Berico
asked on
WCF Certificate Authorization: How can I enable WCF Authorization based on authenticated certificates?
How, within a WCF Service, can I use ASP.NET roles (via the System.Web.Security.SqlRol eProvider and aspnetdb) where the identity is based on a certificate provided from the client?
I have truly researched this and am not able to successfully implement a solution. All authorization is based on my windows login.
CD
I have truly researched this and am not able to successfully implement a solution. All authorization is based on my windows login.
CD
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
For your first link, I did not install a CRL, which may answer another question that I posted on Friday: Why do revoked certificates continue to be authenticated.
The question at hand, though, is focused on Authorization based soley on certificates.
The question at hand, though, is focused on Authorization based soley on certificates.
ASKER
No matter what I try, the authorization continues to be windows-based.
My server-side config:
<system.serviceModel>
<services>
<service name="Test.ServiceImplemen
<endpoint address="http://localhost/Test.ServiceHost.WebCertificate/BasicCertService.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHt
contract="Test.ServiceCont
</endpoint>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_Certif
<security mode="Message">
<transport clientCredentialType="Cert
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="CertificateBehavior"
<!--<serviceMetadata httpsGetEnabled="true"/>--
<serviceMetadata httpsGetEnabled="true" httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFa
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode=
</clientCertificate>
<serviceCertificate findValue="TestServer5"
x509FindType="FindBySubjec
storeLocation="LocalMachin
storeName="My">
</serviceCertificate>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="U
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
My client-side config:
<system.serviceModel>
<client>
<endpoint name="CertificateServiceCl
address="http://TestServer/Test.ServiceHost.WebCertificate/BasicCertService.svc"
binding="wsHttpBinding"
bindingConfiguration="WSHt
contract="Test.ServiceCont
behaviorConfiguration="Cer
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</client>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_Certif
<security mode="Message">
<transport clientCredentialType="Cert
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="CertificateBehavior"
<clientCredentials>
<clientCertificate findValue="TestClient5"
x509FindType="FindBySubjec
storeLocation="LocalMachin
storeName="My"/>
<serviceCertificate>
<authentication certificateValidationMode=
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>