How to connect by MDS excel add-in using HTTPS? - excel

I've switched MDS access from HTTP into HTTPS.
Web interface works ok
Excel add-in generates an error during a connection attempt
The HTTP request was forbidden with client authentication scheme 'Negotiate'.
The remote server returned an error: (403)Forbidden. (System)
What should be done to work with excel using HTTPS?

The Web Application will continue to work after switching to SSL but the Excel add in will not. To resolve this you must edit the web.config of the Master Data Services web application. See below link for full details, I believe you would start at step 10 given context.
https://learn.microsoft.com/en-us/sql/master-data-services/install-windows/secure-a-master-data-manager-web-application?view=sql-server-ver15
In my experience the portion needed to make SSL work is already in the web.config but commented out, you just need to uncomment it out and comment out the section that is for Non SSL. Note there are two different sections.
This is what my bindings section in the web.config looks like after configuring for SSL.
<bindings>
<wsHttpBinding>
<binding name="mdsWsHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<!--Non-SSL implementations.-->
<!-- <security mode="Message"> -->
<!-- <message clientCredentialType="Windows" /> -->
<!-- </security> -->
<!--SSL implementations-->
<security mode="Transport">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
<basicHttpBinding>
<binding name="mdsBasicHttpBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxDepth="2147483647" maxNameTableCharCount="2147483647" maxStringContentLength="2147483647" />
<!-- Non-SSL implementations.-->
<!-- <security mode="TransportCredentialOnly"> -->
<!-- <transport clientCredentialType="Windows" /> -->
<!-- </security> -->
<!-- SSL implementations -->
<security mode="Transport">
<transport clientCredentialType="Windows" />
</security>
</binding>
</basicHttpBinding>
</bindings>

Related

Error with WCF webservice moved to Azure VM

I have an old WCF webservice that's been moved to Azure VM.
I can easily access in Azure:
https://wcf/service.svc,
but when I try to post to:
https://wcf/service.svc/json/DoAction
it comes back with an empty response, when I open this in the browser I get 404 error.
Outside of Azure it all works fine, any ideas what can I do to get it to work? I would like to keep it running in VM as there are other items that were moved and work fine.
Here is the part of the web.config file that relates to "/json/" part:
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service name="Service123" behaviorConfiguration="ChallengeBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="ChallengeMessageEncoding" contract="IService123" behaviorConfiguration="SoapServiceBehavior" />
<endpoint address="/json" binding="webHttpBinding" bindingConfiguration="RestServiceMessageEncoding" contract="IService123" behaviorConfiguration="RestServiceBehavior" />
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="RestServiceBehavior">
<webHttp defaultOutgoingResponseFormat="Json" automaticFormatSelectionEnabled="true" />
</behavior>
<behavior name="SoapServiceBehavior">
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="RestServiceMessageEncoding">
<security mode="None">
</security>
</binding>
</webHttpBinding>
<wsHttpBinding>
<binding name="ChallengeMessageEncoding">
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" />
<message clientCredentialType="None" establishSecurityContext="false" negotiateServiceCredential="false" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
There is no problem the code snippets seem to me. Which version IIS is installed in the Azure VM? Do you have enabled the feature supported for WCF in IIS.
I suspect that the WCF service published on the VM does not work properly. Try to publish a default WCF service application project and browse the self-introduction page.
In addition, for a specific port, you need to enable outbound/inbound permission on the firewall.
VM>>Settings>>Network
Feel free to contact me if there is anything I can help with.
#Abraham, thank you for your answer.
I finally got it working, not sure which part helped but changes I introduced included:
a) Installed additional WCF features (as above) as only 2 were installed
b) Added extra bits to web config (allowing to run URLs with dots in name /Foo.svc/Save )
<handlers>
<remove name="ExtensionlessUrlHandler-Integrated-4.0" />
<remove name="OPTIONSVerbHandler" />
<remove name="TRACEVerbHandler" />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
<clear />
<add name="ExtensionlessUrlHandler-Integrated-4.0" path="/*" verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
</handlers>
c) Another config to support dots:
<modules runAllManagedModulesForAllRequests="true" />
d) Extended endpoints to support HTTPS as the above started working for HTTP:
<service name="PrivateService" behaviorConfiguration="PrivateBehavior">
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="PrivateBehavior" contract="IPrivateService" behaviorConfiguration="SoapBehavior" />
<endpoint address="" binding="wsHttpBinding" bindingConfiguration="PrivateBehaviorSecure" contract="IPrivateService" behaviorConfiguration="SoapBehavior" />
<endpoint address="/json" binding="webHttpBinding" bindingConfiguration="RestSecure" contract="IPrivateServices" behaviorConfiguration="RestBehavior" />
<endpoint address="/json" binding="webHttpBinding" bindingConfiguration="Rest" contract="IPrivateService" behaviorConfiguration="RestBehavior" />
</service>
...
<webHttpBinding>
<binding name="Rest">
<security mode="None">
</security>
</binding>
<binding name="RestSecure">
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" />
</security>
</binding>
</webHttpBinding>

The HTTP request was forbidden with client authentication scheme 'Anonymous'. Error when i call a service

Hi i am calling a asmx web service in my MVC project. Everything working fine on my development environment but after publishing my project i get the error "The HTTP request was forbidden with client authentication scheme 'Anonymous'". I tried a lot of methots on th internet bu they did'nt work. You can see my config down below and many thanks for help.
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="FastApiSoap">
<security mode="Transport">
<transport clientCredentialType=""/>
</security>
</binding>
</basicHttpBinding>
<customBinding>
<binding name="FastApiSoap12">
<textMessageEncoding messageVersion="Soap12" />
<httpTransport />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://fastsms.codec.com.tr/FastApi.asmx"
binding="basicHttpBinding" bindingConfiguration="FastApiSoap"
contract="SmsServices.FastApiSoap" name="FastApiSoap" />
<endpoint address="http://fastsms.codec.com.tr/FastApi.asmx"
binding="customBinding" bindingConfiguration="FastApiSoap12"
contract="SmsServices.FastApiSoap" name="FastApiSoap12" />
</client>
</system.serviceModel>
I found the solition. it was a bug, you can find fix on https://support.microsoft.com/en-us/help/2801679/ssl-tls-communication-problems-after-you-install-kb-931125

MONO WCF Self-Hosted Service Pair getting Connection reset by peer when using net.tcp

I Have 2 WCF-Self-Hosted Aplications done with mono. One is on Windows 8 and the other is on Ubuntu Linux. When i put both applications under Windows8 or Ubuntu, they communicate fine. When i put them apart, one in windows and one in Linux, i get a "System.IO.IOException: Read Failure ---> System.Net.Sockets.SocketException: Connection reset by peer.
I've read every single page i could find about this error with no luck on how to fix it.
i attack bellow the app.config of both apps. They communicate using net.TCP and the svcutil worked fine pulling the metadata.
CLIENT App.config (This one tries to pull data from the other, and when he collects the data, calls a 3rd Not-Implemented Yet service. )
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="NetTcpBinding_IMiServicio" >
<security mode="None"/>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address="net.tcp://192.168.1.101:8090/ProyectoDistribuidoTCP"
binding="netTcpBinding" bindingConfiguration="NetTcpBinding_IMiServicio"
contract="IMiServicio" name="NetTcpBinding_IMiServicio">
<identity>
<userPrincipalName value="ALEXMAINGEAR\Alex" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
SERVER App.config (this one serves the data to the second service)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<services>
<service name="ProyectoDistribuido.MiServicio" behaviorConfiguration="metadataSupport">
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/ProyectoDistribuidoHTTP"/>
<add baseAddress="net.tcp://localhost:8090/ProyectoDistribuidoTCP"/>
</baseAddresses>
</host>
<endpoint binding="basicHttpBinding"
contract="ProyectoDistribuido.IMiServicio"/>
<endpoint binding="netTcpBinding"
contract="ProyectoDistribuido.IMiServicio"/>
<endpoint address= "tcpmex"
binding="mexTcpBinding"
contract="IMetadataExchange"/>
</service>
</services>
<bindings>
<netTcpBinding>
<binding name="netTcpBinding">
<security mode= "None"/>
</binding>
</netTcpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="metadataSupport">
<serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I know this post is rather old, but I recently found myself in a similar situation and there is still very little information on this online.
In my case, the problem was that the net.tcp binding defaults to using Windows Authentication based security.
This is fine when both services are in windows, but when one is hosted in Linux it doesn't have access to this (unless you've configured it) and the connection fails.
The error message definitely leaves something to be desired!
Here's the config I used to disable security (as I don't need it yet) with net.tcp binding.
<system.serviceModel>
<bindings>
<netTcpBinding>
<binding name="bindingConfig">
<security mode="None">
<transport clientCredentialType="None" protectionLevel="EncryptAndSign" />
<message clientCredentialType="None" algorithmSuite="Default" />
</security>
</binding>
</netTcpBinding>
</bindings>
<!-- remainder of system.serviceModel -->
Note: You need to configure your service client to disable security as well. In my case, my client didn't have a .config file so I had to do it in code:
var binding = new NetTcpBinding()
{
MaxBufferSize = int.MaxValue,
ReaderQuotas = System.Xml.XmlDictionaryReaderQuotas.Max,
MaxReceivedMessageSize = int.MaxValue,
Security = new NetTcpSecurity()
{
Message = new MessageSecurityOverTcp()
{
ClientCredentialType = MessageCredentialType.None
},
Transport = new TcpTransportSecurity()
{
ClientCredentialType = TcpClientCredentialType.None
},
Mode = SecurityMode.None
}
};

How to put system.serviceModel into ServiceConfiguration.cscfg (Windows Azure)

I have following code (for Microsoft Translator)
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_LanguageService" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="None">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://api.microsofttranslator.com/V2/soap.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_LanguageService" contract="TranslatorService.LanguageService" name="BasicHttpBinding_LanguageService" />
</client>
</system.serviceModel>
It was in web.config and working well. Now I need to put some translate function to Azure Worker Role, so I got error Could not find default endpoint element that references contract 'TranslatorService.LanguageService' in the ServiceModel client configuration section. This might be because no configuration file was found for your application, or because no endpoint element matching this contract could be found in the client element.
I already found solution is to put above settings to ServiceConfiguration.cscfg, but how? I tried many location but all error and cannot deploy. Please help
The ServiceConfiguration.cscfg can only contain Azure specific configuration (like number of instances, configuration settings, thumbprints, ...).
Whenever you need to do regular .NET configuration (like WCF for example) you can simply create an app.config for your worker role as if you would for a console application and put your configuration in here. Note that the sample configuration in your question isn't complete if you want to add it in the app.config. You should wrap this around it:
<?xml version="1.0"?>
<configuration>
...
</configuration>

WCF hosted in IIS, Problem connecting to database with integrated security

I have a WCF service hosted in IIS 5.1 on my development XP machine. The service cannot connect to sql server DB with integrated security=true. The same service works fine when hosted in a console app. I have unchecked Anonymous access and checked the Integrated Windows Authentication in IIS
These are my setting in Web.Config
<connectionStrings>
<add name="CADISEntities" connectionString="metadata=res://*/UDI.CADISEntities.csdl|res://*/UDI.CADISEntities.ssdl|res://*/UDI.CADISEntities.msl;provider=System.Data.SqlClient;provider connection string="Data Source=DBSQLP404;Initial Catalog=CadisCustom;Integrated Security=True;MultipleActiveResultSets=True"" providerName="System.Data.EntityClient" />
</connectionStrings>
I have tried changing to Integrated security to SSPI and Trusted Connection =Yes, but no luck. Below is the Config settings.
<service behaviorConfiguration="CADISBehaviour" name="GlobalInvestors.FIPA.BLL.UDI.CADISSecurities">
<endpoint binding="basicHttpBinding" bindingConfiguration="CADISBinding"
contract="GlobalInvestors.FIPA.BLL.UDI.ICADISSecurities" />
</service>
<basicHttpBinding>
<binding name="CADISBinding" closeTimeout="01:30:00" openTimeout="01:30:00"
receiveTimeout="01:30:00" sendTimeout="01:30:00" maxBufferSize="65536000"
maxBufferPoolSize="52428800" maxReceivedMessageSize="65536000">
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm" />
</security>
</binding>
</basicHttpBinding>
and in client
<endpoint address="http://ainaost4.amerus.corp.tld/FIPA/BLLHost/CADIS.svc"
behaviorConfiguration="Behavior" binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_ICADISSecurities" contract="CADISEntities.ICADISSecurities"
name="BasicHttpBinding_ICADISSecurities">
<!--<identity>
<userPrincipalName value="AINAOST4\ASPNET" />
</identity>-->
</endpoint>
<binding name="BasicHttpBinding_ICADISSecurities" closeTimeout="01:30:00"
openTimeout="01:30:00" receiveTimeout="01:30:00" sendTimeout="01:30:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="655360000" maxBufferPoolSize="655360000" maxReceivedMessageSize="655360000"
messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportCredentialOnly">
<transport clientCredentialType="Ntlm" proxyCredentialType="Ntlm"
realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
Without setting Impersonation in the code I get "The underlying provider failed on Open" setting Impersonation in the code and I get "Cannot Initialize SSPI"
[OperationBehavior(Impersonation = ImpersonationOption.Required)]
Tried googling and found that Application pool cannot be set in IIS 5.1.
Any suggestion to fix the issue would be greatly appreciated.
fixed the issue by giving fully qualified sql server name in the connection string

Resources