Wednesday, April 30, 2008

Host name problems in SSL enabled WCF service metadata

I just solved a little issue a customer had in a project where the addresses in the metadata of a WCF service were pointing to an internal address instead of the external public address. For an example let's say that we have an IIS server which external address is: https://www.example.com/problem.svc and on the internal network the server is called: https://iis.production/problem.svc. The service is configured like so:

Now the problem first shows its ugly face when you go to the external address (https://www.example.com/problem.svc) where the following text will meet you:

You have created a service.

To test this service, you will need to create a client and use it to call the service. You can do this using the svcutil.exe tool from the command line with the following syntax:
svcutil.exe https://iis.production/problem.svc?wsdl

See the problem? It is exposing the internal address instead of the external address. "No problem, I'll just rewrite the path manually", you might say. And yes, you can rewrite the path manually but then you'll find that the WSDL also contains some internal references such as:

<xsd:import schemaLocation="https://iis.production/problem.svc?xsd=xsd1?xsd=xsd1" .../>

or

<soap12:address location="https://iis.production/problem.svc" />

So how do we solve this problem? I first thought I could solve it with configuration. So I tried a heap of things like adding base addresses and using the httpsGetUrl property which actually got really close to solving the problem but unfortunately still left a few internal references in the WSDL.

So what can you do? Googling the problem didn't turn up much help but a few people mentioned that adding a host header to IIS might solve the problem... So I tried that, but that didn't have any effect. However, this would have solved the problem if my site wasn't running SSL. If you have a SSL site you have to run a rather obscure command from the command prompt to set the host header:

adsutil set /w3svc/{site identifier}/SecureBindings ":{port}:{host header}"

So in my example the command looked like this:

adsutil set /w3svc/1/SecureBindings ":443:www.example.com"

That's it! It took me about 3 hours of trial and error to get this issue fixed so I hope this post will help you get there a little faster. ;)

Posted by at 1:15 PM

1 comments:

  1. You just saved me from at least 3 hours of overtime work. Thank you for posting this.
    Note: After running the adsutil command, restart the IIS.
    ReplyDelete

Subscribe to: Post Comments (Atom)