4

My apologize for long post... We have a WCF service written in .Net 4.0 used internally within the organization. Recently there was a requirement to make this service available outside the organization network. So the network guys used reverse proxy to make this service available outside the organization. Here is the picture how it is set up.

enter image description here

As you can see in the picture..the service http://mywebservice.com/readd.svc is hosted on WIndows 2008 R2 which has a internal IP address as XXX.YYY.ZZZ.RRR. The service is hosted on port 80.

what is the problem ?.

Internally I can access the service as http://mywebservice.com/readd.svc using WCFTestClient and browser. But outside the organization if I type http://mywebservice.com/readd.svc I get "404 file not find error" and in WCFTestCleint I get error as "Error: Cannot obtain Metadata from http://mywebservice.com/readd.svc .........".

However if I type in the service as in browser I get the screen which shows soap link as shown below. Please ignore the LookUpService.svc name mismatch. enter image description here

As you can see in above figure ...address bar is https , but the soap link is http . If I click the http link http://.... ?wsdl , I get not found error. This is since Reverse proxy only allows connection as https .

If I use WCFTextClient and add servicie as https://mywebsite.com/readd.svc I get error as below.

"Error: Cannot obtain Metadata from https://mywebsite.com/readd.svc If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://go.microsoft.com/fwlink/?LinkId=65455.WS-Metadata Exchange Error URI: http://mywebsite.com/readd.svc Metadata contains a reference that cannot be resolved: 'https://mywebsite.com/readd.svc'. Content Type application/soap+xml; charset=utf-8 was not supported by service https://mywebsite.com/readd.svc.
The client and service bindings may be mismatched.
The remote server returned an error: (415) OK.HTTP GET Error
URI: https://mywebsite.com/readd.svc
The document at the url http://mywebsite.com/readd.svc was not recognized as a known document type.The error message from each known type may help you fix the problem:- Report from 'XML Schema' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.- Report from 'http://mywebsite.com/readd.svc' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'.- Report from 'DISCO Document' is 'There was an error downloading 'http://mywebsite.com/readd.svc?disco'.'. - The request failed with HTTP status 404: Not Found.- Report from 'WSDL Document' is 'The document format is not recognized (the content type is 'text/html; charset=UTF-8').'. "

I was informed by network guys to make service available as https. Here is my web.config file

<behaviors>

  <serviceBehaviors>

    <behavior name="ServiceLookup.LookupServiceBehavior">
          <serviceMetadata httpGetEnabled="true" httpGetUrl=""/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
    </behavior>

  </serviceBehaviors>

</behaviors>

 <services>
    <service behaviorConfiguration="ServiceLookup.LookupServiceBehavior" name="SmallApp.ServiceLookUp.LookUpService">

       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="BSBindingConfig" name="SmallApplianceBSEndPoint"
          contract="SmallApp.ServiceLookUp.ILookupService" />


       <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
    </service>
 </services>
<!-- Remove this during deployment-->
<!--<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>-->

Can you suggest how I can resole this issue ..so that users outside organization can access the api with WCFTestCleint as http/https .

Updated web.config file 

    </binding>
    </basicHttpBinding>
</bindings>

<behaviors>

  <serviceBehaviors>

    <behavior name="ServiceLookup.LookupServiceBehavior">
          <serviceMetadata httpGetEnabled="true" httpGetUrl="" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
    </behavior>

  </serviceBehaviors>

</behaviors>

 <services>
    <service behaviorConfiguration="ServiceLookup.LookupServiceBehavior" name="SmallApp.ServiceLookUp.LookUpService">

       <endpoint address="" binding="basicHttpBinding" bindingConfiguration="BSBindingConfig" name="SmallApplianceBSEndPoint"
          contract="SmallApp.ServiceLookUp.ILookupService" />

       <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
       <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
    </service>
 </services>
<!-- Remove this during deployment-->
<serviceHostingEnvironment multipleSiteBindingsEnabled="true"/>

I am still gettign error accessing as http or https outside organization network

bp581
  • 859
  • 1
  • 16
  • 47
  • anybody who can help me ? – bp581 May 02 '14 at 20:30
  • I hate to say it, but what you're experiencing sounds about right. Is your WCF server set up to translate the SSL, or is the translation offloaded onto the RP server? If the RP is translating the SSL into clear text and forwarding the message, then your WCF server should be set up for normal http traffic. But you can set up your mex configuration for both http and https messages. – Brian May 05 '14 at 13:31
  • Brain..my knowledge on SSL is poor..could you please elaborate on how to find out WCF server set up to translate the SSL or is the translation offloaded onto the RP server? – bp581 May 05 '14 at 13:47
  • bp, you'd see it in the config file. You'd see "transport" in the security mode ... looks to me from your config that you're WCF site is set up to receive normal (non-ssl traffic) since httpGetEnabled=True instead of httpsGetEnabled=True. What I'd do is set up Fiddler on your server and capture the inbound messages to see if you're messages are getting through properly. – Brian May 06 '14 at 06:38
  • Brain..I updated my post with new web.config file. Still no luck...can you suggest ? – bp581 May 06 '14 at 12:39
  • I don't see anything wrong with your config. Did you try fiddler? Do you know that messages are getting through to your servers? Other than suggesting that you debug whether your messages are getting through, and perhaps setting up some message-level logging (see the many examples available), I'm not sure what to suggest to you. – Brian May 06 '14 at 13:58

1 Answers1

0

The WSDL is typically generated on the fly based on your models metadata, attributes, and host location. So if the wsdl is then proxied to another environment, it's going to have issues.

One escape hatch in servicemetadata is to specify a externalMetadataLocation:

A Uri that contains the location of a WSDL file, which is returned to the user in response to WSDL and MEX requests instead of the auto-generated WSDL.

Add externalMetadataLocation like this below:

<system.serviceModel>
  <behaviors>
    <serviceBehaviors>
      <behavior>
        <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" 
             externalMetadataLocation="https://example.com/SOAP/Service1.wsdl" />
      </behavior>
    </serviceBehaviors>
  </behaviors>
</system.serviceModel>

You can then pre-generate your WSDL ahead of time, tweak at will, and upload the modified file to serve as the contract.

Further Reading

KyleMit
  • 30,350
  • 66
  • 462
  • 664