tag:support.appharbor.com,2010-11-23:/discussions/problems/829-transportwithmessagecredential-https-sslAppHarbor: Discussion 2012-04-15T22:10:04Ztag:support.appharbor.com,2010-11-23:Comment/86812672011-07-18T13:12:09Z2011-07-18T13:12:09Ztransportwithmessagecredential https / ssl<div><p>It Seems that when using any kind of Transport Security gievs
the error.</p>
<p>Anybody have got Transport security working with appharbor? Or
am i missing something.</p>
<p>Could be nice with a working example (web.config), anybody?</p></div>CATtag:support.appharbor.com,2010-11-23:Comment/86812672011-07-18T13:32:37Z2011-07-18T13:32:37Ztransportwithmessagecredential https / ssl<div><p>If what I am trying to archieve is not possbile, could you
supply me with the best practices for having a WCF service using
ssl and username password validation?</p></div>CATtag:support.appharbor.com,2010-11-23:Comment/86812672011-07-18T16:01:28Z2011-07-18T16:01:28Ztransportwithmessagecredential https / ssl<div><p>Perhaps <a href=
"http://msdn.microsoft.com/en-us/library/aa702565.aspx">this
article</a> could be helpful?</p></div>runetag:support.appharbor.com,2010-11-23:Comment/86812672011-07-19T07:09:22Z2011-07-19T07:09:22Ztransportwithmessagecredential https / ssl<div><p>Hi Rune</p>
<p>Well i think I tried all the different combninations of using
Mesasge, Transport and transportwithmessagecredential security.
Above i explained situation of the later and the transport doesnt
fullfill my objective. Using just the Message security could be a
solution but i requires a certificate to be specified in the
web.config. I tried that, and it is working on my localmachine, as
i know the certificate store and location.</p>
<p>If you could supply me with the information of where the
certificate i created in AppHarbor for my wcf service, i think
message security will be sufficient. The only problem i can see is
that the service will still be available using http, which will
bypass the overridden Validate() method, and no authentication will
be done. I am not sure of this as i have been unable to test it in
the AppHarbor environment.</p>
<p>I really need a solution for this either using message or
transportwithmessagecredential. Am I the only one with this issue.
I mean how do other people secure their wcf services in
AppHarbor?</p></div>CATtag:support.appharbor.com,2010-11-23:Comment/86812672011-07-19T12:09:39Z2011-07-19T12:09:39Ztransportwithmessagecredential https / ssl<div><p>I'm not sure what information about the certificate you're
requesting (seems like the sentence wasn't completed :-))?</p>
<p>However I think the article you referred to yourself describes
the same setup as the one we have (SSL offloaded by a load
balancer). You could always restrict regular http-traffic in your
application, for instance by redirecting to https. You can use the
"HTTP_X_FORWARDED_PROTO" header to determine whether the request
was sent over HTTP or HTTPS (it will be equal to either "https" or
"http". You can retrieve the value of this header with
<code>Request.ServerVariables("HTTP_X_FORWARDED_PROTO")</code></p>
<p>Now I'm not an expert in WCF, but in ASP.NET MVC I would enforce
the use of HTTPS by using a custom RequireHttpsAttribute as
described in <a href=
"http://support.appharbor.com/discussions/problems/401-requirehttps-attribute-doesnt-work-in-aspnet-mvc3-on-appharbor">
this article</a>.</p>
<p>I'm leaving the discussion open in case someone else wants to
chip in.</p>
<p>Best,<br>
Rune</p></div>runetag:support.appharbor.com,2010-11-23:Comment/86812672011-07-19T13:04:26Z2011-07-19T13:04:26Ztransportwithmessagecredential https / ssl<div><p>Hi Rune</p>
<p>I will try to further explain the problems i am having with WCF
security.<br>
Basically i have to options for using Username / Password
authentication.<br>
Message Security and transportwithmessagecredential.</p>
<p>Message Security almost works on appharbor, though the problem
is with the certificate as described before. I get the following
error:<br>
"Cannot find the X.509 certificate using the following search
criteria: StoreName 'My', StoreLocation 'LocalMachine', FindType
'FindBySubjectName', FindValue 'xxxxxx'."</p>
<p>The reason for the error message is that microsoft doesnt allow
passing username and password in clear text, and there enforces the
use of a certificate. Basically unless i can specify where the
certificate is located i cannot use the simple Message security. If
i can get this to work, then i can use the method your describe to
force ssl.</p>
<p>Second, using the transportwithmessagecredential gives the
following error:<br>
"Could not find a base address that matches scheme https for the
endpoint with binding WSHttpBinding. Registered base address
schemes are [http]." The reason is explained in the first post.</p>
<p>Hope it makes more sense now.</p>
<p>I am curious about if i am the only one with this issue, and how
your other users have come around this.</p>
<p>Michael</p></div>CATtag:support.appharbor.com,2010-11-23:Comment/86812672011-07-19T22:23:54Z2011-07-19T22:23:54Ztransportwithmessagecredential https / ssl<div><p>Note that we don't install the certificate you specify for you
application on the servers that host your service (it's only placed
on the load balancer because the certificate is only used for SSL
in most scenarios).</p>
<p>For WCF to use the certificate for Message Security, you will
likely need to push the certificate along with your code and read
it from the filesystem. I haven't actually tried to do this, but it
seems possible [<a href=
"http://www.codeproject.com/KB/WCF/wcfcertificates.aspx">1</a>].</p></div>friismtag:support.appharbor.com,2010-11-23:Comment/86812672011-08-02T15:07:37Z2011-08-02T15:07:37Ztransportwithmessagecredential https / ssl<div><p>I went away from using message and transport security. I have
now overriden some of the .NET security classes and handles the
username password login in the soap header.</p>
<p>Thank you for trying to solve the issue.</p>
<p>You can close the case.</p></div>CATtag:support.appharbor.com,2010-11-23:Comment/86812672011-08-02T20:12:42Z2011-08-02T20:12:42Ztransportwithmessagecredential https / ssl<div><p>Cool. If you have time, we'd love to have a blog post on this
topic, either as a guest post on the AppHarbor blog.</p>
<p>Let us know if this is something you could do.<br>
Regards<br>
Michael</p></div>friismtag:support.appharbor.com,2010-11-23:Comment/86812672011-08-03T08:45:11Z2011-08-03T08:45:11Ztransportwithmessagecredential https / ssl<div><p>Hi Michael</p>
<p>At moment i dont have the time. We are really busy getting our
company started.</p>
<p>Furthermore there is not too much magic to it. Basically i
overrided the .NET messageinspector, and created a custom
endpointbehavior including a custom endpoint configurationelement.
There is many ressources on the web regarding this.</p>
<p>You can close this issue.</p></div>CATtag:support.appharbor.com,2010-11-23:Comment/86812672011-08-03T13:46:56Z2011-08-03T13:46:56Ztransportwithmessagecredential https / ssl<div><p>OK, thanks.</p>
<p>Michael</p></div>friism