WsHttpBinding with security mode TransportWithMessageCredential in IIS 7 not working

StackOverflow https://stackoverflow.com/questions/2967881

  •  24-10-2019
  •  | 
  •  

Question

We are currently migrating a WCF service from IIS 6 to IIS 7. The service contains some non-SSL endpoints for internal streaming purposes and some exposed endpoints secured with SSL.

The public, secure endpoints are implemented using wsHttpBinding and security mode="TransportWithMessageCredential". The binding reads as follows:

<wsHttpBinding>
  <binding name="CustomSecurityBinding">
    <security mode="TransportWithMessageCredential">
      <message clientCredentialType="UserName" />
    </security>
  </binding>
</wsHttpBinding>

The credentials are authenticated against a custom user repository for validation.

After deploying the service to IIS 7 (64bit Win2k8), all services (basicHttpBindings) respond correctly, expect for the wsHttpBindings. If triggered using https, we always get a HTTP 400 status code (Bad Request).

After enabling tracing in IIS, we could kinda narrow down the problem, although the message from the trace did not really help:

MODULE_SET_RESPONSE_ERROR_STATUS Warning
ModuleName="ManagedPipelineHandler", Notification="EXECUTE_REQUEST_HANDLER",
HttpStatus="400", HttpReason="Bad Request", HttpSubStatus="0", ErrorCode="Der
Vorgang wurde erfolgreich beendet. (0x0)", ConfigExceptionInfo=""

Steps done so far:

  • re-installed WCF extensions in IIS 7 (ServiceModelReg.exe -r -y)
  • enabled https protocol for host, added self-signed certificate to host
  • played around with dns/identity setting in wcf configuration
  • added a base address to wcf service config

After 2 hours of googling and trying to make this work, i ask you as a last resort of hope: Does anybody know this strange behaviour of IIS 7?

Was it helpful?

Solution

Have you verified that the SSL binding is configured in applicationHost.config (%windir%\system32\inetsrv\config\schema\IIS_Schema.xml) and that the HTTP.sys store contains a valid certificate has and store name for the binding? Secondly, the true error could be masked by the 400 error, have you tried altering your wsHttpBinding in configuration to increase the maxBufferPoolSize and maxReceivedMessageSize to some extremely high values and see if this continues?

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top