Azure DataPortal problems

Azure DataPortal problems

Old forum URL: forums.lhotka.net/forums/t/12050.aspx


Brad Rem posted on Sunday, June 30, 2013

I'm trying to migrate a project to Azure. On Azure, my WCF DataPortal is now a Cloud Service and I've also uploaded my ClickOnce application into blob storage.  While I'm ultimately trying to get it this to work in Azure, I'm currently stuck at setting up the WCF DataPortal with a certificate locally.  First, here's what I've tried with Azure:

When I access my non-certificate using Azure-based data protal in a browser through http://mydataportal.cloudapp.net/DataPortal.svc it displays information correctly.

When I run my WinForm application, I can only access the data portal locally.  When I run my WinForm app when it is looking for the DataPortal on Azure, I get a SecurityNegotiationException of "The caller was not authenticated by the service."   I think I'm getting this error because I'm trying to use this over multiple domains and that the resolution is to use a certificate.

Incidentally, I changed the CNAME records so that my DataPortal is http://dataportal.MyCompany.com and the data storage that houses my ClickOnce app is http://program.MyCompany.com in the hopes that if those two where on the same domain it would work.  It did not.

Before I get a certificate from Verisign, I've generated myself, through Makecert, a certificate that I've included on my machine and uploaded into Azure.  After working with the configuration for my DataPortal for some time, I have it working again so that when I hit http://mydataportal.cloudapp.net/DataPortal.svc, it does not error.  I assume it is running properly now under the certificate.

When I run my WinForm application, though, it throws an exception (both when targetting the local DataPortal and the Azure data portal):

"Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint."

Where I am stumped is what exactly do I need to put in my WinForms app.config file to handle my certificate using data portal. I've tried so many different things I'm not sure what I have left to try.

Here is a section from my Web.Config:

 <system.serviceModel>
    <services>
        <service
            name="Csla.Server.Hosts.WcfPortal"
            behaviorConfiguration="returnFaults">
            <endpoint
                contract="Csla.Server.Hosts.IWcfPortal"
                binding="wsHttpBinding"
                bindingConfiguration="wsHttpBinding_IWcfPortal"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="wsHttpBinding_IWcfPortal" maxReceivedMessageSize="2147483647">
                <readerQuotas
                    maxBytesPerRead="2147483647"
                    maxArrayLength="2147483647"
                    maxStringContentLength="2147483647"
                    maxNameTableCharCount="2147483647"
                    maxDepth="2147483647"/>
                <security mode="Message">
                    <message clientCredentialType="Certificate" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <behaviors>
        <serviceBehaviors>
            <behavior name="returnFaults">
                <serviceDebug includeExceptionDetailInFaults="true" />
                <serviceMetadata httpGetEnabled="true" />
                <serviceCredentials>
                    <serviceCertificate
                        findValue="localhost"
                        x509FindType="FindBySubjectName"/>
                </serviceCredentials>
            </behavior>
        </serviceBehaviors>
    </behaviors>
</system.serviceModel>
  

My app.config in my WinForms app is this:

<client>
    <endpoint
        address="http://localhost:49546/DataPortal.svc"
        binding="wsHttpBinding"
        bindingConfiguration="WSHttpBinding_IWcfPortal"
        contract="Csla.Server.Hosts.IWcfPortal"
        name="WSHttpBinding_IWcfPortal"
        behaviorConfiguration="CustomBehavior">
        <identity>
         <dns value="localhost" />
        </identity>
    </endpoint>
</client>

To summarize, where I am right now is that I have a WCF DataPortal that is using a certificate. My WinForms app is unable to use it; both locally and in Azure it fails.  If I remove the certificate, everything works fine locally. I'm implementing the certificate in hopes that when the DataPortal is running in Azure, my WinForm clients will be able to access it, but with the certicate I'm not even able to access my data portal locally.  I feel like I'm only missing a setting in the WinForms app.config that will make this all work. The exception I'm receiving seems to indicate I'm failing to specify the endpoint identity properly.

Copyright (c) Marimer LLC