shekhar_shashi
asked on
WCF Security
I hate to post long messages on a disucssion forum but I dont think I have an option here.
I have a simple "Hello World" WCF service and a simple winform client. Everything is built using VS 2010 and .Net 4.0 and all applications run locally on my WinXP desktop.
My experiment is based on this link.
http://blogs.msdn.com/b/pedram/archive/2007/10/05/wcf-authentication-custom-username-and-password-validator.aspx
So I was trying to build this WCF service using custom authentication and self signed certificate.
The service app.config file reads.
...
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="fals e" logMessagesAtServiceLevel= "true" logMessagesAtTransportLeve l="false" maxMessagesToLog="3000" maxSizeOfMessageToLog="200 0"/>
</diagnostics>
<behaviors>
<serviceBehaviors>
<behavior name="CreditCardServiceBeh avior">
<serviceMetadata httpGetEnabled="true"/>
</behavior>
<behavior name="CustomValidator">
<serviceCredentials>
<serviceCertificate findValue="CIS525" storeLocation="CurrentUser " storeName="TrustedPeople" x509FindType="FindBySubjec tName"/>
<userNameAuthentication userNamePasswordValidation Mode="Cust om" customUserNamePasswordVali datorType= "Creditcar dValidatio nService.C IS525Authe nticator, CreditcardValidationServic e"/>
</serviceCredentials>
<serviceMetadata/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="Cus tomValidat or" name="CreditcardValidation Service.Va lidateCred itCardServ ice">
<endpoint address="base" binding="wsHttpBinding" bindingConfiguration=""
contract="CreditcardValida tionServic e.ICreditc ardValidat ionService " />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchang e" />
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/CreditCardValidationService" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="httpWithMessageSecur ity">
<security mode="None" >
<message clientCredentialType="User Name"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client/>
</system.serviceModel>
....
The client app.config reads:
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true " logMessagesAtServiceLevel= "true" logMessagesAtTransportLeve l="true"/>
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_ICredi tcardValid ationServi ce" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="St rongWildca rd" maxBufferPoolSize="524288" maxReceivedMessageSize="65 536" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="81 92" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="163 84"/>
<security mode="Message" >
<message clientCredentialType="User Name"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/CreditCardValidationService/base" binding="wsHttpBinding" bindingConfiguration="wsHt tpBinding_ ICreditcar dValidatio nService" contract="ValidateCreditCa rdServiceR eference.I Creditcard Validation Service" name="wsHttpBinding_ICredi tcardValid ationServi ce">
<identity>
<dns value="CIS525"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
I installed a self signed certificate in Trusted People store and also in trusted root certification authorities. Windows recognizes my certificate as valid when I open the certificate file.
My custom validator is like this.
namespace CreditcardValidationServic e
{
public class CIS525Authenticator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
//check for null user name and password
if (string.IsNullOrEmpty(user Name) || string.IsNullOrEmpty(passw ord))
throw new SecurityTokenException("Us ername and password required");
}
}
}
When I call my service from the client application, I get this error:
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
I dont know what I am doing wrong. Please help.
I have a simple "Hello World" WCF service and a simple winform client. Everything is built using VS 2010 and .Net 4.0 and all applications run locally on my WinXP desktop.
My experiment is based on this link.
http://blogs.msdn.com/b/pedram/archive/2007/10/05/wcf-authentication-custom-username-and-password-validator.aspx
So I was trying to build this WCF service using custom authentication and self signed certificate.
The service app.config file reads.
...
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="fals
</diagnostics>
<behaviors>
<serviceBehaviors>
<behavior name="CreditCardServiceBeh
<serviceMetadata httpGetEnabled="true"/>
</behavior>
<behavior name="CustomValidator">
<serviceCredentials>
<serviceCertificate findValue="CIS525" storeLocation="CurrentUser
<userNameAuthentication userNamePasswordValidation
</serviceCredentials>
<serviceMetadata/>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="Cus
<endpoint address="base" binding="wsHttpBinding" bindingConfiguration=""
contract="CreditcardValida
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchang
<host>
<baseAddresses>
<add baseAddress="http://localhost:8080/CreditCardValidationService" />
</baseAddresses>
</host>
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="httpWithMessageSecur
<security mode="None" >
<message clientCredentialType="User
</security>
</binding>
</wsHttpBinding>
</bindings>
<client/>
</system.serviceModel>
....
The client app.config reads:
<system.serviceModel>
<diagnostics>
<messageLogging logMalformedMessages="true
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding_ICredi
<readerQuotas maxDepth="32" maxStringContentLength="81
<security mode="Message" >
<message clientCredentialType="User
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost:8080/CreditCardValidationService/base" binding="wsHttpBinding" bindingConfiguration="wsHt
<identity>
<dns value="CIS525"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
I installed a self signed certificate in Trusted People store and also in trusted root certification authorities. Windows recognizes my certificate as valid when I open the certificate file.
My custom validator is like this.
namespace CreditcardValidationServic
{
public class CIS525Authenticator : UserNamePasswordValidator
{
public override void Validate(string userName, string password)
{
//check for null user name and password
if (string.IsNullOrEmpty(user
throw new SecurityTokenException("Us
}
}
}
When I call my service from the client application, I get this error:
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
I dont know what I am doing wrong. Please help.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.