySubjectName"
findValue ="MyServerCert" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
------------------
-- CLIENT
------------------
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IRoleService">
<security mode="None">
<message clientCredentialType ="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust" /> <!-- Not for
production-->
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:50161/TestServerA/
RoleService.svc"
behaviorConfiguration="ClientBehavior" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IRoleService"
contract="RoleService.IRoleService"
name="WSHttpBinding_IRoleService">
<identity>
<dns value="MyServerCert" />
</identity>
</endpoint>
</client>
</system.serviceModel>
The settings above work fine but as I understand the username and
password authentication mode requires transport or message security to
be enabled. When I set the security mode to Message the proxy puts
itself into a faulted state as soon as I make a call to the server,
and no method is being invoked by the server and no server side errors
are being reported.
using (RoleServiceClient client = new RoleServiceClient())
{
client.ClientCredentials.UserName.UserName = "Test";
client.ClientCredentials.UserName.Password = "Password1$";
client.Exists("TestRole");
}
When I try and make the call a CommunicationException is thrown thus
putting the service into a faulted state.
I would initially assume that this is due to a problem with the X509
certificate. I created the certificate with makecert following
instructions from the web and it has installed itself correctly into
the personal certificate store. The certificate is configured for data
protection and key exchange as required.
Initially I setup an invalid certificate and when I accessed the .svc
file from a web browser an exception was thrown. Now the certificate
is setup correctly this works as expected so this leads me to believe
that the certificate is fine.
I am currently using the VS2008 file web server rather than IIS. My
next move is to try hosting in IIS and use transport layer security so
I can continue development until this is resolved.
For the meantime any ideas would be appreciated I am sure I am doing
something stupid.
Regards,
Mark
I am having a strange problem when enabling WCF message security with
username password authentication via a custom asp.net provider. To
start with here is the service configuration I am using:
------------------
-- SERVER
------------------
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior"
name="My.Framework.Core.Services.RoleService">
<endpoint address="" bindingConfiguration="ServiceBinding"
binding="wsHttpBinding"
contract="My.Framework.Core.Services.IRoleService">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding"
contract="IMetadataExchange" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="ServiceBinding">
<security mode ="None">
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceAuthorization principalPermissionMode
="UseAspNetRoles"
roleProviderName ="MyRoleProvider" />
<serviceCredentials>
<!-- Configure user name authentication to use the
Membership Provider -->
<userNameAuthentication userNamePasswordValidationMode
="MembershipProvider"
membershipProviderName
="MyMembershipProvider"/>
<!-- Configure the service certificate -->
<serviceCertificate storeLocation ="LocalMachine"
storeName ="My"
x509FindType="FindBySubjectName"
findValue ="MyServerCert" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
------------------
-- CLIENT
------------------
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IRoleService">
<security mode="None">
<message clientCredentialType ="UserName" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication
certificateValidationMode="PeerOrChainTrust" /> <!-- Not for
production-->
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost:50161/TestServerA/
RoleService.svc"
behaviorConfiguration="ClientBehavior" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IRoleService"
contract="RoleService.IRoleService"
name="WSHttpBinding_IRoleService">
<identity>
<dns value="MyServerCert" />
</identity>
</endpoint>
</client>
</system.serviceModel>
The settings above work fine but as I understand the username and
password authentication mode requires transport or message security to
be enabled. When I set the security mode to Message the proxy puts
itself into a faulted state as soon as I make a call to the server,
and no method is being invoked by the server and no server side errors
are being reported.
using (RoleServiceClient client = new RoleServiceClient())
{
client.ClientCredentials.UserName.UserName = "Test";
client.ClientCredentials.UserName.Password = "Password1$";
client.Exists("TestRole");
}
When I try and make the call a CommunicationException is thrown thus
putting the service into a faulted state.
I would initially assume that this is due to a problem with the X509
certificate. I created the certificate with makecert following
instructions from the web and it has installed itself correctly into
the personal certificate store. The certificate is configured for data
protection and key exchange as required.
Initially I setup an invalid certificate and when I accessed the .svc
file from a web browser an exception was thrown. Now the certificate
is setup correctly this works as expected so this leads me to believe
that the certificate is fine.
I am currently using the VS2008 file web server rather than IIS. My
next move is to try hosting in IIS and use transport layer security so
I can continue development until this is resolved.
For the meantime any ideas would be appreciated I am sure I am doing
something stupid.
Regards,
Mark