Issue with SSL and WCF service

For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
Post Reply
nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Issue with SSL and WCF service

Post by nethrelm » Tue Aug 19, 2014 3:13 pm

I created a self-hosted WCF Service for my site. The service is located at (root)/Services/MyService.svc and needs to be accessible from any page on the site. It works fine as long as SSL is not enabled. Enabling SSL and calling it from a secure page causes a problem though...

So, if I'm on http://www.mydomain.com/default.aspx the service works fine. The request goes to http://www.mydomain.com/Services/MyService.svc and all is right in the world.
However, If I click the Login button and arrive at https://www.mydomain.com/Login.aspx then the request is sent to https://www.mydomain.com/Services/MyService.svc (as it should be), but the response I get back is:

Code: Select all

<html><head><title></title><!-- <script language="javascript">window.location.replace("http://www.mydomain.com/Services/MyService.svc");</script> --></head><body></body></html>
I'm not really sure exactly what is going on as it seems to be something in the CommerceBuilder.Licensing module that is responsible for processing requests. What can I do about this? I need to be able to access my service from http and https pages.
Top
User avatar
SuperMindConsulting
Ensign (ENS)
Ensign (ENS)
Posts: 13
Joined: Sun Jan 17, 2010 1:38 am
Contact:
Contact SuperMindConsulting

Re: Issue with SSL and WCF service

Post by SuperMindConsulting » Wed Aug 20, 2014 1:35 am

First off, you probably need to determine if the service should always be secured over SSL or not.

If it is meant to be called from both secure and non-secure pages, then you will want to make sure that it will be able to support both protocols. Otherwise, you could get that annoying browser message about some items on this page are not secure.

All that being said, you may want to start off by trying these steps:

1) add an entry for your service in App_Data/ssl.config Whenever SSL is enabled in AC, the platform uses this config to determine which pages should be served up over https. In some instances, if there is not a matching entry, AC will actually redirect https page requests to http. (Hence the html/javascript redirect).
2) check to make sure that your WCF bindings are all setup correctly to support SSL. Hint: you may want to copy/paste the code into a new/blank project to rule out any AbleCommerce "variables"
3) it could be something else, I know I have run into this before...I just haven't used wcf with AC in a while...so I'm a bit rusty. Lately, I've been using more WepAPI in Gold.

As another troubleshooting step, you could try to call the web service using the full url (including the http part). That way the wcf request will always try http. Again, this would just be for troubleshooting.


Either way, please reply with what you end up doing to resolve so that there's can benefit...
Thanks,
George Naqi
SuperMindConsulting.com

Image
Top
nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Re: Issue with SSL and WCF service

Post by nethrelm » Wed Aug 20, 2014 8:50 am

Thanks for the tips, but I've actually done everything you suggested with no luck so far. I think the only thing I didn't try was forcing SSL on the service and directly setting the request to use the full https url. I will give that a try and report back. As far as the ssl.config goes, I tried adding an entry for the service with the state attribute set to ignore and it didn't seem to have any effect.

*EDIT: Okay, so the problem with making the service always use SSL is that cross-domain requests are not allowed by browsers. I should have realized that before I even tried it. I tried to get around it by enabling JSONP for the service proxy, and setting crossDomainScriptAccessEnabled=true for the binding, but now I am getting a 405 Method Not Allowed response to the service calls.

One thing I forgot to add was that I originally had this set up where the service was added to pages (in the master pages) in the ScriptManager using a ServiceReference. The problem that I was having with that was when it tried to pull the JS service proxy code, it would request it from http://www.mydomain.com/Services/MyService.svc/js (or jsdebug in debug mode), and the redirect was dropping the last part of the path (trying to send it to https://www.mydomain.com/Services/MyService.svc). Seems like something in Able's redirection code was messing up the URL parsing, but since it is happening in the CommerceBuilder.Licensing module, I really can't say for sure. To get around this, I copied the generated service proxy code and saved it to my scripts folder and added that as a ScriptReference instead. I don't see any way around this, which is a problem to me. If something in their design is preventing the use of standard asp.net code, then to me that means there is a flaw in their design.

*EDIT2: Okay, I think I got it working. It's working in my development environment at least. Will need to verify that it works in production as well. Here is the thing.... I went back to my original implementation using the ServiceReference. I then put TWO entries in the ssl.config file:

Code: Select all

<directory path="services/myservice.svc" state="Ignore"/>
<file path="services/myservice.svc" state="Ignore"/>
The problem with the original redirection is it was treating URLs with the format http://www.myservice.com/Services/MyService.svc/stuff as subdirectories, so both the file itself AND the file as a directory need to be ignored. Doing this seems to have worked. Simple fix that I just didn't think of. For anyone else that runs into a similar issue, my service is set up as follows:

web.config

Code: Select all

  <system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
    ...stuff not related to my service...
  </system.serviceModel>
ssl.config

Code: Select all

    <directory path="services/myservice.svc" state="Ignore"/>
    <file path="services/myservice.svc" state="Ignore"/>
MyService.svc

Code: Select all

<%@ ServiceHost Language="C#" Service="AbleCommerce.Services.MyService" CodeBehind="MyService.svc.cs" Factory="System.ServiceModel.Activation.WebScriptServiceHostFactory" %>
MyService.svc.cs

Code: Select all

...using stuff...
namespace AbleCommerce.Services
{
    [ServiceContract(Namespace = "AbleCommerce.Services", SessionMode = SessionMode.Allowed)]
    public interface IMyService
    {
        [OperationContract]
        void SomeMethod();
       ...etc....
    }

    [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
#if DEBUG
    [ServiceBehavior(IncludeExceptionDetailInFaults = true)]
#endif
    public class MyService : IMyService
    {
        public void SomeMethod() { /* stuff */ }
       ...etc...
    }
}
master pages

Code: Select all

...stuff...
    <asp:ScriptManager ID="ScriptManager1" runat="server" EnablePartialRendering="true">
        <Services>
            <asp:ServiceReference Path="~/Services/MyService.svc" />
         </Services>
     </asp:ScriptManager>
...stuff...
Top
User avatar
mazhar
Master Yoda
Master Yoda
Posts: 5084
Joined: Wed Jul 09, 2008 8:21 am
Contact:
Contact mazhar

Re: Issue with SSL and WCF service

Post by mazhar » Thu Aug 28, 2014 8:38 am

Thanks for posting the details! They will be helpful for community.
Top
nethrelm
Lieutenant (LT)
Lieutenant (LT)
Posts: 61
Joined: Thu May 09, 2013 4:47 pm

Re: Issue with SSL and WCF service

Post by nethrelm » Thu Sep 04, 2014 9:48 am

No problem. Always happy to help out where I can!
Top
Post Reply

Return to “AbleCommerce GOLD”