Jonas Stawski

Everything .NET and More

WCF WSDL location address with HTTPS

When you query the WSDL of a WCF service that is hosted with HTTPS the location of the service will be pointed to the machine name by default. So if a client is querying your service by pointing to https://www.yourdomain.com/YourService/Service.svc?wsdl the WSDL will come back with something like this:

<wsdl:service name="ServiceName">
    <wsdl:port name="HttpService" binding="tns:HttpService">
        <soap12:address location="https://MachineName/YourService/Service.svc" /> 
        <wsa10:EndpointReference>
            <wsa10:Address>https://MachineName/YourService/Service.svc</wsa10:Address> 
        </wsa10:EndpointReference>
    </wsdl:port>
</wsdl:service>

Therefore the client machine will not be able to generate the appropriate proxy because it will never be able to query the service using the MachineName (it is most likely sitting outside of the server's internal network).

To fix this all you have to do is add an HTTPS Host Header to the correct website. Unfortunately, this is not doable through the GUI, but it can be done in command line. To do so in IIS 6.0 run the following script by replacing the <website id> with your website id (usually it is 1) and <host header> with your fully qualified domain:

%systemroot%\system32\cscript.exe //nologo %systemdrive%inetpub\adminscripts\adsutil.vbs set /w3svc/<website id>/SecureBindings ":443:<host header>"

After that just reset iis by running an iisreset.

If you browse to your wsdl file you should find that the address changed to the fully qualified domain.

Happy Configuring!

Comments (9) -

Hi Jonas,

Thanks for posting this entry, appreciate that! Smile

Now, although it helps, how would you undo the changes if you inadvertently updated a wrong entry?

TIA!

Reply

How do you determine your website id?
When I do a "... get /w3svc/1/servercomment", it says "Default Web Site", hence, this is dealing with my non-customized site.  I have another web site that is the customized version, but when I try /w3svc/2/servercomment, it gives an error trying to get the object, as if that website doesn't exist.  So how do I change settings for my other website?

Reply

Nevermind... I figured it out:

To find the website ID, open IIS, expand the server name, then click on Web Sites.  You will see all of your listed websites, along with the Identifiers for each.

Reply

Solved my problem!  Awesome, thanks for posting, have been banging my head against the wall trying to deploy my service.

Reply

Thanks Jonas.

I've been tearing my hairout in trying to resolve this WCF service issue.

Firstly, I thought it was a namespace issue so I did a bit of reading and found out I needed to add the namespace for the class [ServiceBehavior] and interface [ServiceContract].

Secondly, with that resolved, I hit this issue with the server-name being used instead of the actual registered .com domain-name, again I played around with the web.config thinking that there must be something I've not configured, so I did a bit more reading, added the 'bindingName' attribute and full qualifing url of the server into the <endpoint> and found out this still did not work. However, at least I got all the namespaces showing what I wanted except the problem with the service still showing the server-name *bangs head against wall* ... so, I searched the web again and did more reading and found this article by Jonas, and the following microsoft blog:

blogs.msdn.com/.../...f-an-iis-hosted-service.aspx" title="blogs.msdn.com/.../...f-an-iis-hosted-service.aspx">blogs.msdn.com/.../...f-an-iis-hosted-service.aspx

Thanks to Jonas' post the problem is resolved now and much appreciated.

(What a nightmare!)

ps. Also credit to spmusick for pointing out where the website id is located in IIS - Cheers dude.

Reply

If you have multiple SSL sites setup in IIS you need to run the command and bind it to the ip address you are using for your site.

%systemroot%\system32\cscript.exe /nologo %systemdrive%inetpub\adminscripts\adsutil.vbs set /w3svc/<website id>/SecureBindings "<bindip>:<bindport>:<host header>"

Reply

this was indeed helpfull.
I appreciate

Reply

sboxpatricia
United States sboxpatricia

Very efficiently written information. It will be beneficial to everyone who usess it, as well as me. Keep doing what you are doing - can'r wait to read more posts.

Reply

Add comment

biuquote
Loading