2

According to the wisdom of the Internet, if I intend to host my site as something.azurewebsites.com (which is the case for me), the secure schema is already activated.

However, when I make a call to (1) below, I get 404 - resource cannot be found, while a call to (2) results in the expected behavior. The only difference between those lines is the security level for the protocol (copy-pasted it, twice!) so I question the provided link's truthfulness.

  1. https://one-of-my.azurewebsites.net/SomeService.svc/Tester/beep
  2. http://one-of-my.azurewebsites.net/SomeService.svc/Tester/beep

What can I do about it?!

However, I also noticed that:

https://one-of-my.azurewebsites.net/SomeService.svc

gives me the usual site, so that might have to do with something in the method definition itself. It looks a bit like this.

namespace One-of-my
{
  [ServiceContract(Namespace = "")]
  [AspNetCompatibilityRequirements(RequirementsMode 
    = AspNetCompatibilityRequirementsMode.Allowed)]
  public class SomeService
  {
    [OperationContract]
    [WebGet(
      UriTemplate = "Tester/{blopp}",
      ResponseFormat = WebMessageFormat.Json)]
    public async Task<String> Tester(String blopp) { ... }
  }
}

My CONFIG looks as follows. First system.serviceModel.

<system.serviceModel>
  <services>
    <service name="MySite.MyService">
      <endpoint address="" 
        behaviorConfiguration="MySite.MyServiceAspNetAjaxBehavior"
        binding="webHttpBinding" 
        contract="MySite.MyService" />
    </service>
  </services>
  <behaviors>
    <endpointBehaviors>
      <behavior name="MySite.MyServiceAspNetAjaxBehavior">
        <webHttp/>
      </behavior>
    </endpointBehaviors>
    <serviceBehaviors>
      <behavior name="">
        <serviceMetadata 
          httpGetEnabled="true" 
          httpsGetEnabled="true" />
        <serviceDebug includeExceptionDetailInFaults="false" />
      </behavior>
    </serviceBehaviors>
  </behaviors>
  <protocolMapping>
    <add binding="basicHttpsBinding" scheme="https" />
  </protocolMapping>
  <serviceHostingEnvironment aspNetCompatibilityEnabled="true"
    multipleSiteBindingsEnabled="true" />
</system.serviceModel>

And here, system.webServer.

<system.webServer>
  <httpProtocol>
    <customHeaders>
      <add name="Access-Control-Allow-Origin" value="*" />
      <add 
        name="Access-Control-Allow-Methods"
        value="GET,POST,DELETE,HEAD,PUT,OPTIONS" />
      <add 
        name="Access-Control-Allow-Headers" 
        value="X-Olaround-Debug-Mode, Authorization, Accept" />
      <add 
        name="Access-Control-Expose-Headers" 
        value="X-Olaround-Debug-Mode, X-Olaround-Request-Start-Timestamp, 
          X-Olaround-Request-End-Timestamp, X-Olaround-Request-Time, 
          X-Olaround-Request-Method, X-Olaround-Request-Result, 
          X-Olaround-Request-Endpoint" />
    </customHeaders>
  </httpProtocol>
  <modules runAllManagedModulesForAllRequests="true"/>
  <directoryBrowse enabled="true"/>
</system.webServer>
Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
  • 1
    Can you show us your WCF service configuration from web.config? – b2zw2a Nov 16 '14 at 20:50
  • @plentysmart Yes. Please view the edit in the original post. – Konrad Viltersten Nov 17 '14 at 05:09
  • @plentysmart Besides the addition shown above, I also sense that [this answer](http://stackoverflow.com/a/16387355/1525840) touches my issue. However, I don't really know how to utilize it since I'm not blessed with the access to the server's settings, since I'm on Azure. – Konrad Viltersten Nov 17 '14 at 07:09
  • Try adding security configuration for your `webHttpBinding`. Something like this: ` `. – b2zw2a Nov 17 '14 at 08:37
  • @plentysmart Hmm... Could we be onto something? I don't have a *bindings* tag at all. The only set up for *webHttpBinding* is the *add* in the example above. Where in that structure do I put in *bindings*? – Konrad Viltersten Nov 17 '14 at 13:32
  • Do you want your WCF service available on both HTTP and HTTPS? – b2zw2a Nov 17 '14 at 14:57
  • @plentysmart HTTPS is the primary, because I can't get mixed content from the site I'm making a call from. However, if it's a large difference in code of the web.config, you might want to suggest both. – Konrad Viltersten Nov 17 '14 at 17:36

1 Answers1

1

You have to add binding configuration with <security mode="Transport" />. So your config should look like this (first the section that does the trick).

<bindings>
  <webHttpBinding>
    <binding name="HttpsConfiguration">
      <security mode="Transport" />
    </binding>
  </webHttpBinding>
</bindings>

Followed by the whole file architecture.

<system.serviceModel>
  <bindings> ... </bindings>
  <services> ... </services>
  <behaviors> ... </behaviors>
  ...
</system.serviceModel>

I've tried this config (with my WCF service name & contract) and it works fine both on http & https.

Konrad Viltersten
  • 36,151
  • 76
  • 250
  • 438
b2zw2a
  • 2,663
  • 15
  • 15