I have a WCF application hosted on IIS 6 that needs to
- You have two-way SSL authentication.
- Verify the contents of the client certificate with some client host information
- Confirmation of a client certificate is issued by a valid subcategory.
I could do 1) successfully. I am trying to achieve 2) and 3) by following this - basically by creating a class that inherits the X509CertificateValidator and overrides the Validate method with my own validation implementation (steps 2 and 3). However, I followed the MSDN instructions, but it looks like the Validate method is not being called. I intentionally throw a SecurityAccessDeniedException in an overridden Validate method, and no exception is thrown when trying to access the service through my browser. I can still access my site with any client certificate.
I also read this topic , but it did not help. Any help would be greatly appreciated!
Here is my configuration:
<system.serviceModel>
<services>
<service behaviorConfiguration="SimpleServiceBehavior"
name="SampleNameSpace.SampleClass">
<endpoint address=""
binding="basicHttpBinding"
bindingConfiguration="NewBinding0"
contract="SampleNameSpace.ISampleClass" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="SimpleServiceBehavior">
<serviceMetadata httpsGetEnabled="true" policyVersion="Default" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="Custom" customCertificateValidatorType="SampleNameSpace.MyX509CertificateValidator, SampleAssembly"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="NewBinding0">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>