Best IT Recipes

Transport security with WCF, IIS, as well as client authentication .. is this possible or not?

I can find out a few similar questions about this, but I'm completely unsure of the answer to this. I become more and more confused when I read in different ways. Therefore, I ask this for my satisfaction.

I have a WCF service hosted in IIS. and I have a client that connects to this service and calls the method. Now I am trying to use certificates to use transport security.

On the client side, I have a config

<bindings> <basicHttpBinding> <binding name="testBinding"> <security mode="Transport"> <transport clientCredentialType="Certificate" proxyCredentialType="Basic"/> </security> </binding> </basicHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="testBehavior"> <clientCredentials> <clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="client007"/> </clientCredentials> </behavior> </endpointBehaviors> </behaviors>

On the server side, I have a configuration

 <behaviors> <serviceBehaviors> <behavior name="testServiceBehavior"> <serviceMetadata httpsGetEnabled="true"/> <serviceDebug includeExceptionDetailInFaults="true"/> <serviceCredentials> <clientCertificate> <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine"/> </clientCertificate> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <basicHttpBinding> <binding name="testServiceBinding"> <security mode="Transport"> <transport clientCredentialType="Certificate"/> </security> </binding> </basicHttpBinding> </bindings>

Now, the script I want, only a client that has its public key installed on trusted server users, can only access the service.

But in my case, whether I install the public key in proxies or not. I can access the service using any certificate that I create myself.

I checked that anonymous authentication was enabled, because of this? When I turn off anonymous access, I get an error

The HTTP request is unauthorized with client authentication, authentication received from the server was the core area

How can I make sure that only the client whose public key is on the server can access the service?

Does this validation work with transport security? Please help me. thank

+1
certificate ssl wcf
Apr 18 '13 at 3:36
source share

No one has answered this question yet.

See similar questions:

43
WCF Transport vs Message

or similar:

8
Is WCF a service certificate required for client authentication?
6
WCF Transport Security using certificates ignores network trust
6
WCF Transport Security without Authentication
5
Using a Wcf SSl certificate over Tcp without a client certificate (server-side only)
four
Certificate WCF + Client Authentication
four
How to set WCF protection to request a client certificate?
3
WCF with NetTcpBinding Network Security and Certificate Certificate
one
How to configure transport security with a client certificate using WCF?


More articles:


All Articles