Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WCF sessions with a wsHttpBinding and without windows security

Tags:

.net

wcf

wcf-binding

wcf-security

wcf-sessions

I need to create a WCF service that is hosted in IIS, uses http transport and hold state in the server’s memory. While I’m aware that stateful services aren't a good idea, this last constrain is necessary to make the service work with a legacy client.

My first thought was to asp.net’s session to store the values. I activated the asp.net compatibility mode in my service, which gave me access to the HttpContext, but values that were placed in the session object were not being persisted in memory. I assume this was because the http module that handles session state was not correctly configured, but when googling for answer I came across, WCF sessions and thought it might be a better idea to use them.

However, WCF sessions seem what under-document and place a strange set of prerequises on a service, and I haven’t been able to find a configuration that suits my needs: must be hosted in IIS, must use http or https transport and can’t reply on windows authentication because the client and server will not be part of the same domain. I’m trying to get this going using the wsHttpBinding, I had heard WCF sessions required either security or reliable message, but: - Using the standard binding and when the servers are not part of the same domain it fails with a “SecurityNegotiationException The caller was not authenticated by the service” exception. This is fairly logical as it was using windows security.

  • If I disable security complete it fails with a “Contract requires Session, but Binding 'WSHttpBinding' doesn't support it or isn't configured properly to support it.”

  • If while keeping security disabled I enable reliable message I get the exception “Binding validation failed because the WSHttpBinding does not support reliable sessions over transport security (HTTPS). The channel factory or service host could not be opened. Use message security for secure reliable messaging over HTTP.”

  • I’ve tried enabling transport level security but this doesn’t seem to make any difference to the error generated

Is there any configuration that might work for me? Or should I just go back to the plan of using asp.net sessions?

like image 992
Robert Avatar asked Jan 22 '11 09:01

Robert

People also ask

What is the default security mode for WsHttpBinding in WCF?

Windows Communication Foundation (WCF) security has three common security modes that are found on most predefined bindings: transport, message, and "transport with message credential." Two additional modes are specific to two bindings: the "transport-credential only" mode found on the BasicHttpBinding, and the "Both" ...

What is WsHttpBinding in WCF?

The wsHttp sample demonstrates how to implement a typical service and a typical client using Windows Communication Foundation (WCF). This sample consists of a client console program (client.exe) and a service library hosted by Internet Information Services (IIS).

Can we use session in WCF service C#?

WCF manage session by creating the instance of the service class. These created instance(s) handle the incoming service request. In WCF, session is the way of managing the services instance(s) so that server can used these instances in an optimized way.

What is session in WCF?

WCF sessions have the following main conceptual features: They are explicitly initiated and terminated by the calling application (the WCF client). Messages delivered during a session are processed in the order in which they are received. Sessions correlate a group of messages into a conversation.

1 Answers

You can have WCF hold session information in memory in a pretty simple way. To eliminate any possible external influences in my instructions, I'll assume you're starting with a brand new project:

  1. Create a new WCF Service Library project. This project will already contain a service with a WSHttpBiding binding preconfigured.

  2. Go to the service contract (IService1.cs) and change the ServiceContract attribute to the following: 

    [ServiceContract(SessionMode = SessionMode.Required)]

  3. Go to the service implimentation (Service1.cs) and add the following ServiceBehavior attribute to the service class (Service1):

    [ServiceBehavior(InstanceContextMode = InstanceContextMode.PerSession, ConcurrencyMode = ConcurrencyMode.Single)]

  4. Add session data as members of the service class (Service1):

    public class Service1 : IService1
{
    ...

    private string UserFullName { get; set; }

    ...
}

  5. Use the members to present session specific data (remember to also add them to the service contract, IService1):

    public class Service1 : IService1
{
    ...

    public string Welcome(string fullName)
    {
        UserFullName = fullName ?? "Guest";
        return string.Format("Welcome back, {0}!", UserFullName);
    }

    public string Goodbye()
    {
        return string.Format("Come back soon, {0}!", UserFullName ?? "Guest");
    }

    ...
}

SessionMode.Required ensures that your clients are session-tracked.
InstanceContextMode.PerSession ensures that an instance of your service class (Service1) is created for every session, so that you can retain session data in it and it will exist in memory across multiple calls in the same session.
ConcurrencyMode.Single ensures that only one thread can enter each service class instance (Service1), and prevents possible concurrency issues if you only access data from the service class (and external thread-safe locations).

EDIT: By default, WSHttpBinding only allows security sessions. But it also support reliable sessions, which allow establishing sessions without security enabled. The following binding configuration disables security and enables reliable sessions:

<wsHttpBinding>
    <binding name="wsHttpBindingConfiguration">
        <security mode="None" />
        <reliableSession enabled="true" />
    </binding>
</wsHttpBinding>
like image 54
Allon Guralnek Avatar answered Nov 01 '22 23:11

Allon Guralnek
Sign in to Comment

Related questions

Decoupling ASP.NET Identity from the Core Domain Models - Onion Architecture
Get the Parent node of a Child in WPF C# TreeView
ANSI-Coloring Console Output with .NET
WCF SslStreamSecurity DNS Identity Check failing for just 4.6 framework
How to implement Security Protocols TLS 1.2 in .Net 3.5 framework
C# Entity Framework: Keyword not supported: 'port'
What's the difference between <%# %> and <%= %>?
Returning XML natively in a .NET (C#) webservice?
Automatic generation of Unit test cases for .NET and Java [closed]
How to Sort Integer Strings?
Prevent a readonly textbox from being grayed out in Silverlight
Nested Transactions with TransactionScope
Is there a buffer size attached to stdout?
What happens if you break out of a Lock() statement?
Draw dashed line in a WPF adorner
How to specify user credentials for a click-once application?
How to revert an HttpError ConfigurationElement back to "Inherited" using IIS 7 API
Can I copy some References of a project and paste it to another project's references in Visual Studio?
How do you get the root node or the first level node of the selected node in a tree view?
Does WCF have an equivalent of MVC's [Authorize] attribute?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!