12

I am using IIS 7. HTTPS binding is enabled on it with port number 443. I have a WCF service as an application under the website. I am trying to introduce HTTPS security to service (with basicHttpBinding) based on http://msdn.microsoft.com/en-us/library/ms729700.aspx

I am getting the following error – “The provided URI scheme 'https' is invalid; expected 'http'.”. When I checked the event log it has the stack trace as follows: 

Stack Trace :    at System.ServiceModel.Channels.TransportChannelFactory`1.ValidateScheme(Uri via)

at System.ServiceModel.Channels.HttpChannelFactory.ValidateCreateChannelParameters(EndpointAddress remoteAddress, Uri via)

What is the change required to make it working on HTTPS with basicHttpBinding?

Note: Certificate is created using "Create Self Signed Certificate" in IIS 7.

 <system.serviceModel>

  <behaviors>
<serviceBehaviors>
  <behavior name="serviceFaultBehavior">
    <serviceMetadata httpGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true"/>
  </behavior>
</serviceBehaviors>
  </behaviors>

  <services>
<service name="Business.TV.Clearance.Services.ServiceHandler"
         behaviorConfiguration="serviceFaultBehavior">
  <endpoint address=""
            binding="basicHttpBinding"
            contract="Business.TV.Clearance.Services.IServiceHandler"
            bindingConfiguration="httpBinding">
    <identity>
      <dns value="localhost" />
    </identity>
  </endpoint>
</service>


  <bindings>
<basicHttpBinding>

  <binding name="httpBinding"
           maxReceivedMessageSize="2000000"
           maxBufferSize="2000000">

    <security mode="Transport">
      <transport clientCredentialType="Windows" />
    </security>


    <readerQuotas maxDepth="2147483647"
                  maxStringContentLength="2147483647"
                  maxArrayLength="2147483647" />
  </binding>
</basicHttpBinding>
  </bindings>

   <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />

   <extensions>
 <behaviorExtensions>
  <add name="serviceFaultBehavior"
type="Business.TV.Clearance.Services.ServiceFaultBehaviorExtensionElement,Business.TV.Clearance.Services, Version=1.0.0.0, Culture=neutral"/>
</behaviorExtensions>
  </extensions>

</system.serviceModel>
LCJ
  • 22,196
  • 67
  • 260
  • 418
  • 1
    have you tried being explicit in the endpoint address? – Marc Gravell Dec 01 '11 at 07:49
  • I tried with explicit address "https://10.10.XXX.YYY/MyService/ServiceHandler.svc". Still the same issue is there. There is no other end point. – LCJ Dec 01 '11 at 08:41
  • 1
    Depends on what your certificate is issued for. It's usually for machine name, not IP. Do you have other endpoints in config? Have you tried with specifying endpoint address? – Andrey Marchuk Dec 01 '11 at 08:50
  • 1
    should be machine name as well – Andrey Marchuk Dec 01 '11 at 08:53
  • Certificate is created using "Create Self Signed Certificate" in IIS 7. – LCJ Dec 01 '11 at 08:54
  • Reference: http://stackoverflow.com/questions/845423/securing-wcf-service-using-basichttpbinding-which-supports-streaming and http://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-ii – LCJ Oct 25 '12 at 09:33
  • The question is answered here: http://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-ii – Nauman Khan May 06 '14 at 09:17

3 Answers3

4

You need to change:

<serviceMetadata httpGetEnabled="true" />

to:

<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
competent_tech
  • 44,465
  • 11
  • 90
  • 113
0

Please try as shown below:

<service name="UserNameWithoutSSL.UsernameWithSSLService" behaviorConfiguration="TransportWithSecurity">
  <endpoint address="" binding="basicHttpBinding" bindingConfiguration="usernameViaSSL" contract="UserNameWithoutSSL.IUsernameWithSSLService">
    <identity>
      <dns value="localhost"/>
    </identity>
  </endpoint>
  <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
  <host>
    <baseAddresses>
      <add baseAddress="https://PCName/" />
    </baseAddresses>
  </host>
</service>

<basicHttpBinding>
  <binding name="usernameViaSSL">
    <security mode="TransportWithMessageCredential">
      <message clientCredentialType="UserName"/>
    </security>
  </binding>
</basicHttpBinding>

<serviceBehaviors>
  <behavior name="TransportWithSecurity">
    <serviceCredentials>
      <serviceCertificate findValue="localhost" storeLocation="LocalMachine"
        storeName="My" x509FindType="FindBySubjectName" />
      <userNameAuthentication userNamePasswordValidationMode="Windows" />
    </serviceCredentials>
    <serviceMetadata httpsGetEnabled="true" />
    <serviceDebug includeExceptionDetailInFaults="true" />
  </behavior>
</serviceBehaviors>

Now on your IIS on the virtual directory you need to have mapped 443 to accept Https traffic and assign a certificate that it needs to use for securing the transport layer.

Rajesh
  • 7,766
  • 5
  • 22
  • 35
  • clientCredentialType="UserName". Where do I define the user name of the service? Any reference document to take the complete application for this? – LCJ Dec 01 '11 at 14:28
  • You can change that from "Username" to "Windows". That depends on what type of client cerdentials you want to have for authentication – Rajesh Dec 01 '11 at 14:57
-2

Please try to replace the below, this should work.

Original:

<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>

Replace with:

<security mode="Transport">
<transport clientCredentialType="None" />
</security>
Bjarki Heiðar
  • 3,117
  • 6
  • 27
  • 40
Afazal
  • 542
  • 5
  • 9