I have implemented a WCF service and a client application for one of the projects for my employer and am currently facing a serious problem due to an element of the soap body. The problem is that the soap is not encrypted, and only the header is encrypted. Anyway, the soap request, webconfigs and the way I created the certificates are mentioned for your reference ...
WCF Server Configuration ......................
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpointBinding" >
<security>
<message clientCredentialType="Certificate" establishSecurityContext ="true" />
</security>
</binding>
</wsHttpBinding>
<customBinding>
<binding name="CustomBinding">
<textMessageEncoding messageVersion="Soap11" />
<security authenticationMode="MutualCertificate" requireDerivedKeys="false"
includeTimestamp="true" keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign" messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSecurityContextCancellation="false">
<secureConversationBootstrap />
</security>
<httpTransport />
</binding>
</customBinding>
</bindings>
<services>
<service name="mysvc.MySvc" behaviorConfiguration="mysvc.Service1Behavior">
<endpoint address="" binding="customBinding" bindingConfiguration ="CustomBinding" contract="mysvc.IMySvc" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress ="http://localhost:8888/" />
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="inspectorBehavior">
<consoleOutputBehavior />
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="mysvc.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<serviceCertificate findValue="WCfServerCert"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
WCF Client Configuration .....................
<system.serviceModel>
<bindings>
<customBinding>
<binding name="CustomBinding_IMySvc">
<security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificate"
requireDerivedKeys="false" securityHeaderLayout="Strict" includeTimestamp="true"
keyEntropyMode="ClientEntropy" messageProtectionOrder="EncryptBeforeSign"
messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
requireSignatureConfirmation="false">
<localClientSettings cacheCookies="true" detectReplays="true"
replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="Infinite"
replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00"
sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true"
timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" />
<localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00"
maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00"
negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00"
sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00"
reconnectTransportOnFailure="true" maxPendingSessions="128"
maxCachedCookies="1000" timestampValidityDuration="00:05:00" />
<secureConversationBootstrap />
</security>
<textMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16"
messageVersion="Soap11" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
</textMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288"
maxReceivedMessageSize="65536" allowCookies="false" authenticationScheme="Anonymous"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
keepAliveEnabled="true" maxBufferSize="65536" proxyAuthenticationScheme="Anonymous"
realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false"
useDefaultWebProxy="true" />
</binding>
</customBinding>
</bindings>
<client>
<endpoint address="http://localhost:8888/" binding="customBinding" behaviorConfiguration ="CustomBehavior"
bindingConfiguration="CustomBinding_IMySvc" contract="WCFProxy.IMySvc"
name="CustomBinding_IMySvc" >
<identity >
<dns value ="WCfServerCert"/>
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CustomBehavior">
<clientCredentials>
<clientCertificate findValue="WCfClientCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
<serviceCertificate>
<defaultCertificate findValue="WCfServerCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
<authentication certificateValidationMode="None"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors >
</system.serviceModel>
CERTIFICATE Certificate Generation Commands ...............................
makecert -n "CN = WCFServer" -r -sv WCFServer.pvk WCFServer.cer
makecert -n "CN = WCFClient" -r -sv WCFClient.pvk WCFClient.cer
makecert -sk WCFServerCert -iv d:\WCFServer.pvk -n "CN = WCFServerCert" -ic d:\WCFServer.cer -sr LocalMachine -ss My -sky exchange pe
makecert -sk WCFClientCert -iv d:\WCFClient.pvk -n "CN = WCFClientCert" -ic d:\WCFClient.cer -sr LocalMachine -ss My -sky exchange pe