Click here to Skip to main content
11,437,816 members (30,330 online)
Rate this: bad
good
Please Sign up or sign in to vote.
See more: WCF Policy
HI All,

I am facing an issue regarding the WCF certificates.
I have created certificates and stored in my local machine as well as in Trusted root folder.
I have applied custom binding in my WCF Web.Config file.
Kindly help its urgent...Thanks in advance.


Here is the web.config file.

<configuration>
  <appSettings/>
  <connectionStrings/>
  <system.web>
    <compilation debug="true" targetFramework="4.0"/>
    <!--
        The <authentication> section enables configuration 
        of the security authentication mode used by 
        ASP.NET to identify an incoming user. 
    -->
    <authentication mode="Windows"/>
    <!--
        The <customErrors> section enables configuration 
        of what to do if/when an unhandled error occurs 
        during the execution of a request. Specifically, 
        it enables developers to configure html error pages 
        to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
         <error statusCode="403" redirect="NoAccess.htm" />
         <error statusCode="404" redirect="FileNotFound.htm" />
        </customErrors>
    -->
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
  </system.web>
  <!-- 
      The system.webServer section is required for running ASP.NET AJAX under Internet
      Information Services 7.0.  It is not necessary for previous version of IIS.
  -->
  <system.serviceModel>
    <services>
      <service name="WcfServicetoConcat.Service1" behaviorConfiguration="WcfServicetoConcat.Service1Behavior">
        <!-- Service Endpoints -->
        <endpoint address="" binding="customBinding" bindingConfiguration="PolicyBinding" contract="WcfServicetoConcat.IService1">
          <!-- 
              Upon deployment, the following identity element should be removed or replaced to reflect the 
              identity under which the deployed service runs.  If removed, WCF will infer an appropriate identity 
              automatically.
          -->
          <identity>
            <!--<dns value="localhost"/>-->
            <certificateReference findValue="WCfServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
          </identity>
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="WcfServicetoConcat.Service1Behavior">
          <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
          <serviceMetadata httpGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode ="PeerTrust"/>
            </clientCertificate>
            <serviceCertificate findValue="WCfServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding">
          <security>
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
 
      <customBinding>
        <binding name="PolicyBinding">
          <transactionFlow transactionProtocol="WSAtomicTransactionOctober2004"/>
          <security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificate" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireSignatureConfirmation="true">
            <secureConversationBootstrap/>
          </security>
          <mtomMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" maxBufferSize="2147483647" writeEncoding="utf-8">
            <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
          </mtomMessageEncoding>
          <httpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/>
        </binding>
      </customBinding>
      
    </bindings>
    
  </system.serviceModel>
</configuration>

Client Web.config file


<configuration>
  <appSettings/>
  <connectionStrings/>
  <system.web>
    <compilation debug="true" targetFramework="4.0"/>
    <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
    <authentication mode="Windows"/>
    <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
 
        <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm">
            <error statusCode="403" redirect="NoAccess.htm"/>
            <error statusCode="404" redirect="FileNotFound.htm"/>
        </customErrors>
        -->
    <pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
  </system.web>
  <!-- 
        The system.webServer section is required for running ASP.NET AJAX under Internet
        Information Services 7.0.  It is not necessary for previous version of IIS.
    -->
  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
          openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
          bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
          maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom"
          textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
            maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
            enabled="false" />
          <security mode="Message">
            <transport clientCredentialType="Windows" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="Certificate" negotiateServiceCredential="true"
              algorithmSuite="Default" />
          </security>          
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="http://inbom1-w0040.mcint.local/WCFService/Service1.svc"
        binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
        contract="WCFService.IService1" name="WSHttpBinding_IService1" behaviorConfiguration="ClientCert">
        <identity>
          <certificate encodedValue="AwAAAAEAAAAUAAAAMkf8a3FWNN+RnQynuNXaS1KCMD0gAAAAAQAAAPwBAAAwggH4MIIBYaADAgECAhB9by+wm+d+vkI71UqWf8hwMA0GCSqGSIb3DQEBBAUAMBUxEzARBgNVBAMTClJvb3RDQVRlc3QwHhcNMTMwMTI4MDUyMDMyWhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlXQ2ZTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMz9tAEOxFyLnk4JrLEmXP+anZ+LNHex0m3lU4WZ/i70Sr4SU04gu/bH42HveLrbhfOPRVAcqp+2STBKQmwNoTELx8EuP8sqtrX2abncbxMh4mM+4v8lLPsVSop8Pr/qb+T9FtSZu+KUFKZFYdmG1Bht954QC1A3RrzAKYry7sD/AgMBAAGjSjBIMEYGA1UdAQQ/MD2AEALyFbbJwckwFdikG7azmiGhFzAVMRMwEQYDVQQDEwpSb290Q0FUZXN0ghC2nVqXi142i03XiRUwYKbsMA0GCSqGSIb3DQEBBAUAA4GBAC3rBQWRz4/Fln7ovKxg8NA1QhFsOp1nSpxCo9Av8XqmsUPt+CHbQ/857I8/KFubttprjuOsdR/XZqEaCsXlecvW7L3PpixL+ZqDTFJAxzpxCplBomFITTJ+tY8/Y/Fu0gXuMljqtKQqXZDvuliBPDODxEoojhLwT6x3LhoyyBCb" />
        </identity>
      </endpoint>
    </client>
    <behaviors>      
      <endpointBehaviors>
        <behavior name="ClientCert">
          <clientCredentials>
            <clientCertificate findValue="WcfClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
            <serviceCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </serviceCertificate>            
          </clientCredentials>             
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>

Error in IE
An error occurred when verifying security for the message.


i get the following exception from event veiwer

Exception information:
Exception type: SecurityNegotiationException
Exception message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.


After enabling the WCF trace i have found the below error

Excpetion type :System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Message :Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security


Kindly help
Posted 28-Jan-13 21:16pm
Edited 28-Jan-13 23:35pm
v11

1 solution

Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

Hi,

After lot of pain ... i finaaly made the code working..
i dont know if its kind of right solution but itsurely worked for me..


i have just copied the customBinding of my server webconfig to client web config.
and changed the endpoint address to use custom binding.
Thats it.

Please le me know if some one is of different opinion ...


Thanks a lot for those who have atleast viewed the problem..

Cheers !!!
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



Advertise | Privacy | Mobile
Web04 | 2.8.150506.1 | Last Updated 1 Feb 2013
Copyright © CodeProject, 1999-2015
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100