Home/ Questions/Q 7188897
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-28T19:11:10+00:00

I created a wcf services, hosted it in IIS(7.5) which works fine. I now

  • 0

I created a wcf services, hosted it in IIS(7.5) which works fine. I now want to add username authentication and i run into some problems.
The config file is this:

  <system.serviceModel>
    <services>
      <service behaviorConfiguration="warServBehavior" name="WcfServiceLibrary.WarcraftService">
        <endpoint address="" binding="wsHttpBinding" contract="WcfServiceLibrary.IWarcraftService" bindingConfiguration="warWsHttpBinding" />
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="warWsHttpBinding">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="None"/>
            <message clientCredentialType="UserName"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="warServBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true"/>
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="BogusValidator, App_Code"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

Regarding the certificate i did the following(inspired from msdn):

  1. 1)makecert -n “CN=RootCATest” -r -sv RootCATest.pvk RootCATest.cer

  2. 2)added it to Trusted Root Certification Authorities

  3. 3)makecert -sk CertTest -iv RootCATest.pvk -n “CN=Bogus” -ic RootCATest.cer -sr
    localmachine -ss my -sky exchange -pe

In IIS i added binding for https and in the Server Certificates i have this:
enter image description here

When i run svcutil https://localhost/WarcraftServiceSite/WarService.svc i get this exception: "There was an error downloading https://localhost/WarcraftServiceSite/WarService.svc. The underlying connection was closed.Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure."

Later edit: it seems that the right way to call svcutil is with http not https even though i have this <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Because this is just a test certificate you can add the following to the client for it to work. When you get a production certificate from verisign etc you won’t need this.
    Reference and add usings for the following – System.Net, System.Net.Security, System.Security.Cryptography.X509Certificates;

    Use the ServicePointManager class and add a handler to the ServerCertificateValidationCallback

      ServicePointManager.ServerCertificateValidationCallback
               += RemoteCertificateValidate;

    Then the handler impl

    private static bool RemoteCertificateValidate(
   object sender, X509Certificate cert, 
    X509Chain chain, SslPolicyErrors error)
{
    // trust any certificate
    return true;
}

    Wire up the handler somewhere before using your proxy.
    Remeber this code and certs from makecert should be used for testing only.

    • 0