I have a simple WCF service setup that uses JSON. In this service, I want to use client authentication with a client certificate. I configured IIS 6 to require SSL and require client certificates by setting the folder / site / services / wcf / json /. This setting is usually called 2-way SSL.
But I get an exception when I try to verify the page using the generated SSL certificate.
The SSL settings for the No service do not match the SSL, Ssl, SslNegotiateCert, SslRequireCert settings.
Stack Trace: [NotSupportedException: The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'.] System.ServiceModel.Activation.HostedAspNetEnvironment.ValidateHttpsSettings(String virtualPath, Nullable`1& requireClientCertificate) +117347 System.ServiceModel.Channels.HttpsChannelListener.ApplyHostedContext(String virtualPath, Boolean isMetadataListener) +97 System.ServiceModel.Activation.HostedAspNetEnvironment.ApplyHostedContext(TransportChannelListener listener, BindingContext context) +84 System.ServiceModel.Channels.HttpsTransportBindingElement.BuildChannelListener(BindingContext context) +93 System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +63 System.ServiceModel.Channels.MessageEncodingBindingElement.InternalBuildChannelListener(BindingContext context) +67 System.ServiceModel.Channels.WebMessageEncodingBindingElement.BuildChannelListener(BindingContext context) +49 System.ServiceModel.Channels.BindingContext.BuildInnerChannelListener() +63 System.ServiceModel.Channels.Binding.BuildChannelListener(Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters) +125 System.ServiceModel.Description.DispatcherBuilder.MaybeCreateListener(Boolean actuallyCreate, Type[] supportedChannels, Binding binding, BindingParameterCollection parameters, Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, ServiceThrottle throttle, IChannelListener& result, Boolean supportContextSession) +337 System.ServiceModel.Description.DispatcherBuilder.BuildChannelListener(StuffPerListenUriInfo stuff, ServiceHostBase serviceHost, Uri listenUri, ListenUriMode listenUriMode, Boolean supportContextSession, IChannelListener& result) +668 System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost) +1228 System.ServiceModel.ServiceHostBase.InitializeRuntime() +60 System.ServiceModel.ServiceHostBase.OnBeginOpen() +27 System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +50 System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +318 System.ServiceModel.Channels.CommunicationObject.Open() +36 System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +184 System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +615
I tested that the certificates are installed correctly. I created a base virtual directory that requires client authorization. This virtual directory contains a simple .htm file. I confirmed that it requires https and that it challenges me for my client certificate, and when I proved that it is a valid client certificate, it displays the .htm page, and when I did not prove a valid certificate, it is not.
When applying the same settings in IIS to my WCF service, I get the exception above. I tried to configure services to also require SSL and client authorization, but I keep getting the exception above.
Here are my settings.
<system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="jsonBehavior"> <enableWebScript /> <clientCredentials> <clientCertificate findValue="*.MyCompany.com" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" /> </clientCredentials> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name=""> <serviceDebug includeExceptionDetailInFaults="true" /> <serviceMetadata httpsGetEnabled="true" httpGetEnabled="false" /> <serviceCredentials> <serviceCertificate findValue="*.MyCompany.com" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <bindings> <webHttpBinding> <binding name="webBinding"> <security mode="Transport"> <transport clientCredentialType="Certificate"/> </security> </binding> </webHttpBinding> </bindings> <services> <service name="Service1Json" behaviorConfiguration=""> <endpoint address="https://www.MyCompany.com/site/services/wcf/json/Service1.svc" behaviorConfiguration="jsonBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MyCompany.Services.Wcf.IService1" /> </service> <service name="Service2Json" behaviorConfiguration=""> <endpoint address="https://www.MyCompany.com/site/Services/WCF/json/Service2.svc" behaviorConfiguration="jsonBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MyCompany.Services.Wcf.IService2" /> </service> <service name="Service3Json" behaviorConfiguration=""> <endpoint address="https://www.MyCompany.com/site/services/wcf/json/Service3.svc" behaviorConfiguration="jsonBehavior" binding="webHttpBinding" bindingConfiguration="webBinding" contract="MyCompany.Services.Wcf.IService3" /> </service> </services> <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" /> </system.serviceModel>