Hi
I have a simple method defined in the following interface:
[
ServiceContract(Namespace = "http://www.tid.es/ACS/Server/")] public interface IAcsService{
[
OperationContract(/*IsOneWay=true*/)] void ConfigurationPostBack(string url, string username, string password, string protocol);}
exposed in the IIS with this simple web.config:
<
system.serviceModel><
services><
service name="Telefonica.Mieres.AcsService.AcsServiceType"><
endpoint contract="Telefonica.Mieres.AcsService.IAcsService" binding="basicHttpBinding"/><
endpoint address="reliable" contract="Telefonica.Mieres.AcsService.IAcsService" binding="wsHttpBinding"/></
service></
services></system.serviceModel>
when I invoke it using this app.config client
<
system.serviceModel><
bindings><
basicHttpBinding><
binding name="BasicHttpBinding_IAcsService" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true"><
readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /><
security mode="None"><
transport clientCredentialType="None" proxyCredentialType="None" realm="" /><
message clientCredentialType="UserName" algorithmSuite="Default" /></
security></
binding></
basicHttpBinding><
wsHttpBinding><
binding name="WSHttpBinding_IAcsService" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"><
readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /><
reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /><
security mode="Message"><
transport clientCredentialType="None" proxyCredentialType="None" realm="" /><
message clientCredentialType="Windows" negotiateServiceCredential="true" establishSecurityContext="true" /></
security></
binding></
wsHttpBinding></
bindings><
client><
endpoint address="http://calamaro3/MieresServer/ACSService.svc" binding="basicHttpBinding" bindingConfiguration="BasicHttpBinding_IAcsService" contract="TestJavi.maqueta0.IAcsService" name="BasicHttpBinding_IAcsService" /><!--
<endpoint address="http://calamaro3/MieresServer/ACSService.svc/reliable"binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IAcsService"
contract="TestJavi.maqueta0.IAcsService" name="WSHttpBinding_IAcsService" />
--></
client></
system.serviceModel>and the following exception is raised:
Excepcion no controlada: System.InvalidOperationException: At least one operatio
n of the contract ('IAcsService','http://www.tid.es/ACS/Server/') requires a pro
tection level of the request message that cannot be satisfied by the binding ('BasicHttpBinding','http://tempuri.org/').
en System.ServiceModel.Dispatcher.SecurityValidationBehavior.ContractProtecti
onRequirementsRule.ValidateBindingProtectionCapability(Binding binding, Contract
Description contract, ProtectionLevel request, ProtectionLevel response)
en System.ServiceModel.Dispatcher.SecurityValidationBehavior.ContractProtecti
onRequirementsRule.ValidateContract(Binding binding, ContractDescription contrac
t, ProtectionLevel defaultProtectionLevel)
en System.ServiceModel.Dispatcher.SecurityValidationBehavior.ValidateNoSecuri
tyBinding(Binding binding, ContractDescription contract)
en System.ServiceModel.Dispatcher.SecurityValidationBehavior.ValidateBinding(
Binding binding, ContractDescription contract, SecurityBindingElement& securityB
indingElement)
en System.ServiceModel.Dispatcher.SecurityValidationBehavior.System.ServiceMo
del.Description.IEndpointBehavior.Validate(ServiceEndpoint serviceEndpoint)
en System.ServiceModel.Description.ServiceEndpoint.Validate()
en System.ServiceModel.Channels.ServiceChannelFactory.BuildChannelFactory(Ser
viceEndpoint serviceEndpoint)
en System.ServiceModel.ChannelFactory.CreateFactory()
en System.ServiceModel.ChannelFactory.OnOpening()
en System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout)
en System.ServiceModel.Channels.CommunicationObject.Open()
en System.ServiceModel.ChannelFactory.EnsureOpened()
en System.ServiceModel.ChannelFactory`1.CreateChannel()
en System.ServiceModel.ClientBase`1.CreateChannel()
en System.ServiceModel.ClientBase`1.get_InnerProxy()
en TestJavi.maqueta0.AcsServiceProxy.TestJavi.maqueta0.IAcsService.Configurat
ionPostBack(ConfigurationPostBackRequest request) en C:\Documents and Settings\j
amaa\Mis documentos\Mis proyectos\Mieres\source\Mieres\TestJavi\Service Referenc
es\maqueta0.cs:linea 133
en TestJavi.maqueta0.AcsServiceProxy.ConfigurationPostBack(String url, String
username, String password, String protocol) en C:\Documents and Settings\jamaa\
Mis documentos\Mis proyectos\Mieres\source\Mieres\TestJavi\Service References\ma
queta0.cs:linea 144
en TestJavi.Class1.Main(String[] args) en C:\Documents and Settings\jamaa\Mis
documentos\Mis proyectos\Mieres\source\Mieres\TestJavi\Class1.cs:linea 50
Presione una tecla para continuar . . .
However if comment out the endpoint client of wshttpbinding the service works fine.
Any clue Thanks
Javier
Invalid Operation Exception in simple method in httpbasicBinding
jonbon
After removing the wsHttpBinding endpoint, you'll have to regenerate the client types using svcutil, otherwise you'll still be using the [MessageContract] types with the protection requirements.
Aaron Skonnard, Pluralsight
Gardner
Hi Javier,
Thanks for sharing your repro program, I think this is bug in our code
//WITH BINDING CONFIGURATION
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "3.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(Namespace="http://Microsoft.ServiceModel.Samples")]
public interface ICalculator
{
[System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.ServiceModel.Samples/ICalculator/Add", ReplyAction="http://Microsoft.ServiceModel.Samples/ICalculator/AddResponse")]
double Add(double n1, double n2);
[System.ServiceModel.OperationContractAttribute(Action="http://Microsoft.ServiceModel.Samples/ICalculator/SendBigData", ReplyAction="http://Microsoft.ServiceModel.Samples/ICalculator/SendBigDataResponse")]
byte[] SendBigData();
}
//WITHOUT BINDING CONFIGURATION
[System.CodeDom.Compiler.GeneratedCodeAttribute("System.ServiceModel", "3.0.0.0")]
[System.ServiceModel.ServiceContractAttribute(Namespace="http://Microsoft.ServiceModel.Samples")]
public interface ICalculator
{
[System.ServiceModel.OperationContractAttribute(ProtectionLevel=System.Net.Security.ProtectionLevel.EncryptAndSign, Action="http://Microsoft.ServiceModel.Samples/ICalculator/Add", ReplyAction="http://Microsoft.ServiceModel.Samples/ICalculator/AddResponse")]
double Add(double n1, double n2);
[System.ServiceModel.OperationContractAttribute(ProtectionLevel=System.Net.Security.ProtectionLevel.EncryptAndSign, Action="http://Microsoft.ServiceModel.Samples/ICalculator/SendBigData", ReplyAction="http://Microsoft.ServiceModel.Samples/ICalculator/SendBigDataResponse")]
byte[] SendBigData();
}
CONCLUSION:
Without binding configuration, they are adding ProtectionLevel=System.Net.Security.ProtectionLevel.EncryptAndSign to the contract, this is ok for wshttp, but not ok for basic http
We used to have bug in this area , I think they fixed this bug for few cases, didn’t fix it for few cases, for me, this is bug, I will check with my test team and I will send you confirmation.
-Thank you
Madhu
Erik van Noorden
you are right Aaron,I am not able to repro this problem with simple Hello world.
If you have complete repro code(both client and service code),please send me repro code to madhup@microsoft.com
alex2323
just looking SDK document,what it the meaning of securitymode="none"
None means,we are not going to sign and encrypt the message.
if possible,can you please let us know,what is your application security requirements
BasicHttpSecurityMode Enumeration:
============================
Khushi2005
Hi
I have could reproduce the possible bug in your example simply modifing the server app.config to elimate the bindingConfiguration attribute, now your endpoints looks:
<
service name="Microsoft.ServiceModel.Samples.CalculatorService" behaviorConfiguration="CalculatorServiceBehavior"><
endpoint address="http://localhost:8081/testsvc" binding="basicHttpBinding" contract="Microsoft.ServiceModel.Samples.ICalculator"/><
endpoint address="http://localhost:8082/testsvc" binding="wsHttpBinding" contract="Microsoft.ServiceModel.Samples.ICalculator"/></
service>Thanks
Javier
JMT23
This is a bug in February CTP release. The problem is that svcutil.exe generates a contract interface with protection level requirements reflecting the strongest protection level offered across all service endpoints associated with this contract in WSDL. For example, when both unsecure BasicHttpBinding and secure WSHttpBinding are associated with a single contract in WSDL, the stronger protection level is that of WSHttpBinding and is equal to EncryptAndSign. Unfortunately, unsecure BasicHttpBinding is incapable of supporting this protection level and therefore a proxy based on the generated contract and utilizing the BasicHttpBinding cannot be used on the client side.
This issue has been fixed in the product after February CTP was released.
The workaround in February CTP release is to modify the contract interface generated by svcutil.exe by removing all occurrances of ProtectionLevel named parameters from OperationContractAttributes. As a result of this change, the effective protection level applied for exchanged messages will be determined by the default protection level of the binding. As such, for the unsecure BasicHttpBinding the exchnge will effectively have ProtectionLevel.None, and for secure WSHttpBinding the exchange will effectively have ProtectionLevel.EncryptAndSign.
jnethercutt
hi
But I have the problem in the basicHttpBinding not in the wsHttpbinding.
The wshttpbindings works fine.
Badmick
I believe this is a bug in the Feb CTP bits related to the way the wsHttpBinding sets message-level protection requirements.
Aaron Skonnard, Pluralsight
c70070540
Hi Javier,
I created simple caluculator sample,and i am able to use basichttp and wshttp binding in this sample,can you please look into this sample
http://blogs.msdn.com/madhuponduru/attachment/577903.ashx
I am using FEB CTP
if possible,can you please send me your repro code to madhup@microsoft.com
-Thank you
Madhu
Tom Niwinski
I know...it happens when you have a wsHttpBinding endpoint configured on the service and then generate code using svcutil.exe. You'll notice the generated [MessageContract] types have a protection level requirement (and these same types are also used in the basicHttpBindnig case). Hence, when you try to invoke the basicHttpBinding endpoint, which doesn't support the message protection requirements, an exception is thrown. I'm pretty sure it's a known "issue" they're working on.
If you comment out the wsHttpBinding endpoint in the service config, all will work again.
Aaron Skonnard, Pluralsight
califman1849
Yes, perfect removing the wshttpbinding endpoint avoids the error.
Only two question:
1)In the interface generated to be used by my client proxy class I can't see the protection level argument established.
2)Is there any workaround to carry on using the ws binding
A million of thanks
Javier
Alexey_Kiev
Yes. You can set the ProtectionLevel property on SCA or OCA to None. What this does, however, is creates a message contract with the values set to none. Therefore, the WSHttpBinding will respect those settings and the client contract will set them to None. If you use a proxy object to communicate with the service, things should be fine. But if you use a channel to do so, you'll find that you must use the underlying message types as parameters, which is sometimes not what you intended.