I’m trying go get WCF server and client mutually authenticate each other using SSL certificates on transport level using BasicHttpBinding. Here’s how the server is getting created:

var soapBinding = new BasicHttpBinding() { Namespace = 'http://test.com' }; soapBinding.Security.Mode = BasicHttpSecurityMode.Transport; soapBinding.Security.Transport.ClientCredentialType =     HttpClientCredentialType.Certificate; var sh = new ServiceHost(typeof(Service1), uri); sh.AddServiceEndpoint(typeof(IService1), soapBinding, ''); sh.Credentials.ServiceCertificate.SetCertificate(     StoreLocation.LocalMachine, StoreName.My,      X509FindType.FindBySubjectName, 'localhost'); sh.Open(); 

Here’s the client:

var binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.Transport; var service = new ServiceReference2.Service1Client(binding,     new EndpointAddress('https://localhost:801/Service1'));  service.ClientCredentials.ClientCertificate.SetCertificate(     StoreLocation.LocalMachine, StoreName.My,      X509FindType.FindBySubjectName, 'localhost');  service.ClientCredentials.ServiceCertificate.Authentication.     CertificateValidationMode =         System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;  service.HelloWorld(); 

Certificate for localhost is in Personal, Trusted Root and Trusted 3rd Party containers. Internet Explorer can connect to host and see WSDL. Also, SSL calls work fine with ClientCredentialType = HttpClientCredentialType.None

HelloWorld() fails with:

System.ServiceModel.Security.MessageSecurityException occurred<br/>   Message='The HTTP request was forbidden with client authentication   scheme 'Anonymous'.' 

which is a rethrown exception from: ‘The remote server returned an error: (403) Forbidden.’

how does one go around figuring out wtf is going on?