Click here to Skip to main content
15,851,335 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
The client certificate is not provided.

I keep getting this error on the client side when attempting to use a client cert for a WCF Webservice hosted in IIS configured with a temp cert.

When security mode is set to none, everything works, however, the client doens't require a cert!
Posted
Updated 20-Dec-10 12:07pm
v4
Comments
Abdul Quader Mamun 16-Dec-10 14:07pm    
Use pre tag.

1 solution

The solution was found in a combination of steps from two useful articles found on CodePlex that shows creating certs, assigning permissions and web.config settings for client and server.

Server Article
How To: Create and Install Temporary Certificates in WCF for Message Security During Development

http://wcfsecurity.codeplex.com/wikipage?title=How%20To%20-%20Create%20and%20Install%20Temporary%20Certificates%20in%20WCF%20for%20Message%20Security%20During%20Development&referringTitle=How%20To%20-%20Use%20Certificate%20Authentication%20and%20Message%20Security%20in%20WCF%20calling%20from%20Windows%20Forms

Client Article
How To – Use Certificate Authentication and Message Security in WCF calling from Windows Forms

http://wcfsecurity.codeplex.com/wikipage?title=How%20To%20-%20Use%20Certificate%20Authentication%20and%20Message%20Security%20in%20WCF%20calling%20from%20Windows%20Forms

Server Steps
On Server, make CA
makecert -n "CN=RootCAMyCompanyName" -r -sv RootCAMyCompanyName.pvk RootCAMyCompanyName.cer

password: aSuperSecretPassword19

On Server, import into RootCAMyCompanyName.cer into Trusted Root Certification Authorities

On Server, Make Cert
makecert -sk MyCompanyNameKey -iv RootCAMyCompanyName.pvk -n "CN=MyCompanyNameCert" -ic RootCAMyCompanyName.cer -sr localmachine -ss my -sky exchange -pe MyCompanyNameCert.cer

On Server, Find Private Key
FindPrivateKey.exe My LocalMachine –n "CN=MyCompanyNameCert"

On Server, Grant Access to Private Key, note switches at end of statement
cacls.exe "C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\Machinekeys\abc57b73466481beba7b0e1b5781db81_c225a308-d2ad-4e58-91a8-6e87f354b030" /E /G "NT AUTHORITY\NETWORK SERVICE":R

Service Web.config
<system.serviceModel>

<bindings>
<wsHttpBinding>
<binding name="Binding1">
<security mode="Message">
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>

<services>
<service name="TestService.Service1" behaviorConfiguration="ServiceBehavior1" >
<endpoint
name="wsHttpEndpoint"
address=""
binding="wsHttpBinding"
bindingConfiguration="Binding1"
contract="TestService.IService1">
<identity>
<dns value="MyCompanyNameCert"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>

<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior1">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication revocationMode="NoCheck"/>
</clientCertificate>
<serviceCertificate findValue="CN=MyCompanyNameCert"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="EndpointBehavior1">
<clientCredentials>
<serviceCertificate>
<authentication revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>

<client>
<endpoint behaviorConfiguration="EndpointBehavior1" />
</client>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
--


Client Steps

On client, Copy the root CA certificate (RootCAMyCompanyName.cer) and privatekeyfile (RootCAMyCompanyName.pvk) to the client machine.

On client, Import RootCAMyCompanyName.cer into Trusted Root Certificate Authorities

On client, create client cert
makecert -sk MustBeUniqueKey -iv RootCAMyCompanyName.pvk -n "CN=MyCompanyNameCert" -ic RootCAMyCompanyName.cer -sr localmachine -ss my -sky exchange -pe MyCompanyNameCert.cer

Client Web.config

<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="Behavior1">
<clientCredentials>
<clientCertificate findValue="CN=MyCompanyNameCert" storeLocation="LocalMachine"/>
<serviceCertificate>
<authentication revocationMode="NoCheck"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="wsHttpEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false"
transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://wcfcerttest.com/Service1.svc"
binding="wsHttpBinding"
behaviorConfiguration="Behavior1"
bindingConfiguration="wsHttpEndpoint"
contract="ServiceReference1.IService1"
name="wsHttpEndpoint">
<identity>
<dns value="MyCompanyNameCert"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
 
Share this answer
 
v4
Comments
Member 11102521 24-Sep-14 3:14am    
unable to access wcf service as error Remain the Same 'Client certificate is not provided'

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900