Is it possible to have transport security without authentication? I’m well aware of it’s flaws but atm I can’t install a certificate a the client side. It seems I can set WSHttpBinding.SecurityMode to Transport and the ClientCredentialType to HttpClientCredentialType.None, but when I try to call the service I get this exception:
An error occurred while making the HTTP request to https://[MyService]. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
I don’t think it’s a mismatch of the security binding between the client and the server because I’m using a proxy generated by svcutil.
Why’s it looking for a server certificate if I’ve set the ClientCredentialType to None?
You can have HTTPS communication without authentication, but you cannot have HTTPS communication without certificates, since HTTPS encryption uses certificates.
There are a few things to check:
If you can’t access the WSDL or another resource on the site over HTTPS, then HTTPS isn’t configured on the server.
If you get warnings about the certificate, then you don’t have a certificate that the client will trust. There are three options here; one is to get a valid certificate from somewhere like Verisign that will be trusted, the other is to install the certificate in a trusted part of the user’s store (which you can’t do as you mentioned), and the final is to turn off the cerificate revocation in the client’s WCF configuration.