Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1364
  • Last Modified:

ASP.net (c#) Webservice calls fail when using ssl site

I have built an application that uses a webservice to populate information on jquery dialogs. The application worls well in development and also on a deployment server using http. However, when I use https (which is important), the service call fails. I have read a lot of information about security issues and am lost at what to do. The webservice is a aprt of the application and is being accessed from javascript on the asp.net page:

On the asp.net page:

    <asp:ScriptManager ID="ScriptManager1" runat="server">
        <Services>
        <asp:ServiceReference Path="../services/WorkflowService.svc" />
    </Services>
    </asp:ScriptManager>

I call the service from script using the following:

     var service = new WorkflowService();
       service.ReportAddApproval(reportguid, data, addapprovalSuccess);

when debugging (ie debugger not Visual Studio) on https I get:
       SCRIPT5009: 'WorkflowService' is undefined

I have spent ages trying to resolve this and just cannot see which way to turn. Any help would be greatly appreciated
0
spanout
Asked:
spanout
  • 5
  • 2
1 Solution
 
Rose BabuSenior Team ManagerCommented:
You may encounter an invalid ssl certificate issue.

if so you may bypass the ssl error and continue the process.

Have a look on the below link

http://blog.jameshiggs.com/2008/05/01/c-how-to-accept-an-invalid-ssl-certificate-programmatically/

Hope this may help you.
0
 
spanoutAuthor Commented:
thanks for this. Do I implement this in the svc file as I am calling it from javascript?

I also not that the document.ready jquery is raining some JS error:

SEC7111: HTTPS security is compromised by (null)
javascript:false;

I cannot see where that is happenning as it is not associated with a script line. All linked js files are references relatively, so should assume the https protocol.
0
 
spanoutAuthor Commented:
also, the browser doesn't report any certificate problems?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
Rose BabuSenior Team ManagerCommented:
hi,

my previous comment is for the client side web service call, at that time you can bypass the ssl error if any thrown. you don't want add any code part in your svc service side.

and i try to post the code for the javascript to bypass the ssl error.

also can you check the "View site Information" in the address bar? That may give more info about the ssl.
0
 
spanoutAuthor Commented:
there appears to be no SSL issues with the site. I use the same certificate for a number of sites without issue. But this is the first site using this webservice. Any javascript code would be appreciated.
0
 
spanoutAuthor Commented:
I have managed to answer this myself and here is the solution for anyone experiencing the same issue. The WCF service worked fine when called from javascript over http. As soon as it is moved to https, it fails with javascript error saying service is undefined. It is all to to with the service behaviour. Adding security mode (<security mode="Transport">       </security>) as per the following fixes the issue:

<system.serviceModel>
      <behaviors>
     
                  <serviceBehaviors>
                        <behavior name="metadataAndDebug">
                          <serviceMetadata  httpGetEnabled="true" httpGetUrl=""/>  
                          <serviceDebug httpHelpPageEnabled="true" includeExceptionDetailInFaults="true" />
                        </behavior>
              </serviceBehaviors>
     
                  <endpointBehaviors>
                        <behavior name="XXXXXXXX.Services.WorkflowServiceAspNetAjaxBehavior">
         
                              <enableWebScript/>
                        </behavior>
            </endpointBehaviors>
      </behaviors>
      <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      <services>
            <service name="XXXXXXXX.Services.WorkflowService">
                  <endpoint address="" behaviorConfiguration="XXXXXXXX.Services.WorkflowServiceAspNetAjaxBehavior" binding="webHttpBinding" bindingConfiguration="webBinding"  contract="XXXXXXXX.Services.WorkflowService"/>
            </service>
      </services>
          <bindings>
                  <webHttpBinding>
                    <binding name="webBinding">
                            <security mode="Transport">       </security>
                    </binding>
                  </webHttpBinding>
          </bindings>
</system.serviceModel>



Thanks to the following excellent blog for clear and concise info on this issue. It is the only place I found anything useful.

http://weblogs.asp.net/srkirkland/archive/2008/02/20/wcf-bindings-needed-for-https.aspx
0
 
spanoutAuthor Commented:
There was no solution for WCF webservice offered by the experts
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

  • 5
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now