Home/ Questions/Q 488551
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T01:43:06+00:00

I have WCF service. I demand clients to authenticate with certificate. This is service

  • 0

I have WCF service. I demand clients to authenticate with certificate.
This is service configuration:

<system.serviceModel>
        <services>
            <service name="FilmLibrary.FilmManager" behaviorConfiguration="FilmService.Service1Behavior">
                <endpoint address="manager" name="certBinding" binding="basicHttpBinding" contract="FilmContract.IFilmManager" />
            </service>            
        </services>
        <bindings>
            <basicHttpBinding>
                <binding name="certBinding">
                    <security mode="Message">
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <behaviors>
            <serviceBehaviors>
                <behavior name="FilmService.Service1Behavior">
                    <serviceCredentials>
                        <clientCertificate>
                            <authentication trustedStoreLocation="LocalMachine" 
                            certificateValidationMode="PeerTrust" />
                        </clientCertificate>                                               
                    </serviceCredentials>    
            </behavior>
            </serviceBehaviors>
        </behaviors>
    </system.serviceModel>
</configuration>

Public key is installed in LocalMachine, Trusted People

Client configuration is as follows:

<system.serviceModel>
        <bindings>
            <basicHttpBinding>
                <binding name="certBinding" closeTimeout="00:01:00" openTimeout="00:01:00"
                    receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
                    bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
                    maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                    messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
                    useDefaultWebProxy="true">
                    <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                    <security mode="Message">
                        <message clientCredentialType="Certificate"/>
                    </security>
                </binding>
            </basicHttpBinding>
        </bindings>
        <behaviors>
            <endpointBehaviors>
                <behavior name="certBehaviour">
                    <clientCredentials> 
                        <clientCertificate findValue="SubjectKey" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
        <client>
            <endpoint address="[...]/Service1.svc/manager"
                binding="basicHttpBinding" bindingConfiguration="certBinding" behaviorConfiguration="certBehaviour"
                contract="FilmsService.IFilmManager" name="certBinding" />
        </client>
    </system.serviceModel>

Private key is installed in Personal, current user.

Without security, service works. With security enabled – it does not. I tried several configurations and I got errors like authentication failed or that I have to set service certificate in clientCredentials element. Which I don’t understand because I do not want to authenticate service at all.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Instead of 

                <serviceCredentials>
                <clientCertificate>
                    <authentication trustedStoreLocation="LocalMachine" 
                    certificateValidationMode="PeerTrust" />
                </clientCertificate>                                               
            </serviceCredentials>

    I think you are supposed to have 

                <serviceCredentials>
                <serviceCertificate  findValue="SubjectKey" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>                                              
            </serviceCredentials>

    You are not authenticating the service by this, instead you are telling the service how the client is to be authenticated.

    • 0