Is it possible to have a WCF Rest Webservice web service that excludes client SSL certificates and sets the IIS SSL parameter not to “require SSL” and “accept” client certificates, but not “require” them?
I have the following configuration:
<system.serviceModel> <services> <service behaviorConfiguration="RestServiceBehaviour" name="PM.WCF.Service.PmRestService"> <endpoint address="" behaviorConfiguration="web" binding="webHttpBinding" bindingConfiguration="StreamedRequestWebBinding" contract="PM.WCF.Service.IPmRestService" /> </service> </services> <bindings> <webHttpBinding> <binding name="StreamedRequestWebBinding" bypassProxyOnLocal="true" useDefaultWebProxy="false" hostNameComparisonMode="WeakWildcard" sendTimeout="10:15:00" openTimeout="10:15:00" receiveTimeout="10:15:00" maxReceivedMessageSize="2147483647" maxBufferSize="2147483647" maxBufferPoolSize="2147483647" transferMode="StreamedRequest"> <readerQuotas maxArrayLength="2147483647" maxStringContentLength="2147483647" /> <security mode="Transport"> <transport clientCredentialType="Certificate"/> </security> </binding> </webHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="web"> <webHttp /> </behavior> </endpointBehaviors> <serviceBehaviors> <behavior name="RestServiceBehaviour"> <serviceMetadata httpsGetEnabled="true" /> </behavior> </serviceBehaviors> </behaviors> <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
My problem is the following line:
<transport clientCredentialType="Certificate"/>
If I use this option and IIS is configured to accept but does not require client certificates, I get the following error:
The SSL settings for the SslRequireCert service do not match the IIS SslNegotiateCert settings.
Dull setting
<transport clientCredentialType="None"/>
Does not work. I'm sure the browser / client is sending the certificate, but OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.IsAuthenticated is False .
Is there another way to have two IIS websites, one configured to use SSL certificates and clients, and the other not?
Even if it is not. How to debug this in Visual Studio? Since at the moment when I need SSL client certificates, I can’t just start the web service. Visual Studio tries to access http://localhost/Foo.WCF.Service/debugattach.aspx and fails due to a missing client certificate.
dummy source share