Click here to Skip to main content
11,789,424 members (47,712 online)
Rate this: bad
Please Sign up or sign in to vote.
I created a self-hosted WCF service and client on 2 different development machines on a LAN, and used basicHttpBinding in order to test connectivity and functionality. The tests were successful.

My goal is to use wsHttpBinding with TransportWithMessageCredential security, and clientCredentialType certificate.

I thus created the following app.config file for the service:

<?xml version="1.0"?>
        <behavior name="ServiceBehavior">
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
              <authentication certificateValidationMode="PeerTrust"/>
            <serviceCertificate findValue="WCFServer" 
      <binding name="wsHttpEndpointBinding">
        <security mode="TransportWithMessageCredential">
        <message clientCredentialType="Certificate"/>
      <service name="WCFServiceHost.Operations" behaviorConfiguration="ServiceBehavior">
        <endpoint name="wsHttpEndpoint" address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"   contract="WCFServiceHost.IOperations">
        <endpoint name="mexHttpEndpoint" address="mex" binding="mexHttpsBinding" contract="IMetadataExchange">
            <add baseAddress=""/>
    <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0"/>

I created 2 certificates (WCFServer and WCFClient) on the server in accordance with
and exported the WCFClient certificate on the server machine, and imported it on the client machine.

I also added the ssl certificate binding on the server machine using netsh.

I am able to create an instance of the ServiceHost with Service, with the modified app.config.

I created the following app.config for the client:

<?xml version="1.0" encoding="utf-8" ?>
        <behavior name="EndpointBehavior">
            <clientCertificate storeLocation="LocalMachine"
                       findValue="WCFClient" />
              <authentication certificateValidationMode="PeerTrust" />
        <binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
            receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
            transactionFlow="false" hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
            enabled="false" />
          <security mode="TransportWithMessageCredential">
            <transport clientCredentialType="None" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="Certificate" negotiateServiceCredential="true"
              algorithmSuite="Default" />
      <endpoint address=""
          binding="wsHttpBinding" bindingConfiguration="wsHttpEndpoint"
          contract="WCFService.IOperations" name="wsHttpEndpoint">
          <dns value="WCFServer" />

I then updated the Service Reference.
The update procedure issued a Security Alert, which is most likely related to the subsequent issue described below, and which I have not been able to resolve.

I ignored the Security Alert and continued. The Service Reference was updated.

I then executed the client, and received this error:

"The client certificate is not provided. Specify a client certificate in ClientCredentials."

After stepping through code, I noticed on "client = new WCFService.Client();" that the value of client.ClientCredentials.ClientCertificate.Certificate = null.

I then added the following in code after "client = new WCFService.Client();":

X509Store store = new X509Store("My", StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadOnly | OpenFlags.OpenExistingOnly);
X509Certificate2Collection collection = (X509Certificate2Collection)store.Certificates;
foreach (X509Certificate2 x509 in collection)
	if (x509.Thumbprint == "236D7D4AD91234B8F22D3781D61AACB56788E1B5")
			x509.SubjectName.Name, store.Location, StoreName.My);

After execution of this code, client.ClientCredentials.ClientCertificate.Certificate contains the certificate.

Upon executing "client.Open();" , an exception is thrown with the following contents.

The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
The remote certificate is invalid according to the validation procedure.
Could not establish trust relationship for the SSL/TLS secure channel with authority

If anyone with knowledge of how I may approach resolution of the above issues can assist, I will be most grateful.

Thank you, Ol.
Posted 18-Jan-13 0:59am

1 solution

Rate this: bad
Please Sign up or sign in to vote.

Solution 1

Well, it's a bit late but establishSecurityContext="true" might be the solution.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 929
1 Maciej Los 765
2 KrunalRohit 666
3 CPallini 606
4 Richard MacCutchan 420

Advertise | Privacy | Mobile
Web01 | 2.8.1509028.1 | Last Updated 26 Nov 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100