2

I would like to host a REST-full WCF 4.0 service on an already-created IIS 7.5 website based on ASP.NET v4.0 and secured by forms authentication. So, I tried to configure my WCF stack using mixed mode authentication (aspNetCompatibilityEnabled="false") and configured the service host to use no security at all but So long, all my efforts was completely unsuccessful. When I try to call my service from the browser after a while the connection to the host is closed without a response and my browser raises an error indicating the connection to the target webstie is closed without any response.

However, if I write a dummy code in Application_BeginRequest to authenticate a dummy user in forms authentication module using FormsAuthentication.Authenticate or call the service in an authenticated browser session everything works fine and the service is called successfully.

I tried to find the problem causing this strange behavior using WCF tracing. What I have found from the resulting svclog file is this exception:

Message: Object reference not set to an instance of an object.
StackTrace:
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.get_LogonUserIdentity() System.ServiceModel.Channels.HttpChannelListener.ValidateAuthentication(IHttpAuthenticationContext authenticationContext) System.ServiceModel.Channels.HttpRequestContext.ProcessAuthentication() System.ServiceModel.Channels.HttpChannelListener`1.HttpContextReceived(HttpRequestContext context, Action callback)

Any idea about the problem?

UPDATE: I even set the authentication mode of the website to "None" and authorized anonymous users. Still the same results. Nothing changed. The question is that can I use unauthenticated WCF RESTfull services with aspNetCompatibilityEnabled="false" on an ASP.NET website at all???

To be more specific, What I have tried to do is:

  • Implemented my WCF service in the form of a .svc file
  • Configured WCF in my web.config file as the following (note AspNetCompatibilityEnabled="false"):
<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior>
                <serviceMetadata httpGetEnabled="true"/>
                <serviceDebug includeExceptionDetailInFaults="true"/>
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <serviceHostingEnvironment multipleSiteBindingsEnabled="true" aspNetCompatibilityEnabled="false" />
</system.serviceModel>
  • Created and used my own ServiceHostFactory like this:
    public class MyServiceHostFactory : ServiceHostFactoryBase
    {
        #region Methods

        public override ServiceHostBase CreateServiceHost(string constructorString, Uri[] baseAddresses)
        {
            var type = Type.GetType(constructorString);
            var host = new WebServiceHost(type, baseAddresses);

            var serviceBehavior = host.Description.Behaviors.OfType<ServiceBehaviorAttribute>().Single();
            serviceBehavior.ConcurrencyMode = ConcurrencyMode.Multiple;
            serviceBehavior.MaxItemsInObjectGraph = int.MaxValue;

            var metadataBehavior = host.Description.Behaviors.OfType<ServiceMetadataBehavior>().SingleOrDefault();

            if (metadataBehavior == null)
            {
                metadataBehavior = new ServiceMetadataBehavior();
                host.Description.Behaviors.Add(metadataBehavior);
            }

            var debugBehavior = host.Description.Behaviors.OfType<ServiceDebugBehavior>().SingleOrDefault();

            if (debugBehavior == null)
            {
                debugBehavior = new ServiceDebugBehavior();
                host.Description.Behaviors.Add(debugBehavior);
            }

            metadataBehavior.HttpGetEnabled = true;
            debugBehavior.IncludeExceptionDetailInFaults = true;

            var binding = new WebHttpBinding { MaxBufferPoolSize = int.MaxValue, MaxReceivedMessageSize = int.MaxValue };
            binding.Security.Mode = WebHttpSecurityMode.None;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None;

            WebHttpBehavior webHttpBehavior = new WebHttpBehavior { HelpEnabled = true };

            foreach (var contract in type.GetInterfaces().Where(i => i.GetCustomAttributes(typeof(ServiceContractAttribute), true).Length > 0))
            {
                var endpoint = host.AddServiceEndpoint(contract, binding, "");
                endpoint.Behaviors.Add(webHttpBehavior);
            }

            host.AddServiceEndpoint(typeof(IMetadataExchange), MetadataExchangeBindings.CreateMexHttpBinding(), "mex");

            return host;
        }

        #endregion
    }
CompuBoy
  • 29
  • 3
  • Already have it! check my webHttpBehavior in the enclosed code for my custom ServiceHostFactory. – CompuBoy Oct 24 '12 at 08:07
  • I am sorry. You can definately host the unauthenticated WCF service inside asp.net, so the trouble lies somewhere in your config. I will try to reproduce. – faester Oct 24 '12 at 08:12
  • I have tried creting a asp.net forms based site with a simple http-service contructed using your factory (in the .svc-file markup). I works without any problems although a with allowing authorization is required. – faester Oct 24 '12 at 08:35
  • Strange! Have you set aspNetCompatibilityEnabled="false" in your tag? Note that I also don't have any problem if I set it to true. – CompuBoy Oct 24 '12 at 08:39
  • Both settings works fine for me. Which .NET version are you using? – faester Oct 24 '12 at 08:47
  • .NET v4.0. And still without any success. – CompuBoy Oct 24 '12 at 08:52
  • BTW, I can definitely send you my sample project. – CompuBoy Oct 24 '12 at 08:53
  • Mine is here: https://www.dropbox.com/s/aedohp7kw7m44sg/WcfAuthTest.zip Perhaps you can spot the difference. I would be happy to take a look a your code later, but it wouldn't be this evening or later. Sorry. – faester Oct 24 '12 at 08:56
  • Thank you! Having your implementation is a perfect alternative. I'll update as soon as I compare it with my own and find the problem. – CompuBoy Oct 24 '12 at 09:03
  • Hi again! Checked your implementation. First, it was targeted for .NET Framework v4.5. I changed it to target v4.0. Second, I noticed you were testing it using IIS Express. I changed it to my local IIS instead of IIS Express. And third, in web.config file aspNetCompatibilityEnabled was set to true. As soon as I set it to false the very same issue started to happen with your implementation. – CompuBoy Oct 24 '12 at 09:49
  • Sorry about the setting in the version I sent you. I have ` ` when testing locally. And it works, also in 4.0 (I just changed). But still in IIS express. – faester Oct 24 '12 at 12:29
  • But you are hosting in IIS you say? -- Which authentication modes are installed? And have you tested your own solution in IIS express or the VS Development Server? Your problems could originate from IIS config and I asure you that you can do what you attempt. – faester Oct 24 '12 at 12:31
  • You might be right! I am also suspicious about my IIS configuration but couldn't find any flaw there. I have all the possible authentication modules on my IIS and have both Forms Authentication and Anonymous Authentication modules enabled on this specific website. – CompuBoy Oct 24 '12 at 12:34
  • I will test it with IIS Express and let you know the results. – CompuBoy Oct 24 '12 at 12:34
  • delete your answer if it is resolved yourself or write answer to share your resolution – Denis Agarev Nov 23 '12 at 06:50

0 Answers0