I am trying to connect to a WCF server and the client mutually authenticate each other using SSL certificates at the transport level using BasicHttpBinding. Here's how to create a server:
var soapBinding = new BasicHttpBinding() { Namespace = "http://test.com" }; soapBinding.Security.Mode = BasicHttpSecurityMode.Transport; soapBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; var sh = new ServiceHost(typeof(Service1), uri); sh.AddServiceEndpoint(typeof(IService1), soapBinding, ""); sh.Credentials.ServiceCertificate.SetCertificate( StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "localhost"); sh.Open();
Here is the client:
var binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.Transport; var service = new ServiceReference2.Service1Client(binding, new EndpointAddress("https://localhost:801/Service1")); service.ClientCredentials.ClientCertificate.SetCertificate( StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "localhost"); service.ClientCredentials.ServiceCertificate.Authentication. CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust; service.HelloWorld();
The certificate for the local host is in personal, trusted root, and trusted third-party containers. Internet Explorer can connect to the host and see the WSDL. Additionally, SSL calls work fine with ClientCredentialType = HttpClientCredentialType.None
HelloWorld () error:
System.ServiceModel.Security.MessageSecurityException occurred<br/> Message="The HTTP request was forbidden with client authentication scheme 'Anonymous'."
which is a repeated exception from: "The remote server returned an error: (403) Forbidden."
How can I deal with wtf?
web-services wcf
galets
source share