All geek questions in one place

IIS hosted WCF with SSL protection - "HTTP request was denied using the Anonymous client authentication scheme

I am trying to host wcf in IIS using transport security. I found a good tutorial and follow the instructions: http://robbincremers.me/2011/12/27/wcf-transport-security-and-client-certificate-authentication-with-self-signed-certificates/ . I always get β€œAn HTTP request was denied using the Anonymous client authentication scheme. How can I handle this?

What i have done so far:

  • I created a self-signed root certificate as described here .

    makecert -n "CN = TempCA" -r -sv TempCA.pvk TempCA.cer

  • New server certificate signed with root server certificate created

    makecert -sk SignedByCA -iv TempCA.pvk -n "CN = localhost" -ic TempCA.cer localhost.cer -sr localmachine -ss My

  • A new client certificate has been created, signed by the root center certificate.

    makecert -sk SignedByCA -iv TempCA.pvk -n "CN = clientCert" -ic TempCA.cer clientCert.cer -sr localmachine -ss My

  • Added CA Trusted Root Certificate

    enter image description here

  • Added these certificates in Personal β†’ Certificates enter image description here

  • Added client certificate for proxies enter image description here

  • Everything looks ok enter image description here

  • A very simple WCF application has been created. Added IIS enter image description here

  • Security Settings enter image description here

  • This is my web.config service file

> <?xml version="1.0"?> <configuration> <system.web> > <compilation debug="true" targetFramework="4.5" /> > <httpRuntime targetFramework="4.5"/> </system.web> <system.serviceModel> > <bindings> > <basicHttpBinding> > <binding name="EmployeeBindingConfig"> > <security mode="Transport"> > <transport clientCredentialType="Certificate" /> > </security> > </binding> > </basicHttpBinding> > </bindings> > <behaviors> > <serviceBehaviors> > <behavior name="EmployeeServiceBehavior"> > <serviceMetadata httpsGetEnabled="true"/> > <serviceDebug includeExceptionDetailInFaults="true"/> > <serviceCredentials> > <clientCertificate> > <authentication certificateValidationMode="PeerOrChainTrust" > trustedStoreLocation="LocalMachine" /> > </clientCertificate> > </serviceCredentials> > </behavior> > </serviceBehaviors> > </behaviors> > <services> > <service > behaviorConfiguration="EmployeeServiceBehavior" > name="WCF.Tutorial.TransportSecurity.ServiceNew.EmployeeService"> > <host> > <baseAddresses> > <add baseAddress="https://localhost/WCF.Tutorial.TransportSecurity.ServiceNew"/> > </baseAddresses> > </host> > <endpoint address="EmployeeService" > binding="basicHttpBinding" > bindingConfiguration="EmployeeBindingConfig" > contract="WCF.Tutorial.TransportSecurity.ServiceNew.IEmployeeService" > /> > <endpoint > address="mex" > binding="mexHttpsBinding" > contract="IMetadataExchange" /> > </service> > </services> </system.serviceModel> <system.webServer> > <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
  1. This is my client app.config
 > <?xml version="1.0" encoding="utf-8" ?> > <configuration> > <startup> > <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /> > </startup> > <system.serviceModel> > <behaviors> > <endpointBehaviors> > <behavior name="EmployeeEndpointBehaviour"> > <clientCredentials> > <clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="omer-HP"/> > </clientCredentials> > </behavior> > </endpointBehaviors> > </behaviors> > <bindings> > <basicHttpBinding> > <binding name="EmployeeBindingConfig"> > <security mode="Transport"> > <transport clientCredentialType="Certificate" /> > </security> > </binding> > </basicHttpBinding> > </bindings> > <client> > <endpoint address="https://localhost/WCF.Tutorial.TransportSecurity.ServiceNew/EmployeeService.svc" > binding="basicHttpBinding" bindingConfiguration="EmployeeBindingConfig" > contract="WCF.Tutorial.TransportSecurity.ServiceNew.IEmployeeService" > name="serviceEndpoint" > behaviorConfiguration="EmployeeEndpointBehaviour"/> > </client> > </system.serviceModel> > </configuration>
  1. This is my client code and error enter image description here

My question is, how can I get through this error? I need your help.

+5
source share
2 answers

At least the problem was found. When I looked into the Windows event log, I saw this error

When requesting client authentication, this server sends a list of trusted certificate authorities for the client. The client uses this to select the client certificate that the server trusts. Currently, this server trusts so many certification authorities that the list has grown too long. Therefore, this list has been truncated. the administrator of this machine must check the certificate authorities trust the client authentication and delete those that do not need to be trusted.

I supported some certificates and deleted them. After this operation, my program works.

+5
source

Change the anonymous identity as shown in the IIS Websitee

Change your anonymous identity as shown on the IIS website

0
source

Source: https://habr.com/ru/post/1200592/

More articles:


All Articles