•
•
•
•
What is DaniWeb IT Discussion Community?
You're currently browsing the ASP.NET section within the Web Development category of DaniWeb, a massive community of 455,970 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,773 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.
Please support our ASP.NET advertiser: Lunarpages ASP Web Hosting
Views: 1876 | Replies: 0
 |
•
•
Join Date: Nov 2007
Posts: 1
Reputation: 
Rep Power: 0
Solved Threads: 0
Newbie Poster
WCF on IIS - Getting error trying to connect with certificate based authentication
#1
Nov 26th, 2007
Hello,
I'm trying to get a WCF service configured to authenticate the client using X509 certificates. The service is hosted by IIS 6 and I'm getting an error that I didn't receive while testing and hosting in a console. In fact, this exact configuration works when not running is IIS. One fact about my system is that I'm running the host and the client on the same machine. I have not yet reproduced the problem across different machines. I've confirmed that all the certificates are in the right places and that the ASPNET user has been granted permission to all certificates. Has anyone had issues running this configuration in IIS? Thanks!
The error:
Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
My web.config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.serviceModel>
<services>
<service name="MCPServices.MCPService" behaviorConfiguration="MCPServicesBehavior">
<endpoint address=""
contract="MCPServices.IMCPService"
binding="wsHttpBinding"
bindingConfiguration="certificateBinding">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="localhost" />
</identity>
</endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<!-- X509 Certificate binding -->
<binding name="certificateBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<!-- Before deployment, you should remove includeExceptionDetailInFaults="true" from any behaviors -->
<serviceBehaviors>
<behavior name="MCPServicesBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="MCPServices.CustomX509CertificateValidator, App_Code/Service.cs"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="Microsoft.Transactions.Bridge, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="SMDiagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
</system.web>
</configuration>
My client app.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IMCPService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/Service.svc"
behaviorConfiguration="MCPServicesBehavior"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMCPService"
contract="IMCPService" name="WSHttpBinding_IMCPService">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="localhost"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="MCPServicesBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
</serviceCertificate>
<clientCertificate findValue="hades" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
I'm trying to get a WCF service configured to authenticate the client using X509 certificates. The service is hosted by IIS 6 and I'm getting an error that I didn't receive while testing and hosting in a console. In fact, this exact configuration works when not running is IIS. One fact about my system is that I'm running the host and the client on the same machine. I have not yet reproduced the problem across different machines. I've confirmed that all the certificates are in the right places and that the ASPNET user has been granted permission to all certificates. Has anyone had issues running this configuration in IIS? Thanks!
The error:
Unhandled Exception: System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
My web.config:
<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
<system.serviceModel>
<services>
<service name="MCPServices.MCPService" behaviorConfiguration="MCPServicesBehavior">
<endpoint address=""
contract="MCPServices.IMCPService"
binding="wsHttpBinding"
bindingConfiguration="certificateBinding">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="localhost" />
</identity>
</endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<!-- X509 Certificate binding -->
<binding name="certificateBinding">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<!-- Before deployment, you should remove includeExceptionDetailInFaults="true" from any behaviors -->
<serviceBehaviors>
<behavior name="MCPServicesBehavior">
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceMetadata httpGetEnabled="true" />
<serviceCredentials>
<serviceCertificate findValue="localhost" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="MCPServices.CustomX509CertificateValidator, App_Code/Service.cs"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="System.Security, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="Microsoft.Transactions.Bridge, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="SMDiagnostics, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.IdentityModel.Selectors, Version=3.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.DirectoryServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Web.RegularExpressions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B77A5C561934E089"/>
<add assembly="System.Messaging, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/>
<add assembly="System.ServiceProcess, Version=2.0.0.0, Culture=neutral, PublicKeyToken=B03F5F7F11D50A3A"/></assemblies></compilation>
</system.web>
</configuration>
My client app.config:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IMCPService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/Service.svc"
behaviorConfiguration="MCPServicesBehavior"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IMCPService"
contract="IMCPService" name="WSHttpBinding_IMCPService">
<identity>
<certificateReference storeName="My" storeLocation="LocalMachine" x509FindType="FindBySubjectName" findValue="localhost"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="MCPServicesBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
</serviceCertificate>
<clientCertificate findValue="hades" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
|
•
•
•
•
•
•
•
•
DaniWeb ASP.NET Marketplace
•
•
•
•
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
Linear Mode
- error in connecting MySql and PHPBB help me..... (MySQL)
- Can't connect to MySQL server on 'localhost' (10061) (PHP)
- Strange WSE error when trying to connect to web service (RSS, Web Services and SOAP)
- Login used to work (ASP.NET)
- DNS ERROR>>>CANNOT CONNECT TO SECURE SITES (Viruses, Spyware and other Nasties)
- Cannot connect to Internet after running troubleshooting software (Viruses, Spyware and other Nasties)
- error while trying to retrieve text for error ora 01019 (Oracle)
- error while trying to retrieve text for error ora 01019 (ASP.NET)
- php mysql help (PHP)
- Error 4129.670a - Anyone heard of this? (Windows NT / 2000 / XP / 2003)
Other Threads in the ASP.NET Forum
- Previous Thread: How can I work server side without refreshing web pages
- Next Thread: Data Dependant Nested Repeaters in Datalist. Help big time.
