Clever Geek Handbook

WCF + SSL Routing

I need to create a "routing" service. I am trying to use System.ServiceModel.Routing.IRequestReplyRouter.Net I can only get it to work in HTTP mode, not HTTPS. Error: "Unable to establish a secure SSL / TLS connection" ... I also tried my own certificate validator, but it doesn't get called! (it is created, but no validation method is called)

I posted my config here:

<?xml version="1.0"?>

      

        
        
        
      

    

    <bindings>

        <customBinding>
            <!-- Security Off version-->
            <binding name="customBindingNotSecure">
                <textMessageEncoding messageVersion="Soap12WSAddressing10"/>
                <httpTransport />
            </binding>

            <!-- Security On -->
            <binding name="customBindingSecure">

                <textMessageEncoding messageVersion="Soap12WSAddressing10">
                </textMessageEncoding>
                <security authenticationMode="UserNameOverTransport" />
                <httpsTransport  />
            </binding>

            <binding name="platoneBinding">
                <textMessageEncoding messageVersion="Soap12WSAddressing10" />
                <httpsTransport maxReceivedMessageSize="1000000" maxBufferPoolSize="1000000" maxBufferSize="1000000" />
            </binding>

        </customBinding>


    </bindings>

    <services>
        <service behaviorConfiguration="routingService" name="System.ServiceModel.Routing.RoutingService">
            <endpoint address=""
              binding="customBinding"
              name="reqReplyEndpoint"
              contract="System.ServiceModel.Routing.IRequestReplyRouter"  bindingConfiguration="customBindingSecure"/>

            <endpoint address=""
              binding="customBinding"
              name="reqReplyEndpointHttp"
              contract="System.ServiceModel.Routing.IRequestReplyRouter"
    bindingConfiguration="customBindingNotSecure"/>

        </service>


    </services>
    <behaviors>

        <endpointBehaviors>
            <behavior name="CustomClientBehavior">
                <clientCredentials>
                    <serviceCertificate>
                        <defaultCertificate findValue="serverx509v1" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                        <authentication customCertificateValidatorType="com.abodata.plat1.WCFProxy.PlatoneCertificateValidator, PlatoneWSRelay"
                         certificateValidationMode="Custom" revocationMode="NoCheck" />
                    </serviceCertificate>
                </clientCredentials>
            </behavior>
        </endpointBehaviors>

        <serviceBehaviors>
            <behavior name="routingService">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
                <routing routeOnHeadersOnly="true" filterTableName="routingTable1" />
                <serviceCredentials>

                    <clientCertificate>

                        <authentication customCertificateValidatorType="com.abodata.plat1.WCFProxy.PlatoneCertificateValidator, PlatoneWSRelay"
                         certificateValidationMode="Custom" revocationMode="NoCheck" />
                    </clientCertificate>
                    <userNameAuthentication userNamePasswordValidationMode="Custom"
                     customUserNamePasswordValidatorType="com.abodata.plat1.WCFProxy.UsernameValidator, PlatoneWSRelay" />

                </serviceCredentials>

            </behavior>

            <behavior name="">
                <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                <serviceDebug includeExceptionDetailInFaults="true" />
            </behavior>


        </serviceBehaviors>
    </behaviors>

    <routing>
        <filters>
            <filter name="MatchAllFilter1" filterType="MatchAll" />
        </filters>
        <filterTables>
            <filterTable name="routingTable1">
                <add filterName="MatchAllFilter1" endpointName="PlatoneWSService" />
            </filterTable>
        </filterTables>

    </routing>

    <client>
        <endpoint address="https://10.0.2.243:9006/Persistence"
         binding="customBinding" bindingConfiguration="platoneBinding"
         contract="*" name="PlatoneWSService">

            <identity>
 <dns value="serverx509v1" />
</identity>
        </endpoint>
    </client>


    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>

EDIT: I was able to establish a TLS connection by adding to my config

<system.net>
    <settings>
        <servicePointManager checkCertificateName="false"  checkCertificateRevocationList="false"/>
    </settings>
</system.net>

But ... now I'm having trouble with the security header of my soap envelope. The client is sending the message to my router correctly, but it removes the security header, so I get an exception ...

+3


source to share


1 answer


Ok ... I solved the second problem.

A router binding must not specify a security tag, or else it processes the envelope. This is my working config



    <?xml version="1.0"?>
<configuration>



    <system.serviceModel>

        <bindings>
            <!-- Must use custom binding: silverlight only support basicHttpBinding that is not
                    SOAP 1.2. So.. I create a custom binding-->
            <customBinding>
                <!-- Security Off version-->
                <binding name="customBindingNotSecure">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10"/>
                    <httpTransport />
                </binding>

                <!-- Security On -->
                <binding name="customBindingSecure">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10">
                        <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
              maxArrayLength="2147483647" maxBytesPerRead="2147483647"
              maxNameTableCharCount="2147483647" />
                    </textMessageEncoding>
                    <httpsTransport maxBufferPoolSize="2000000" maxBufferSize="2000000" maxReceivedMessageSize="2000000" />
                </binding>

                <binding name="platoneBinding">
                    <textMessageEncoding messageVersion="Soap12WSAddressing10" />                   
                    <httpsTransport maxReceivedMessageSize="1000000000" maxBufferPoolSize="1000000000" maxBufferSize="1000000000" />
                </binding>

            </customBinding>


        </bindings>

        <services>

            <service behaviorConfiguration="routingService" name="System.ServiceModel.Routing.RoutingService">
                <endpoint address=""
                  binding="customBinding"
                  name="reqReplyEndpoint"
                  contract="System.ServiceModel.Routing.IRequestReplyRouter"  bindingConfiguration="customBindingSecure"/>

                <endpoint address=""
                  binding="customBinding"
                  name="reqReplyEndpointHttp"
                  contract="System.ServiceModel.Routing.IRequestReplyRouter"
        bindingConfiguration="customBindingNotSecure"/>

            </service>


        </services>
        <behaviors>

            <serviceBehaviors>
                <behavior name="routingService">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                    <routing routeOnHeadersOnly="true" filterTableName="routingTable1" />
                </behavior>

                <behavior name="">
                    <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
                    <serviceDebug includeExceptionDetailInFaults="true" />
                </behavior>
            </serviceBehaviors>
        </behaviors>

        <routing>
            <filters>
                <filter name="MatchAllFilter1" filterType="MatchAll" />
            </filters>
            <filterTables>
                <filterTable name="routingTable1">
                    <add filterName="MatchAllFilter1" endpointName="PlatoneWSService" />
                </filterTable>
            </filterTables>

        </routing>

        <client>
            <!-- https://10.0.2.243:9006/Persistence -->
            <endpoint address="https://10.0.2.243:9006/Persistence"
             binding="customBinding" bindingConfiguration="platoneBinding"
             contract="*" name="PlatoneWSService">

            </endpoint>
        </client>


        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
    </system.serviceModel>
    <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
    </system.webServer>


    <system.net>
        <settings>
            <servicePointManager checkCertificateName="false"  checkCertificateRevocationList="false"/>
        </settings>
    </system.net>
</configuration>

The buffer and message sizes must be "checked" (ie .. I chose a large number to make it work ...)

+4


source






More articles:


All Articles