Reputation: 2014
WCF service proxy generation throws error when exposed via F5 load balancer
I am exposing my service to public network from my corporate network.
i have certificate as *.mydomain.com, a generic certificate.
My load balancer url with service is:
https://myservice.mydomain.com/service1.svc
i have two app servers whose urls are:
http://myservice1.mydomain.com/service1.svc http://myservice2.mydomain.com/service1.svc
we use SSL off0loading from F5 load balancer. so from outside world to F5 LB, its https and from LB to app servers its http. we configured certificate at the F5 LB.
when i hit the LB service url on the browser, i get "Service has been created page
MyService Service
You have created a service.
To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:
svcutil.exe http://myservice.mydomain.com/service1.svc?wsdl
You can also access the service description as a single file:
http://myservice.mydomain.com/service1.svc?singleWsdl
and when i add the service reference from my client app using load balancer url i am getting following error:
The document was understood, but it could not be processed.
- The WSDL document contains links that could not be resolved.
- There was an error downloading 'http://myservice.mydomain.com/service1.svc?wsdl=wsdl0'.
- Unable to connect to the remote server
- No connection could be made because the target machine actively refused it 207.187.164.30:80
Metadata contains a reference that cannot be resolved: 'https://myservice.mydomain.com/service1.svc?wsdl'.
Metadata contains a reference that cannot be resolved: 'https://myservice.mydomain.com/service1.svc?wsdl'.
If the service is defined in the current solution, try building the solution and adding the service reference again.
but when i access my two app servers url directly from inside the network, i am able to generate the proxy generated and my service works just fine but when i try to generate proxy outside network through LB url, i am getting the above mentioned error.
My Service binding is:
<service behaviorConfiguration="DefaultBehavior" name="MyServices.MyService">
<endpoint binding="wsHttpBinding" contract="MyServices.IMyService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
and corresponding behavior is:
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
<errorHandler/>
</behavior>
Please help me resolve this issue
Upvotes: 2
Views: 774
Answers (1)
Reputation: 2014
Though i was exposing service from my nodes as http but F5 LB was doing the heavy lifting on ssl offloading so my service from F5 LB was https. Since i was exposing metadata over http scheme from my nodes and F5 LB did not support http scheme, wsdl generation on http url through F5 LB was blocked hence i was not able to generate the proxy.
Later i came to know from my Infrastructure team that exposing meta data to clients in production was a security issue so we block it.
So now the question is how a client consume service when we dont expose metadata endpoint? simple Answer was use channel factory and create proxy and call service method through F5 LB's https url. This is how i solved the problem.
Upvotes: 1
Related Questions
- WCF Service (wsHttpBinding binding) behind F5 load balancer
- WSDL Generation for WCF Service Behind Load Balancer
- WCF Service Reference - proxy not being generated when reusing types
- Visual Studio does not generate client proxy code when adding service reference
- WCF service call from class project with proxy
- Configure WCF binding behind a F5 load balancer
- WCF Error: "The given key was not present in the dictionary." on initializing client proxy
- WCF SSL over load balancer. Load balancer changing ssl port
- SecurityError when calling a HTTPS-WCF Service from Silverlight 4
- Generating WCF proxy against untrusted SSL endpoint