question

MuhammadUsmanKhalil-9103 avatar image
0 Votes"
MuhammadUsmanKhalil-9103 asked JiayaoWuMSFT-8028 commented

Hosted WCF on azure app service not responding to client app service

Hallo,

I am facing the strange problem of WCF service hosted as an app service over Azure. Somehow this client app service is not able to communicate with the Azure App service.

I already deployed the test ( sample ) app service and test sample client app service and they are communicating perfectly.

Following is the exception

 " Problem during mgmt frontend component registration! 2021/09/12 08:59:08.111 [ERROR] System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://ahponeserver.azurewebsites.net/AHPFrontendService.svc/FES3. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host"


Following is the Web.config of the WCF Server.

  <?xml version="1.0"?>
 <configuration>
   <appSettings>
     <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
     <add key="CryptoKey" value="9878237hsde8zh3299h43h" />
     <add key="AppTitle" value="Service in DEV" />
     <add key="ahpDefaultISOCode" value="EN" />
     <add key="ahpExposeTestController" value="true"/>
     <!--Database Settings-->
     <add key="databaseServer" value="APDV0710" />
     <add key="database" value="AHPOneConfig" />
     <add key="databaseUser" value="AHPOneConfigD13" />
     <add key="databaseUserPassword" value="qx5ZB2xVfEf5gnDtIdzRGAxcpA9g6fNvNdv63gxR2Bo=" />
     <add key="AllowActivation" value="uzuftuGUH3H6bvn41IB7x1Xo/v72atlXdE543qcSRlI=" />
   </appSettings>
     
     
   <system.web>
     <compilation debug="true" targetFramework="4.7.2" />
     <httpRuntime targetFramework="4.7.2" />
   </system.web>
    
   <system.serviceModel>
     <diagnostics>
       <messageLogging logMalformedMessages="true" logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
     </diagnostics>
     <bindings>
       <basicHttpBinding>
         <binding name="BasicHttpBindingWindows">
           <security mode="TransportCredentialOnly">
             <transport clientCredentialType="Windows" />
           </security>
         </binding>
       </basicHttpBinding>
    
           <wsHttpBinding>
             <binding name="wsHttpBindingUsername">
               <reliableSession enabled="true" inactivityTimeout="00:30:00" />
               <security mode="Message">
                 <message clientCredentialType="UserName" />
               </security>
             </binding>
    
             <binding name="wsHttpBindingWindows">
               <security mode="Transport">
                 <transport clientCredentialType="None"></transport>
                 <!--message clientCredentialType="Windows" establishSecurityContext="false" negotiateServiceCredential="false" /-->
               </security>
             </binding>
    
             <binding name="wsHttpEndpointBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
               <security mode="TransportWithMessageCredential">
                 <transport clientCredentialType="None" />
                 <message clientCredentialType="UserName" />
               </security>
             </binding>
    
             <!-- old -->
             <!--<binding name="wsHttpBindingWindows">
               <security mode="Transport">
                 <transport clientCredentialType="Windows"/>
               </security>
             </binding>-->
           </wsHttpBinding>
    
       <!-- Start new entry for external interface -->
       <webHttpBinding>
         <binding>
           <security mode="Transport" />
         </binding>
       </webHttpBinding>
       <!-- End new entry for external interface -->
    
     </bindings>   
        
     <behaviors>
    
       <!-- Start new entry for external interface  -->
       <endpointBehaviors>
         <behavior name="restfulBehavior">
           <webHttp />
         </behavior>
       </endpointBehaviors>
       <!-- End new entry for external interface -->
    
       <serviceBehaviors>
         <!-- Start new entry for external interface -->
         <behavior name="restfullServiceBehavior">
           <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
           <serviceDebug includeExceptionDetailInFaults="false" />
         </behavior>
         <!-- End new entry for external interface -->
    
         <!-- Custom Authentication Windows -->
         <behavior name="windowsValidation2">
           <serviceThrottling maxConcurrentCalls="300" maxConcurrentSessions="2000" maxConcurrentInstances="2000" />
           <serviceMetadata httpGetEnabled="True" httpsGetEnabled="true" />
           <serviceDebug includeExceptionDetailInFaults="true" />
         </behavior>
    
         <!-- Custom Authentication UsernamePassword -->
         <behavior name="CustomUsernameValidation2">
           <serviceThrottling maxConcurrentCalls="300" maxConcurrentSessions="2000" maxConcurrentInstances="2000" />
           <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
           <serviceDebug includeExceptionDetailInFaults="true" />
           <serviceCredentials>
             <!--Specify the Custom Authentication policy that will be used and add the policy location-->
             <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ahpFrontendWCFService.ServiceImplementation.UserAuthentication,ahpFrontendWCFService" />
           </serviceCredentials>
         </behavior>
    
         <behavior>
           <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
           <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
           <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
           <serviceDebug includeExceptionDetailInFaults="true" />
         </behavior>
       </serviceBehaviors>
     </behaviors>
    
     <services>
          
        <service name="ahpFrontendWCFService.AHPFrontendServiceWindows" 
                behaviorConfiguration="windowsValidation2">
         <endpoint name="FES2"
                   address="FES2"
                   binding="wsHttpBinding"
                   contract="ahpFrontendWCFService.IAHPFrontendServiceV1"
                   bindingConfiguration="wsHttpBindingWindows"/>
       </service>
    
       <service name="ahpFrontendWCFService.AHPFrontendService"
                behaviorConfiguration="CustomUsernameValidation2">
         <endpoint name="FES3"
                   address="FES3"
                   binding="wsHttpBinding"
                   bindingConfiguration="wsHttpEndpointBinding"
                   contract="ahpFrontendWCFService.IAHPFrontendServiceV1"/>
       </service>
    
        <!--Start new entry for reporting interface--> 
      <service name="ahpFrontendWCFService.AHPReportingService" 
                behaviorConfiguration="CustomUsernameValidation2">
         <endpoint name="FES3"
                   address="FES3"
                   binding="wsHttpBinding"
                   contract="ahpFrontendWCFService.IAHPReportingService"
                   bindingConfiguration="wsHttpEndpointBinding" />
       </service>
        <!--End new entry for reporting interface 
    
        Start new entry for external interface--> 
       <service name="ahpFrontendWCFService.AHPExternalService"
                behaviorConfiguration="restfullServiceBehavior">
         <endpoint binding="webHttpBinding"
                   contract="ahpFrontendWCFService.IAHPExternalService"
                   behaviorConfiguration="restfulBehavior"/>
       </service>
        <!--End new entry for external interface 
    
        Start new entry for external interface--> 
       <service name="ahpFrontendWCFService.AHPSetupService"
                behaviorConfiguration="restfullServiceBehavior">
         <endpoint binding="webHttpBinding"
                   contract="ahpFrontendWCFService.IAHPSetupService"
                   behaviorConfiguration="restfulBehavior"/>
       </service>
       <!-- End new entry for external interface -->
    
    
     </services>
    
      
     <protocolMapping>
       <add binding="basicHttpsBinding" scheme="https" />
     </protocolMapping>
    
     <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
   </system.serviceModel>
   <system.webServer>
     <modules runAllManagedModulesForAllRequests="true" />
     <!--
         To browse web app root directory during debugging, set the value below to true.
         Set to false before deployment to avoid disclosing web app folder information.
       -->
     <directoryBrowse enabled="true" />
   </system.webServer>
    
   <location path="AHPOne/Proxy">
     <system.webServer>
       <handlers>
         <remove name="ExtensionlessUrlHandler-Integrated-4.0" />
         <remove name="OPTIONSVerbHandler" />
         <add name="ExtensionlessUrlHandler-Integrated-4.0" path="*." verb="*" type="System.Web.Handlers.TransferRequestHandler" preCondition="integratedMode,runtimeVersionv4.0" />
       </handlers>
       <httpProtocol>
         <customHeaders>
           <!-- <add name="Access-Control-Allow-Origin" value="*" />  this header is added through api controller class -->
           <add name="Access-Control-Allow-Headers" value="Authorization" />
           <add name="Access-Control-Allow-Credentials" value="true" />
         </customHeaders>
       </httpProtocol>
     </system.webServer>
   </location>
    
   <runtime>
     <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
       <dependentAssembly>
         <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
         <bindingRedirect oldVersion="0.0.0.0-12.0.0.0" newVersion="12.0.0.0" />
       </dependentAssembly>
     </assemblyBinding>
   </runtime>
 </configuration>


Following is the web.config for the client app service ( Only pasting relavent part from that web.config )


<system.serviceModel>
<!-- username binding-->
<bindings>
<wsHttpBinding>
<binding name="FES3" maxBufferPoolSize="500000000" maxReceivedMessageSize="500000000" sendTimeout="00:20:00">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None"/>
<message clientCredentialType="UserName"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://ahponeserver.azurewebsites.net/AHPFrontendService.svc/FES3" binding="wsHttpBinding" bindingConfiguration="FES3"
contract="Ahp.Frontend.Shared.WCFProxyClasses.ahpFrontendService" name="FES3"/>
</client>
</system.serviceModel>

I don't know how to figure out what's the issue. What could be the way to get rid of this problem?

Are some certificates needed to set up? is there any issue in configuration?

Would be ahppy to have some ideas.

dotnet-csharpwindows-wcf
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JiayaoWuMSFT-8028 avatar image
0 Votes"
JiayaoWuMSFT-8028 answered JiayaoWuMSFT-8028 commented

Hi @MuhammadUsmanKhalil-9103 ,
If your server has been updated to use TLS V1.2 and use standard SSL connections, maybe you can try updating it using the following code:

 if (System.Net.ServicePointManager.SecurityProtocol == (SecurityProtocolType.Ssl3 | SecurityProtocolType.Tls))
     System.Net.ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12;

Sincerely,
Jiayao


If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Where do I need to put this code snippet? and where I can check TLS V1.2 and SSL connections? –

0 Votes 0 ·
JiayaoWuMSFT-8028 avatar image JiayaoWuMSFT-8028 MuhammadUsmanKhalil-9103 ·

Hi @MuhammadUsmanKhalil-9103 ,

  1. You can put the code in the initialization of your app, before any code that initiates an outbound SSL/TLS connection.

  2. Disable the SSL. In Windows Server 2003 to 2012 R2 the protocols are controlled by flags at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols. To disable SSLv3, create a subkey at the above location named 'SSL 3.0' and, under that, a subkey named 'Server' and, under there, a DWORD value named 'Enabled', set at 0. You should also disable SSL 2.0 in the same way.


0 Votes 0 ·

"You can put the code in the initialization of your app, before any code that initiates an outbound SSL/TLS connection."

II think I need to mark my WCF service to expose off as TLS V1.2 based. So I need to put within WCF service itself. But I can only see the "WCFService.svc" file or Web. config file and an interface IWCFService and that's the whole implementation of WCF itself.

So within WCFService.svc constructor? I don't think so at this point.


Disable the SSL. In Windows Server 2003 to 2012 R2 the protocols are controlled by flags at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\Schannel\Protocols. To disable SSLv3, create a subkey at the above location named 'SSL 3.0' and, under that, a subkey named 'Server' and, under there, a DWORD value named 'Enabled', set at 0. You should also disable SSL 2.0 in the same way.

Both of the apps ( WCF and WCF Client ) both are running on azure as app service. So nothing hosted on-prem or on windows.




0 Votes 0 ·
Show more comments