El TecnoBaúl de Kiquenet

Kiquenet boring stories

Posts Tagged ‘ssl’

Experiencies NLB, WSDL, SSL, HTTPS

Posted by kiquenet en 14 abril 2015

El sitio web está en 2 servidores de preproducción: preiis01 y preiis02. No está configurado SSL.

A la url http://preiis01/ServicioPyS/Service.svc?wsdl puedo acceder e invocar al servicio y funciona bien (todo por http)

La url de https://pruebaslba.xxxx.net/ServicioPyS/Service.svc?wsdl se refiere al Balanceador (F5 creo que es), que permite acceso desde fuera (acceso público), y ahí parece está configurado el SSL. Los detalles no los conozco, es de ámbito de sistemas.

El problema es relativo al WSDL

http://preiis01/ServicioPyS/Service.svc?wsdl

<wsdl:service name="ActualService">

<wsdl:port name="ActualServiceEndPoint"binding="i0:ActualServiceEndPoint">

<soap:addresslocation="http://preiis01/ServicioPyS/Service.svc/Service.svc" />

</wsdl:port>

</wsdl:service>

  Con la url del WSDL del balanceador el problema que la parte de soap:address location no la genera bien (la pone como http)

https://pruebaslba.xxxx.net/ServicioPyS/Service.svc?wsdl

<wsdl:service name="ActualService">

<wsdl:port name="ActualServiceEndPoint"binding="i0:ActualServiceEndPoint">

<soap:addresslocation="http://pruebaslba.xxxx.net/ServicioPyS/Service.svc/Service.svc" />

</wsdl:port>

</wsdl:service>

   Por eso la solución rápida que encontré fue modificar el WSDL (singlefile) manualmente  (la parte de soap:addresslocation y poner httpS)  y ponerlo en https://pruebaslba.xxxx.net/ServicioPyS/WSDL/ServiceWsdlModificado.Single.wsdl

https://pruebaslba.xxxx.net/ServicioPyS/WSDL/ServiceWsdlModificado.Single.wsdl

<wsdl:service name="ActualService">

<wsdl:port name="ActualServiceEndPoint"binding="tns:ActualServiceEndPoint">

<soap:addresslocation="https://pruebaslba.xxxx.net/ServicioPyS/Service.svc/Service.svc"/>

</wsdl:port>

</wsdl:service>

Seguramente hay una forma de hacerlo sin tener que hacer esa modificación manual del WSDL, desconozco esos temas si el sitio web en el IIS no es SSL, y sin embargo en la llamada desde internet a través de Load Balancer se hace a través de SSL.

hay temas de “SSL pass-through” y load balancer. Yo lo desconozco

http://blog.tonysneed.com/2012/06/18/building-scalable-and-secure-wcf-services/

clip_image002

Error inicial  hasta que se descubrió que sitio IIS no tiene SSL habilitado.

error

Could not find a base address that matches scheme https for the endpoint with binding WSHttpBinding. Registered base address schemes are [http].

o

Could not find a base address that matches scheme https for the endpoint with binding BasicHttpBinding. Registered base address schemes are [http].

Googleando, he visto distintas configuraciones e ido probando alternativas para serviceMetadata, bindings, baseAddresses, ..

<serviceMetadata httpGetEnabled="false o true" httpsGetEnabled="true" />

<bindings>

      <basicHttpBinding>

        <binding name="SecureTransportOnly">

          <security mode="Transport">

            <transport clientCredentialType="None" proxyCredentialType="None" realm="" />

          </security>

        </binding>

        <binding name="NoSecure">

          <security mode="None"><transport clientCredentialType="None"/></security>

        </binding>

      </basicHttpBinding>

      <wsHttpBinding>

        <binding name="SecureTransportOnly">

          <security mode="Transport">

              <transport clientCredentialType="None" proxyCredentialType="None" realm="" />

</security>

        </binding>

      </wsHttpBinding>

    </bindings>

   <endpoint

address=""

binding="basicHttpBinding"

bindingConfiguration="SecureTransportOnly"

name="xxxActualServiceEndPoint"

bindingNamespace="https://pruebaslba.xxxx.net/ServicioPyS"

contract="IxxxActualService">

<endpoint address="mex" binding="mexHttpBinding o mexHttpsBinding" contract="IMetadataExchange"/>

Hasta probé 

  <!–<host>

          <baseAddresses>

            <add  baseAddress="https://pruebaslba.xxxx.net o https://pruebaslba.xxxx.net/ServicioPyS"/>

</baseAddresses>

        </host>–>

          <!–<identity>

            <dns value="localhost" />

          </identity>—>

 

HOW-TO Configure an IIS-hosted WCF service with SSL
https://msdn.microsoft.com/es-es/library/hh556232(v=vs.110).aspx

WCF Service namespaces

http://rebuildall.umbraworks.net/rebuildall/2010/11/10/WCF_service_namespaces

http://rogue-technology.com/blog/2010/03/wcf-namespaces/

public const string NAMESPACE = "https://ServicioPyS.xxxx.es";

[ServiceContract(Name = "IActualService", Namespace = Constants.NAMESPACE)]

public interface IActualService


[System.Runtime.Serialization.DataContract(Namespace = Constants.NAMESPACE)]

public class Cabecera

[System.Runtime.Serialization.DataContract(Namespace = Constants.NAMESPACE)]

public enum Respuesta

bindingNamespace and WSDL
http://stackoverflow.com/questions/4730071/wcf4-hosting-in-iis-wsdl-bindingnamespace-is-never-read
http://stackoverflow.com/questions/6189596/how-do-i-set-bindingnamespace-when-using-fileless-activation

Info relativa a configuración SSL, HTTPS y bindings WCF

http://weblogs.asp.net/srkirkland/wcf-bindings-needed-for-https
http://webservices20.blogspot.com.es/2008/11/how-to-use-clear-usernamepassword-with.html

WCF Security:authentication based on Username/Password – Part II
http://blog.itpub.net/13651903/viewspace-1033654/

http://stackoverflow.com/questions/2904883/how-can-i-use-wcf-with-only-basichttpbinding-ssl-and-basic-authentication-in-ii

Otras referencias WCF Security

http://blog.tonysneed.com/2012/06/18/building-scalable-and-secure-wcf-services/

http://webcache.googleusercontent.com/search?q=cache:wbqiI_T6G1kJ:blog.hackedbrain.com/2006/09/26/how-to-ssl-passthrough-with-wcf-or-transportwithmessagecredential-over-plain-http/+&cd=1&hl=es&ct=clnk&gl=es

http://blog.adnanmasood.com/2008/07/16/https-with-basichttpbinding-note-to-self/

https://social.msdn.microsoft.com/Forums/vstudio/en-US/87a254c8-e9d1-4d4c-8f62-54eae497423f/how-to-ssl-passthrough-from-bigip?forum=wcf

http://www.dotnetcurry.com/showarticle.aspx?ID=486

Could not find a base address that matches scheme https for the endpoint with binding WebHttpBinding. Registered base address schemes are [http]
http://www.codeproject.com/Questions/612618/Could-not-find-a-base-address-that-matches-scheme

http://stackoverflow.com/questions/9817718/could-not-find-a-base-address-that-matches-scheme-https-for-the-endpoint-with-bi
http://stackoverflow.com/questions/6846038/could-not-find-a-base-address-that-matches-scheme-http-for-the-endpoint-with-bin
http://stackoverflow.com/questions/19918213/wcf-exception-could-not-find-a-base-address-that-matches-scheme-http-for-the-en

http://www.yangsoft.com/blog/?p=122
https://social.msdn.microsoft.com/Forums/vstudio/en-US/27760daa-2f68-4aab-80dc-7777745ba72b/could-not-find-a-base-address-that-matches-scheme-https-for-the-endpoint-with-binding-wshttpbinding?forum=wcf

Anuncios

Posted in .NET | Etiquetado: , , | Leave a Comment »