7

I dida wcf username/password authentication on my local computer, with self signed certificate, all works fine, but when i put my application on IIS 7.5, and windows server 2008 R2, it gaves me the error:

Could not find a base address that matches scheme http for the endpoint with binding WSHttpBinding. Registered base address schemes are [https]. My web service cfg:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.serviceModel>
<behaviors>
  <serviceBehaviors>
    <behavior name="ServiceCredentialsBehavior">
      <serviceCredentials>
        <serviceCertificate findValue="cn=AmicCert" storeName="Root" storeLocation="LocalMachine" />
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Util.CustomUserNameValidator, Util" />
      </serviceCredentials>
      <serviceMetadata httpGetEnabled="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
<services>
  <service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService" />
  </service>
</services>
<bindings>
  <wsHttpBinding>
    <binding name="MessageAndUserName">
      <security mode="Message">
        <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
      <client />
   </system.serviceModel>
  <system.web>
<compilation debug="true" />
 </system.web>
 </configuration>
hazzik
  • 13,019
  • 9
  • 47
  • 86
croisharp
  • 1,926
  • 5
  • 25
  • 40
  • What it worked for me address="mex" https://stackoverflow.com/questions/7285717/why-do-i-need-both-mex-endpoint-and-httpgetenable – Levitico Jun 12 '18 at 20:31

3 Answers3

13

It sounds like the IIS web site instance you're hosting under is only configured for HTTPS (SSL). Right click the web site instance and choose "Edit Bindings...". Do you see port 80 (plain HTTP) listed there? Also check the "SSL Settings" feature to make sure the "Always require" option is not turned on.

Drew Marsh
  • 33,111
  • 3
  • 82
  • 100
  • There is only one binding, and that is on port 8010(port forwarding), should i create another binding with 80 port and without https? – croisharp Jul 27 '11 at 14:43
  • Port doesn't matter, but there has to be an non-HTTPS/SSL address bound to the site because you're not using transport security (only message security) in your config. – Drew Marsh Jul 27 '11 at 14:56
  • Your AmiCert certificate must not be installed in the store on the server yet. – Drew Marsh Jul 27 '11 at 18:22
  • 1
    I had a WCF service that was working perfectly with a server cert, client message auth (user/pass), and then stopped working, displaying this error, after I updated my server certificate. I only changed the thumbprint on the server config. Has anyone encountered that? – Udi Bar-On Aug 18 '13 at 22:42
10

Drew's answer is correct if you don't want to use HTTPS/SSL for the endpoint.

If you do want to use SSL over the endpoint, you need to change your:

<security mode="Message">

to:

<security mode="TransportWithMessageCredential">
Darbio
  • 11,286
  • 12
  • 60
  • 100
1

To get it work and still having the IIS to require SSL, you need to make some changes in your endpoint in the config file: Set the address property to the service's address with https (https://...) and the listenUri property to the service's address with http (http://...). This applies to both wsHttp and basicHttp.

Shathur
  • 1,425
  • 1
  • 15
  • 19