Home/ Questions/Q 8904843
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T02:14:28+00:00

I trying to do WCF using self-signed certificate. I found some solutions,but they need

  • 0

I trying to do WCF using self-signed certificate. I found some solutions,but they need client to know clinet certificate before connection.
I would like make client works as browser(When browser use web server certificate).
I mean browser don’t know webserver’s certificate before connection, it can obtain it from web server.
My server’s web.config:

<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" />
    <services>
      <service behaviorConfiguration="security" name="WebApplicationExchange.UKService">
        <endpoint address="" binding="basicHttpBinding" bindingConfiguration="security" contract="WebApplicationExchange.IUKService">
          <identity>
            <dns value="localhost" />
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
        <host>
          <baseAddresses>
            <add baseAddress="https://localhost/UKService/UKService.svc" />
          </baseAddresses>
        </host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="security">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceCredentials>
            <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ServiceAuthorization.PasswordValidator,ServiceAuthorization" />
            <windowsAuthentication allowAnonymousLogons="false" />
          </serviceCredentials>
          <serviceAuthorization principalPermissionMode="Custom">
            <authorizationPolicies>
              <add policyType="ServiceAuthorization.AuthorizationPolicy,ServiceAuthorization" />
            </authorizationPolicies>
          </serviceAuthorization>
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <basicHttpBinding>
        <binding name="security">
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="Basic" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
  </system.serviceModel>

It works fine with web browsers.

But client show error:
Could not establish trust connection for secure channel SSL / TLS with authority “localhost: 56389”.
Client code:

System.ServiceModel.EndpointAddress eaSecurity = new System.ServiceModel.EndpointAddress("https://localhost:56389/UKService.svc");
                var binding = new System.ServiceModel.BasicHttpBinding();
                binding.Security.Mode = System.ServiceModel.BasicHttpSecurityMode.TransportWithMessageCredential;
                binding.Security.Transport.ClientCredentialType = System.ServiceModel.HttpClientCredentialType.None;
                binding.Security.Message.ClientCredentialType = System.ServiceModel.BasicHttpMessageCredentialType.UserName;


                var securityFactory = new System.ServiceModel.ChannelFactory<ServiceReference1.IUKService>(binding, eaSecurity);
                securityFactory.Credentials.UserName.UserName = "test";
                securityFactory.Credentials.UserName.Password = "test";
                myService = securityFactory.CreateChannel();

Any ideas how to solve this?

UPDATE:
I look deeper in error stack and find following:
System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the results of authentication.
I tryed this code:

  ClientCredentials cc = securityFactory.Endpoint.Behaviors.Find<ClientCredentials>();

                cc.UserName.UserName = "test";
                cc.UserName.Password = "test";

               cc.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;

But it doesn’t help.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I solve it this way:

    System.Net.ServicePointManager.ServerCertificateValidationCallback += new System.Net.Security.RemoteCertificateValidationCallback(RemoteCertValidateCallback);
 public static bool RemoteCertValidateCallback(object sender, X509Certificate cert, X509Chain chain, System.Net.Security.SslPolicyErrors error)
        {
            return true;
        }
    • 0