WCF Service (wsHttpBinding binding) behind F5 load balancer

Question

current setup: - i have got a WCF service with wsHttpBding, see the service config below - i have implemented a ServiceHostFactory to solve the problem of incorrect schema location and soap addresses, modifying them from machine name to the correct server hostname - my test client (WCFStorm) i can generate a proxy, see all the methods and invoke them successfully. - my dev environment (client-> HTTPS -> service) works perfectly.

problems: - prod environment (client -> HTTPS -> F5 -> HTTP -> service) - my service is behind F5 load balancer which offloads SSL - my test client (WCFStorm) i can generate a proxy and see all the methods but when i invoke any of the methods i get a remote server not found 404 error

• my service config: <services> <service behaviorConfiguration="Service1Behavior" name="MyService"> <endpoint name="secure" address="" binding="wsHttpBinding" bindingConfiguration="custBinding" contract="IService"/> <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" /> </service> </services> <bindings> <wsHttpBinding> <binding name="custBinding"> <security mode="Transport"> <transport clientCredentialType="None" /> <message clientCredentialType="None" negotiateServiceCredential="false" establishSecurityContext="false" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <serviceBehaviors> <behavior name="Service1Behavior"> <serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" httpGetUrl="http://myserver/MyService.svc"/> <serviceDebug includeExceptionDetailInFaults="true"/> <dataContractSerializer maxItemsInObjectGraph="6553600" /> </behavior> </serviceBehaviors> </behaviors>

• please note that all my schema locations and soap addresses on the wsdl are correct in prod, but i simply cannot invoke any methods.

please help.

Answer 1

We have a similar situation and here's how we got it working.

in the service - we changed the binding to use basicHttpBinding and added a key that must be passed with every request.

in the client - we changed the http in the config to https and in the basicHttpBindings config changed the security mode to Transport with clientCredentialType="None".

Hope this helps.

UPDATE: I found this article soon after and I updated the configuration and it worked. So now we are using wsHttpBinding instead of basicHttpBinding. http://blogs.msdn.com/b/morgan/archive/2010/04/15/setting-up-wcf-with-a-load-balancer-using-ssl-in-the-middle.aspx

Answer 2

The problem with your service config is that the security mode is Transport, where in reality it should be None. Because any calls to your service will be HTTP behind F5 load balancer, you can not use Transport security mode there (client -> HTTPS -> F5 -> HTTP -> service). However, when calling the service from your client, the client config will need to be Transport security mode and the endpoint address will need to have an HTTPS address.

  <wsHttpBinding>
    <binding name="custBinding">
      <security mode="None">
        <transport clientCredentialType="None" />
        <message clientCredentialType="None" negotiateServiceCredential="false" establishSecurityContext="false" />
      </security>
    </binding>
  </wsHttpBinding>

Answer 3

We couldn't get this working through Layer 7 load balancing - there was various error messages returned from the service. Instead it's set up on Layer 4 load balancing with no issues.

Answer 4

This might be a little late for you, but here is how we do it. Once I have generated the proxy, I just change the http: in the config to https. Now, if I have to sometimes call it with ssl, and othertimes without, I will copy the config section, and give the copy a different name, and then when you construct the client, you can pass in the config name, and it will pick up the correct one.