WCF Service and Two-way SSL
Hi All,
I have done web services before. I know a WCF Service is somewhat familiar to a .net 3.5 web service difference being more capabilities and contract usages.
However, one thing I really have not done are two-way SSL for a web service.
How do you setup a WCF Service to use x509 certifications?
I know I can do a makecert for my server machine? What cert store do I put that in?
Do I do something with the web.config file for my web service? Do I do anything in the code?
When a client that is consuming the web service executes I presume there is something that is done on their side to send the cert when they call the web service. Do I need that cert before they do anything?
At what point do I validate or verify the web service call from them as coming from a valid cert?
Any information on this would be greatly apprecated.
Code samples can be very useful as well.
Thanks
I have done web services before. I know a WCF Service is somewhat familiar to a .net 3.5 web service difference being more capabilities and contract usages.
However, one thing I really have not done are two-way SSL for a web service.
How do you setup a WCF Service to use x509 certifications?
I know I can do a makecert for my server machine? What cert store do I put that in?
Do I do something with the web.config file for my web service? Do I do anything in the code?
When a client that is consuming the web service executes I presume there is something that is done on their side to send the cert when they call the web service. Do I need that cert before they do anything?
At what point do I validate or verify the web service call from them as coming from a valid cert?
Any information on this would be greatly apprecated.
Code samples can be very useful as well.
Thanks
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
This isn't working. I am getting this when I try to add the reference:
There was no endpoint listening at https://192.168.0.4/TestService.svc that could accept the message. This is often caused by an incorrect address or SOAP action.
Any thoughts or ideas on how this could be resolved?
Server where WebService is web.config file.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Cert
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="behaviour">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFa
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="TestListService.ITes
<endpoint binding="wsHttpBinding"
contract="TestListService.
</endpoint>
<!--<endpoint address="mex" binding="mexHttpsBinding"
name="MetadataBinding" contract="IMetadataExchang
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAll
</system.webServer>
</configuration>
There was no endpoint listening at https://192.168.0.4/TestService.svc that could accept the message. This is often caused by an incorrect address or SOAP action.
Any thoughts or ideas on how this could be resolved?
Server where WebService is web.config file.
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="TransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Cert
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="behaviour">
<serviceMetadata httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFa
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="TestListService.ITes
<endpoint binding="wsHttpBinding"
contract="TestListService.
</endpoint>
<!--<endpoint address="mex" binding="mexHttpsBinding"
name="MetadataBinding" contract="IMetadataExchang
</service>
</services>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAll
</system.webServer>
</configuration>
ASKER
I had an site port that was "http" and I had the https. I got rid of the http one which just leave the https.
However, I now get this:
Service 'TestService' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element.
Anybody have any information on what can cause that?
However, I now get this:
Service 'TestService' has zero application (non-infrastructure) endpoints. This might be because no configuration file was found for your application, or because no service element matching the service name could be found in the configuration file, or because no endpoints were defined in the service element.
Anybody have any information on what can cause that?
ASKER
Ok, I got a little ways into this. I am able to seemingly get it so another server can access the Web Service. But now I'm getting this on an exception of calling one of the service methods.
The client certificate is not provided. specify a client certificate in clientcredentials.
I have the clientCredentials doing a FindByThumbnail and I am supplying the value of that thumbnail.
On the server even though I have the SSL using the certificate, I have in the web.config for it to use the servicecredential and using the FindByThumbnail on it and I have the Thumbnail of the certificate I applied with the SSL.
I have exported the SSL certificate from the server machine and I have imported it on the client machine.
I have expoerted the certificate from the client machine and I have imported it on the server machine.
I am still getting that cert issue on the client machine.
Any thoughts or ideas would be greatly appreciated. Anyone?
The client certificate is not provided. specify a client certificate in clientcredentials.
I have the clientCredentials doing a FindByThumbnail and I am supplying the value of that thumbnail.
On the server even though I have the SSL using the certificate, I have in the web.config for it to use the servicecredential and using the FindByThumbnail on it and I have the Thumbnail of the certificate I applied with the SSL.
I have exported the SSL certificate from the server machine and I have imported it on the client machine.
I have expoerted the certificate from the client machine and I have imported it on the server machine.
I am still getting that cert issue on the client machine.
Any thoughts or ideas would be greatly appreciated. Anyone?
On the server side, you will set up the binding as https and specify the certificate you would be using.
On the client side, you just use https binding and you don't need to do anything about the certificate. It is same as browsing a https web site.
On the client side, you just use https binding and you don't need to do anything about the certificate. It is same as browsing a https web site.
ASKER
But with mutual-authentication wouldn't the client side have to provide their certificate? As otherwise would it not just be one-way authentication?
ASKER
Anybody have any information on this?
I know if I set the security mode to transport and the transport being clientCredentialingType of "Certificate", the Required SSL needs to be checked.
But I cannot then do a Add Service Reference in a C# client app because it says there service returns a "Forbidden".
Any info would be greatly appeciated.
I know if I set the security mode to transport and the transport being clientCredentialingType of "Certificate", the Required SSL needs to be checked.
But I cannot then do a Add Service Reference in a C# client app because it says there service returns a "Forbidden".
Any info would be greatly appeciated.
ASKER
Anybody have any thoughts or ideas on this one. I'm a little stumped.
ASKER
Turns out this worked. Even though the technology is older working with what and how it processed ultimately lead to the solution.
Thanks!
Thanks!
C#
C# is an object-oriented programming language created in conjunction with Microsoft’s .NET framework. Compilation is usually done into the Microsoft Intermediate Language (MSIL), which is then JIT-compiled to native code (and cached) during execution in the Common Language Runtime (CLR).
98K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER