wsHTTPBinding authentication error

474 views Asked by At

I'd like to implement wsHTTPBinding on a web service but I continuously get this error: "The caller was not authenticated by the service". I've seen a ton of posts on the subject but they either do not fix my issue/not related to my configuration or the 'answer' is to use basicHTTPBinding. The service is hosted within the root folder of a secure website complete with its own ssl certificate. I was hoping that I could use that certificate to reasonably secure the SOAP messages which is why I want to stick with wsHTTP. However, I've tried modifying all kinds of configurations - even setting authentication mode to 'none' just to get it to work - but every time I get the same error. Does anyone know how I can modify the web.config settings to get wsHTTPBinding to work using the existing ssl certificate?

Web.config

<?xml version="1.0"?>
  <configuration>
    <appSettings/>
      <connectionStrings/>
        <system.web>


          <trust level="Full"></trust>

          <compilation debug="true" strict="false" explicit="true" targetFramework="4.0"/>

          </system.web>

          <system.serviceModel>
            <services>
              <service behaviorConfiguration="xxxService1.xxx1Behavior" name="xxxService1.xxx1">
                <endpoint address="" 
                binding="basicHttpBinding" 
                contract="xxxService1.Ixxx1"
                bindingConfiguration="secureHttpBinding"
                >
                </endpoint>
                <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
              </service>
            </services>
          <bindings>
        <basicHttpBinding>
          <binding name="secureHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="None"/>
          </security>
    </binding>
  </basicHttpBinding>
</bindings>
<behaviors>
  <serviceBehaviors>
    <behavior name="xxxService1.Service1Behavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
    <behavior name="xxxService1.xxx1Behavior">
      <serviceMetadata httpGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="false"/>
    </behavior>
  </serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true">
</serviceHostingEnvironment>
</system.serviceModel>

<system.webServer>
  <modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>

</configuration>

App.config

<?xml version="1.0" encoding="utf-8" ?>
  <configuration>
    <startup useLegacyV2RuntimeActivationPolicy="true">

    <requiredRuntime version="v4.0.20506"/>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>
     </startup>
    <system.serviceModel>
    <bindings>
      <basicHttpBinding>
        <binding name="secureHttpBinding">
          <security mode="Transport">
          <transport clientCredentialType="None"/>
          </security>
        </binding>
     </basicHttpBinding>

    </bindings>
    <client>

    <endpoint address="https://111.111.111.111/xxxAPI/xxx1.svc" 
            binding="basicHttpBinding"

            contract="TestingxxxService1.Ixxx1"
      name="BasicHttpBinding_Ixxx1"
            bindingConfiguration="secureHttpBinding" />
    </client>
</system.serviceModel>
</configuration>
2

There are 2 answers

2
Simon Taylor On

You need to post your client and server config. The configuration depends on what credentials you need want to use for authentication. To use SSL over a HTTP binding (BasicHttpBinding or WsHttpBinding), the security mode will be Transport or TransportWithMessageCredential. Why do you need WsHttpBinding for this?

There are a bunch of different configuration options here: http://msdn.microsoft.com/en-us/library/ms789011%28v=vs.110%29.aspx

An example:

<wsHttpBinding>
    <binding name="WsHttpBinding_ICalculator">
        <security mode="TransportWithMessageCredential" >
           <message clientCredentialType="UserName" />
        </security>
    </binding>
</wsHttpBinding>
0
eric_the_animal On

The problem here was that I was testing the service on our new site that we have not yet migrated to. So, that site was only identified by the IP address and not the domain. The SSL certificate from the old site that I had the tech at our web hosting service port over to the new site rejected the communication because obviously the request was for a resource from an IP it did not recognize. I 'fixed' the problem by moving the service over to the existing site for testing. A small note, you have to remember the Enable SSL in IIS if you are accessing a web service in this way.

See the endpoint element in my config file: endpoint address="https://111.111.111.111/xxxAPI/xxx1.svc"

it needs to be: endpoint address="https://www.mysite.com/xxxAPI/xxx1.svc"