WCF Service and Two-way SSL

Hi All,

I have done web services before. I know a WCF Service is somewhat familiar to a .net 3.5 web service difference being more capabilities and contract usages.

However, one thing I really have not done are two-way SSL for a web service.

How do you setup a WCF Service to use x509 certifications?

I know I can do a makecert for my server machine? What cert store do I put that in?

Do I do something with the web.config file for my web service? Do I do anything in the code?

When a client that is consuming the web service executes I presume there is something that is done on their side to send the cert when they call the web service. Do I need that cert before they do anything?

At what point do I validate or verify the web service call from them as coming from a valid cert?

Any information on this would be greatly apprecated.

Code samples can be very useful as well.

Thanks
LVL 1
davismAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rahul AgarwalTeam LeaderCommented:
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
davismAuthor Commented:
I have seen this on before but I wasn't sure if that was going to work. However, I am looking into this and will get to you asap.
0
davismAuthor Commented:
This isn't working. I am getting this when I try to add the reference:

There was no endpoint listening at https://192.168.0.4/TestService.svc that could accept the message. This is often caused by an incorrect address or SOAP action.

Any thoughts or ideas on how this could be resolved?

Server where WebService is web.config file.

<?xml version="1.0"?>
<configuration>
  <system.web>
    <compilation debug="true" targetFramework="4.0"/>
  </system.web>

  <system.serviceModel>

    <bindings>
      <wsHttpBinding>
        <binding name="TransportSecurity">
          <security mode="Transport">
            <transport clientCredentialType="Certificate"/>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="behaviour">
          <serviceMetadata   httpsGetEnabled="true"/>
          <serviceDebug includeExceptionDetailInFaults="true" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="TestListService.ITestservice" behaviorConfiguration="behaviour">
        <endpoint binding="wsHttpBinding"
               contract="TestListService.ITestService"  bindingConfiguration="TransportSecurity">
        </endpoint>
        <!--<endpoint address="mex" binding="mexHttpsBinding"
            name="MetadataBinding" contract="IMetadataExchange"/>-->
       
      </service>
    </services>
   
  </system.serviceModel>
 
   <system.webServer>
    <modules runAllManagedModulesForAllRequests="true"/>
  </system.webServer>

</configuration>
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

davismAuthor Commented:
I had an site port that was "http" and I had the https. I got rid of the http one which just leave the https.

However, I now get this:

Service 'TestService' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element.

Anybody have any information on what can cause that?
0
davismAuthor Commented:
Ok, I got a little ways into this. I am able to seemingly get it so another server can access the Web Service. But now I'm getting this on an exception of calling one of the service methods.

The client certificate is not provided. specify a client certificate in clientcredentials.

I have the clientCredentials doing a FindByThumbnail and I am supplying the value of that thumbnail.

On the server even though I have the SSL using the certificate, I have in the web.config for it to use the servicecredential and using the FindByThumbnail on it and I have the Thumbnail of the certificate I applied with the SSL.

I have exported the SSL certificate from the server machine and I have imported it on the client machine.

I have expoerted the certificate from the client machine and I have imported it on the server machine.

I am still getting that cert issue on the client machine.

Any thoughts or ideas would be greatly appreciated. Anyone?
0
SriVaddadiCommented:
On the server side, you will set up the binding as https and specify the certificate you would be using.

On the client side, you just use https binding and you don't need to do anything about the certificate. It is same as browsing a https web site.
0
davismAuthor Commented:
But with mutual-authentication wouldn't the client side  have to provide their certificate? As otherwise would it not just be one-way authentication?
0
davismAuthor Commented:
Anybody have any information on this?

I know if I set the security mode to transport and the transport being clientCredentialingType of "Certificate", the Required SSL needs to be checked.

But I cannot then do a Add Service Reference in a C# client app because it says there service returns a "Forbidden".

Any info would be greatly appeciated.
0
davismAuthor Commented:
Anybody have any thoughts or ideas on this one. I'm a little stumped.
0
davismAuthor Commented:
Turns out this worked. Even though the technology is older working with what and how it processed ultimately lead to the solution.

Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
WCF

From novice to tech pro — start learning today.