Pankaj11

I am getting the following error when I browse the Service.SVC file:

Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].

I have done following step, can you please tell me what am I missing

1. I created a seperate website on IIS with port 90.

2. I ran the following command to install the SSL certificate.

C:\Program Files\Support Tools>httpcfg set ssl -I 0.0.0.0:90 -h a586fc83bd30d288
d2c08067c03ca51258c94e32
HttpSetServiceConfiguration completed with 0.

C:\Program Files\Support Tools>httpcfg query ssl localhost:80
IP : 0.0.0.0:90
Hash : a586fc83bd30d288d2c08067c03ca51258c94e32
Guid : {00000000-0000-0000-0000-000000000000}
CertStoreName : (null)
CertCheckMode : 0
RevocationFreshnessTime : 0
UrlRetrievalTimeout : 0
SslCtlIdentifier : (null)
SslCtlStoreName : (null)
Flags : 0
------------------------------------------------------------------------------

C:\Program Files\Support Tools>

3. I have following configuration for the Service.

< xml version="1.0" encoding="utf-8" >

<configuration>

<appSettings>

<add key="GetAddressTimeDelay" value="0"/>

</appSettings>

<system.serviceModel>

<services>

<service

name="Fabrikam.Project.AddressService.Microsoft_Address"

behaviorConfiguration="MyServiceTypeBehaviors">

<host>

<baseAddresses>

<add baseAddress="https://Projectprod1.techlabs.Fabrikam.com:90/UserNameTokenOnSSL"/>

</baseAddresses>

</host>

<endpoint binding="basicHttpBinding"

bindingNamespace ="http://www.Fabrikam.com/Project"

contract="Fabrikam.Project.AddressService.IAddress"

bindingConfiguration="basicHttpBindingConfiguration"

behaviorConfiguration="EndpointBehaviors" />

</service>

</services>

<!-- Basic HTTP binding -->

<bindings>

<basicHttpBinding>

<binding name="basicHttpBindingConfiguration">

<security mode="TransportWithMessageCredential" >

<message clientCredentialType="UserName" />

</security>

</binding>

</basicHttpBinding>

</bindings>

<behaviors>

<serviceBehaviors>

<behavior name="MyServiceTypeBehaviors" >

<serviceMetadata httpGetEnabled="true" />

<serviceDebug includeExceptionDetailInFaults="true" />

<serviceCredentials>

<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="Fabrikam.Project.AddressService.CustomUserNameValidator, Fabrikam.Project.AddressService" />

<clientCertificate>

<authentication certificateValidationMode="PeerOrChainTrust" trustedStoreLocation="LocalMachine" />

</clientCertificate>

<serviceCertificate findValue="AuthenticateKey" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

</serviceCredentials>

</behavior>

</serviceBehaviors>

<endpointBehaviors>

<behavior name="EndpointBehaviors">

<wsdlInclude/>

</behavior>

</endpointBehaviors>

</behaviors>

<extensions>

<behaviorExtensions>

<add name="wsdlInclude" type="Fabrikam.Project.WCFExtensions.InlineWsdlElement, Fabrikam.Project.WCFExtensions, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null"/>

</behaviorExtensions>

</extensions>

</system.serviceModel>

</configuration>

Server Error in '/UserNameTokenOnSSL' Application.


Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Sajay - MSFT

Did you resolve this

Are you trying to self host or on IIS If IIS could you remove the base address and check if you have the SSL setup on IIS and check that the site can accept SSL requests
Once you get that do open up the a page or something from the site so that you can check the validity of your cert.
if not you would require PermissiveCertificatePolicy on the client to use that certificate






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Pankaj11

Thanks Sajay.

No I could not resolve the problem yet.

Yes I am trying to the service on IIS. I removed the base addressed as you have suggested. I did setup the SSL certificate.

I used makecert utility to create the test certificate. I used the intructions from this site to install the ssl certificate. http://msdn2.microsoft.com/en-us/library/ms751408.aspx

I never got https working. I can browse the SVC file using http. But https was not working.

Thanks,

- Pankaj.






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Eric Oostergo

WCF does not allow you to send UserName tokens using regular unsecured http (basicHttpBinding). The reason for this is that the token is passed as clear text and can be read by anyone that intercepts it, thus being a severe security risk.

The reason that WSE 3.0 does allow this is that regular asmx webservices using basic http connectivity by default and WSE 3.0 is the means to secure this channel. WSE 3.0 does not make you use https and will not restrict you when you want to send a username token as clear text. WCF is obviously a bit more strict.

Regards,

Eric.





Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Sajay - MSFT

If you are using test certs made with makecert When you browse to the serivce you probably get "There is a problem with the website's security certificate"

This is because you the chain validation for the certifcate fails. You can allow a client to actually this by using the

PermissiveCertificatePolicy.Enact("CN=ServiceModelSamples-HTTPS-Server");

This would enable a client process to actually use the certificate even though the Issuer CA(root certificate) is not in the trusted root of the machine.

Let me know if you are having problems in getting clients taking to the service.






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Pankaj11

Thanks for your replies.

I am still confused. I understand that clear text UserName Token will not be allowed by WCF basicHTTPBinding.

But if the service and client both use SSL then it (WCF) should allow cleartext password for UserName Token. Becuase clear text pssword in UserName token with Transport security should be ok.

I want to host the WCF service using basicHTTPBinding for UserName Token. This service will be on SSL. The reason I want to use basicHTTPBinding is that the non-MS client can call the service. If I use wsHTTPBinding I am restricted to only MS-Client on WCF platform.

It is not that simple to setup SSL, basicHTTPBinding and UserName Token (clear text) on WCF platform.

Thanks,






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Sajay - MSFT

First this is not about basic httpbinding.

For using a usernamePassword token, the binding elements require a security BindingElement somewhere in the channel stack. It may be on the transport or on the message. So having said that, if you use https (security mode=transport), you should not have any problem with using the UsenamePassword Token.

Also setting up SSL is a part of the IIS configuration so this is quite straight forward. http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/56bdf977-14f8-4867-9c51-34c346d48b04.mspx mfr=true

You might not had a valid certificate to test this with and so if you can use the PermissiveCertificatePolicy.Enact for enabling using a cert. The transport security sample in the SDK has thsi setup already.

I had already posted your scenario here. http://blogs.msdn.com/sajay/archive/2006/12/30/transportwithmessagecredentials-i-need-to-know-who-s-knocking-on-my-door.aspx. Please download the sample and take a look.

Thanks

Sajay






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Pankaj11

Thanks Sajay. I have resolved this problem. It would be nice if I can post the attached sample zip file for others to take advantage.

Thanks,






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Michele Leroux Bustamante

Try removing the <host> base addresses section of your configuration file.

This section is not necessary for IIS-hosted services. The .svc file is the base address.






Re: Windows Communication Foundation (Indigo) Getting an error for setting UserNamePassword Token setting for WCF Service on IIS usin basicHTTPBinding.

Sajay - MSFT

Please close your thread by marking as a answer the appropriate post. You can probably link up your code by hosting it on your personal blog etc and then drop alink here.