Solved

Jquery/ajax/WCF over SSL?

Posted on 2011-02-12
6
1,645 Views
Last Modified: 2012-06-27
Is there anything special I have to do in order to make JQuery .ajax work with a WCF Rest service over SSL (or is there something I need to do with the WCF to allow it to work over SSL)?

Everything works fine when it's over http but when I enable https it stops working.
0
Comment
Question by:fredstov
6 Comments
 
LVL 12

Expert Comment

by:mwochnick
ID: 34881178
here's an article that might point you in the right direction, but its hard to tell without knowing more about the actual call you are making and the actual errors you are getting.
http://stackoverflow.com/questions/1478680/why-does-wcf-web-service-hosted-in-iis-over-ssl-result-in-403-forbidden-jquer
what error are you getting in the browser?
is the reuest actually making it to the server?
what does the jquery code that makes the call look like?
what does the service configuration look like?

0
 
LVL 82

Expert Comment

by:leakim971
ID: 34881189
protocols and domain used in url of the client and the server (address used by the ajax call) must match.

the page doing the call need to use ssl and the address of the service too.
0
 

Author Comment

by:fredstov
ID: 34882417
The service is on the same site in a sub directory so everything is under SSL. I'm using a relative path from the jquery call. The data going back and forth is Json data.

IHI:
[OperationContract(Name = "GetQuote")]
        [ServiceKnownType(typeof(HIQuoteObject))]
        [WebInvoke(UriTemplate = "/GetQuote", ResponseFormat = WebMessageFormat.Json,
                                           RequestFormat = WebMessageFormat.Json,
                                           BodyStyle = WebMessageBodyStyle.Bare,
                                           Method = "POST")]
        HIResultObject GetHIQuote(HIQuoteObject hi);

Open in new window


$.ajax({
        type: "POST",
        url: "API/HI.svc/GetQuote",
        data: tempJ,
        contentType: "application/json",
        success: function (data, textStatus, XMLHttpRequest) {

            //DO a bunch of stuff
        },
        error: function (xhr, status, error) {
           
            
            var tempText = "";
            for (prop in xhr) {
            tempText = tempText + xhr[prop];
            }
            alert("error:" + tempText);        }
    });

Open in new window


Web Config:
<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false"
      multipleSiteBindingsEnabled="true" />
    
    <services>
      <service name="Enroll2011.API.CensusSearch">
        <endpoint address="" behaviorConfiguration="SearchServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.ICensusSearch" />
        
      </service>
      <service name="Enroll2011.API.enroll">
        <endpoint address="" behaviorConfiguration="EnrollServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.Ienroll" />
      </service>
      <service name="Enroll2011.API.HI">
        <endpoint address="" behaviorConfiguration="HIServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.IHI" />
      </service>
      <service name="Enroll2011.API.DIS">
        <endpoint address="" behaviorConfiguration="DISServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.IDIS" />
      </service>
    </services>
    <behaviors>
      <endpointBehaviors>
        <behavior name="SearchServiceBehavior">
          <webHttp />
          
        </behavior>
        <behavior name="EnrollServiceBehavior">
          <webHttp />
        </behavior>
        <behavior name="HIServiceBehavior">
          <webHttp />
        </behavior>
        <behavior name="DISServiceBehavior">
          <webHttp />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="">
          <serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
          
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:fredstov
ID: 34884279
ok, I've been able to narrow it down to the web.config and, after changing some settings, it works now. However...is there a way to get it to seamlessly work between my non-https test environment and the live https server without having to go in and comment stuff out in the config before I publish?

New Web.Config code:
<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false"
      multipleSiteBindingsEnabled="true" />
    
    <services>
      <service name="Enroll2011.API.CensusSearch">
        <endpoint address="" bindingConfiguration="httpsBinding" behaviorConfiguration="SearchServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.ICensusSearch" />
        
      </service>
      <service name="Enroll2011.API.enroll">
        <endpoint address="" bindingConfiguration="httpsBinding"  behaviorConfiguration="EnrollServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.Ienroll" />
      </service>
      <service name="Enroll2011.API.HI">
        <endpoint address="" bindingConfiguration="httpsBinding" behaviorConfiguration="HIServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.IHI" />
      </service>
      <service name="Enroll2011.API.DIS">
        <endpoint address="" bindingConfiguration="httpsBinding" behaviorConfiguration="DISServiceBehavior"
                  binding="webHttpBinding" contract="Enroll2011.API.IDIS" />
      </service>
    </services>

    <behaviors>
      <endpointBehaviors>
        <behavior name="SearchServiceBehavior">
          <webHttp />
        </behavior>
        <behavior name="EnrollServiceBehavior">
          <webHttp />
        </behavior>
        <behavior name="HIServiceBehavior">
          <webHttp />
        </behavior>
        <behavior name="DISServiceBehavior">
          <webHttp />
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="ServBeh">
          <serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
          
          <serviceDebug includeExceptionDetailInFaults="false" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <webHttpBinding>
        <binding name="httpsBinding">
          <security mode="Transport" />
        </binding>
      </webHttpBinding>
    </bindings>
  </system.serviceModel>

Open in new window

0
 
LVL 12

Expert Comment

by:mwochnick
ID: 34884559
Not that I'm aware of - we generally put environment specific configuration information in its own file and include it in the web config - we only deploy the "correct" one to each environment using deployment scripts that are environment aware.
0
 
LVL 1

Accepted Solution

by:
tushar_ke earned 500 total points
ID: 34886548
One thing that we did was exposed 2 endpoints, one for http and one for https. No need to change web config that way.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now