4
I have a WCF service that consumes a web service (developed in Java) where I need to connect with HTTPS using a certificate. So far everything works well, however, in production environment my client uses a proxy and I’m not able to establish a SSL connection through proxy.
My development environment web.config Binding (that works) looks like this:
<system.serviceModel>
<bindings>
<customBinding>
<binding name="DOCeManagerServiceSoap12Binding">
<textMessageEncoding messageVersion="Soap12"/>
<httpsTransport />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="https://example.com.br:443/DFeWeb/services/DOCeManagerService.DOCeManagerServiceHttpsSoap12Endpoint/"
behaviorConfiguration="TestServiceBehavior" binding="customBinding"
bindingConfiguration="DOCeManagerServiceSoap12Binding" contract="DOCeManagerService.DOCeManagerServicePortType"
name="DOCeManagerServiceHttpsSoap12Endpoint">
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="TestServiceBehavior">
<clientCredentials>
<clientCertificate findValue="01FE53"
storeName="TrustedPublisher"
storeLocation="LocalMachine"
x509FindType="FindBySerialNumber"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior>
<!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="true" />
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
In the production environment I tried to modify only this point:
<httpsTransport bypassProxyOnLocal="true" proxyAddress="http://proxy.example.corp:8080" useDefaultWebProxy="false" >
I get the following error:
Could not Establish trust Relationship for the SSL/TLS Secure Channel with Authority 'Subdominio.example.com.br'. The underlying Connection was closed: Could not Establish trust Relationship for the SSL/TLS Secure Channel. The remote Certificate is invalid According to the validation Procedure."
I have tried numerous settings but none of them solved my problem.
Update 1: I was thinking that the problem was related to the fact that I am making an SSL connection through a proxy that does not support SSL, however, if I port my code to a console and inform the proxy I can make the connection and consume the method. This way, I did not understand how I managed to connect with SSL through an http proxy by Appconsole and WCF not. Any idea?
Update 2: On recommendation of colleagues I tried to run the service on IIS with my own user (the same who got SSL connection through Appconsole), but I do not know if I did it right or if something is missing, the service is unavailable (Service Unavailable). If anyone has already done this and can assist me would be of good use to eliminate the possibility.
Update 3: I’ve updated the error message I get when I try to connect by adding Innerexception. When you say "The remote Certificate is invalid According to the validation Procedure." refers to the server I am consuming the service?
Have you tried changing the endpoint to the production address? From the error message, I assume you forgot to change the example.com.
– Cleiton
Thanks for the return Cleiton, but I’m already using the production address, just changed to post here. In place of example.com are the appropriate domains for the proxy and the external service. Abç
– Eric
Eric had a similar problem (no SSL). It gave proxy error for the hosted application on
IIS
and worked well on a desktop. In this case the problem was the user ofAppPool
which application I used. It was a user with different access to mine and therefore behaved differently from when I ran the desktop app. You are allowed to place your user directly in Apppool and select to upload the user profile to test?– Vitor Canova
Vitor thanks for the reply! If I understand correctly, I need to change the identity that my Apppool wheel, right? If so, I went up to properties of my Apppool, on the flap Identity chose the option Configurable and put the user I got with the console app. I tested with two different users (one from the domain and another location) but in none of the cases the service worked, I get the message Service Unavailable.I also tried to change between options Predefined, Local Service obtained the same message and with the option Local System the service runs but continuous without SSL connection
– Eric
@Vitorcanova I’m sorry I said wrong, when I put Local Service the service runs yes (IIS had to be restarted) but I will receive the message There was an error in serializing body of message synDOCeDownloadXmlRequest: 'Unable to generate a Temporary class (result=1). error CS2001: Source file 'C: WINDOWS TEMP qwg3osjc.0.Cs' could not be found error CS2008: No inputs specified '. Please see Innerexception for more Details. The problem still persists.
– Eric
Just to confirm, in the latter case there are no
InnerExceptions
?– Vitor Canova
In this case Innerexception is part of the Exception itself Unable to generate a Temporary class (result=1). CS2001 error: Source file 'C: WINDOWS TEMP qwg3osjc.0.Cs' could not be found error CS2008: No inputs specified . The strange thing is that I can’t run the service when I inform my own user.
– Eric