Archive for abril 2015

Experiencies NLB, WSDL, SSL, HTTPS

Posted by kiquenet en 14 abril 2015

El sitio web está en 2 servidores de preproducción: preiis01 y preiis02. No está configurado SSL.

A la url http://preiis01/ServicioPyS/Service.svc?wsdl puedo acceder e invocar al servicio y funciona bien (todo por http)

La url de https://pruebaslba.xxxx.net/ServicioPyS/Service.svc?wsdl se refiere al Balanceador (F5 creo que es), que permite acceso desde fuera (acceso público), y ahí parece está configurado el SSL. Los detalles no los conozco, es de ámbito de sistemas.

El problema es relativo al WSDL

http://preiis01/ServicioPyS/Service.svc?wsdl

<wsdl:service name="ActualService">

<wsdl:port name="ActualServiceEndPoint"binding="i0:ActualServiceEndPoint">

<soap:addresslocation="http://preiis01/ServicioPyS/Service.svc/Service.svc" />

</wsdl:port>

</wsdl:service>

Con la url del WSDL del balanceador el problema que la parte de soap:address location no la genera bien (la pone como http)

https://pruebaslba.xxxx.net/ServicioPyS/Service.svc?wsdl

<wsdl:service name="ActualService">

<wsdl:port name="ActualServiceEndPoint"binding="i0:ActualServiceEndPoint">

<soap:addresslocation="http://pruebaslba.xxxx.net/ServicioPyS/Service.svc/Service.svc" />

</wsdl:port>

</wsdl:service>

Por eso la solución rápida que encontré fue modificar el WSDL (singlefile) manualmente (la parte de soap:addresslocation y poner httpS) y ponerlo en https://pruebaslba.xxxx.net/ServicioPyS/WSDL/ServiceWsdlModificado.Single.wsdl

https://pruebaslba.xxxx.net/ServicioPyS/WSDL/ServiceWsdlModificado.Single.wsdl

<wsdl:service name="ActualService">

<wsdl:port name="ActualServiceEndPoint"binding="tns:ActualServiceEndPoint">

<soap:addresslocation="https://pruebaslba.xxxx.net/ServicioPyS/Service.svc/Service.svc"/>

</wsdl:port>

</wsdl:service>

Seguramente hay una forma de hacerlo sin tener que hacer esa modificación manual del WSDL, desconozco esos temas si el sitio web en el IIS no es SSL, y sin embargo en la llamada desde internet a través de Load Balancer se hace a través de SSL.

hay temas de “SSL pass-through” y load balancer. Yo lo desconozco

http://blog.tonysneed.com/2012/06/18/building-scalable-and-secure-wcf-services/

Error inicial hasta que se descubrió que sitio IIS no tiene SSL habilitado.

error

Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].

Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].

Googleando, he visto distintas configuraciones e ido probando alternativas para serviceMetadata, bindings, baseAddresses, ..

</security>

</binding>

</binding>

</basicHttpBinding>

</security>

</binding>

</wsHttpBinding>

</bindings>

<endpoint

address=""

binding="basicHttpBinding"

bindingConfiguration="SecureTransportOnly"

name="xxxActualServiceEndPoint"

bindingNamespace="https://pruebaslba.xxxx.net/ServicioPyS"

contract="IxxxActualService">

Hasta probé

<!–<host>

</baseAddresses>

</host>–>

<!–<identity>

</identity>—>

HOW-TO Configure an IIS-hosted WCF service with SSL
https://msdn.microsoft.com/es-es/library/hh556232(v=vs.110).aspx

WCF Service namespaces

http://rebuildall.umbraworks.net/rebuildall/2010/11/10/WCF_service_namespaces

http://rogue-technology.com/blog/2010/03/wcf-namespaces/

public const string NAMESPACE = "https://ServicioPyS.xxxx.es";

[ServiceContract(Name = "IActualService", Namespace = Constants.NAMESPACE)]

public interface IActualService

[System.Runtime.Serialization.DataContract(Namespace = Constants.NAMESPACE)]

public class Cabecera

[System.Runtime.Serialization.DataContract(Namespace = Constants.NAMESPACE)]

public enum Respuesta

bindingNamespace and WSDL
http://stackoverflow.com/questions/4730071/wcf4-hosting-in-iis-wsdl-bindingnamespace-is-never-read
http://stackoverflow.com/questions/6189596/how-do-i-set-bindingnamespace-when-using-fileless-activation

Info relativa a configuración SSL, HTTPS y bindings WCF

http://weblogs.asp.net/srkirkland/wcf-bindings-needed-for-https
http://webservices20.blogspot.com.es/2008/11/how-to-use-clear-usernamepassword-with.html

WCF Security:authentication based on Username/Password – Part II
http://blog.itpub.net/13651903/viewspace-1033654/

http://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-ii

Otras referencias WCF Security

http://blog.tonysneed.com/2012/06/18/building-scalable-and-secure-wcf-services/

http://webcache.googleusercontent.com/search?q=cache:wbqiI_T6G1kJ:blog.hackedbrain.com/2006/09/26/how-to-ssl-passthrough-with-wcf-or-transportwithmessagecredential-over-plain-http/+&cd=1&hl=es&ct=clnk&gl=es

http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/

https://social.msdn.microsoft.com/Forums/vstudio/en-US/87a254c8-e9d1-4d4c-8f62-54eae497423f/how-to-ssl-passthrough-from-bigip?forum=wcf

http://www.dotnetcurry.com/showarticle.aspx?ID=486

Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]
http://www.codeproject.com/Questions/612618/Could-not-find-a-base-address-that-matches-scheme

http://stackoverflow.com/questions/9817718/could-not-find-a-base-address-that-matches-scheme-https-for-the-endpoint-with-bi
http://stackoverflow.com/questions/6846038/could-not-find-a-base-address-that-matches-scheme-http-for-the-endpoint-with-bin
http://stackoverflow.com/questions/19918213/wcf-exception-could-not-find-a-base-address-that-matches-scheme-http-for-the-en

http://www.yangsoft.com/blog/?p=122
https://social.msdn.microsoft.com/Forums/vstudio/en-US/27760daa-2f68-4aab-80dc-7777745ba72b/could-not-find-a-base-address-that-matches-scheme-https-for-the-endpoint-with-binding-wshttpbinding?forum=wcf

Posted in .NET | Etiquetado: https, ssl, wcf | Leave a Comment »

WCF Quotas and IIS Limits

Posted by kiquenet en 14 abril 2015

Exceptions about Quotas and limits using WCF for uploading files or another method:

System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at http://localhost:8080/oms/FileService.svc that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. —> System.Net.WebException: The remote server returned an error: (404) Not Found.

System.InsufficientMemoryException: Failed to allocate a managed memory buffer of 279620368 bytes. The amount of available memory may be low. —> System.OutOfMemoryException: Exception of type ‘System.OutOfMemoryException’ was thrown.

The maximum message size quota for incoming messages (65536) has been exceeded. To increase the quota, use the MaxReceivedMessageSize property on the appropriate binding element.

Review “quotas” of Bindings
http://stackoverflow.com/questions/1573606/wcf-maxreceivedmessagesize-maximum-message-size-quota-exceeded

I can view System.ServiceModel.Diagnostics.MessageNotLoggedQuotaExceeded in the svclog file.

No se registró el mensaje porque el tamaño supera la cuota configurada
Message not logged because its size exceeds configured quota

Request Limits <requestLimits>
maxAllowedContentLength
Specifies the maximum length of content in a request, in bytes.
maxAllowedContentLength has type uint, its maximum value is 4,294,967,295 bytes = 3,99 gb

209715200 are 200 MB

In addition to maxAllowedContentLength, the maxRequestLength on the server side in your WCF confgiration needs to be increased as well.

<system.web>
<!–Increase ‘maxRequestLength’ to needed value: 100mb (value is in kilobytes)–>
<httpRuntime maxRequestLength="102400"/>

the default web site doesn’t override it using:

"%WINDIR%\System32\inetsrv\appcmd.exe" list config "Default web site" -section:requestFiltering

Note about SubStatusCode:

WebExceptionStatus – ProtocolError = 7
HTTP Substatus
404.13 Content Length Too Large
404.14 URL Too Long
404.15 Query String Too Long
404.10 Request Header Too Long

WebException hasn’t SubStatusCode, only HttpException
https://msdn.microsoft.com/en-us/library/system.web.httpresponse.substatuscode(v=vs.110).aspx

Useful Troubleshooting Failed Requests – Tracing in IIS
http://www.iis.net/learn/troubleshoot/using-failed-request-tracing/troubleshooting-failed-requests-using-tracing-in-iis

using (ServerManager serverManager = new ServerManager())
{
   Configuration config = serverManager.GetWebConfiguration("Default Web Site");
   ConfigurationSection requestFilteringSection = config.GetSection("system.webServer/security/requestFiltering");
   ConfigurationElement requestLimitsElement = requestFilteringSection.GetChildElement("requestLimits");
   ConfigurationElementCollection headerLimitsCollection = requestLimitsElement.GetCollection("headerLimits");

   ConfigurationElement addElement = headerLimitsCollection.CreateElement("add");
   addElement["header"] = @"Content-type";
   addElement["sizeLimit"] = 100;
   headerLimitsCollection.Add(addElement);

serverManager.CommitChanges();
}

EndpointNotFoundException with InnerExcception (WebException) hasn’t SubStatusCode, only HttpException:

catch (System.ServiceModel.EndpointNotFoundException ex)
           {
               var iex = ex.InnerException;
               TestContext.WriteLine(iex.ToString());
               if (iex is System.Net.WebException)
               {
                   var msg = "no http status code available";
                   var wex = (iex as System.Net.WebException);
                   if (wex.Status == System.Net.WebExceptionStatus.ProtocolError)
                   {
                       var response = wex.Response as System.Net.HttpWebResponse;
                       if (response != null)
                       {
                           msg = "HTTP Status Code: " + (int)response.StatusCode;
                       }
                   }
                   TestContext.WriteLine(msg);
               }