Marlon Umali
asked on
WCF {error: (403) Forbidden. The HTTP request was forbidden with client authentication scheme 'Anonymous'} using basicHttpBinding with Transport and Certificate Credential
I get the WCF error "{"The remote server returned an error: (403) Forbidden."} The HTTP request was forbidden with client authentication scheme 'Anonymous'." when using basicHttpBinding with Transport security and certificate credential. My service is in amazon ec2 instance and my client app remotely connect to it over the internet. I am able to connect to the wcf service if I my Transport credential is set to "None" in both the web.config of the service and app.config of the client. My service certificate is like "www.example.com" is installed on amazon ec2 "local machine store" and "Personal Folder". My client app certificate is just a self-signed certificate which I installed to its "local machine and Personal Folder" and also to the "Trusted People store" in the amazon ec2 instance where my wcf service is. I have also setup "https" to my IIS site bindings and I can reach the site through like "https://www.example.com"
Below is the web.config, app.config, and the code I have on the client app.
Service Web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_Con fig" >
<security mode="Transport">
<transport clientCredentialType="Cert ificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyProject.MyService" >
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="basi cHttpBindi ng_Config"
contract="MyService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchang e" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFa ults="true "/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode= "PeerOrCha inTrust" trustedStoreLocation="Loca lMachine"/ >
</clientCertificate>
<serviceCertificate findValue="www.example.com" x509FindType="FindBySubjec tName" storeLocation="LocalMachin e" storeName="My" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnable d="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAll Requests=" true"/>
</system.webServer>
</configuration>
Client app.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_Con fig" >
<security mode="Transport">
<transport clientCredentialType="Cert ificate"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www.example.com/sub/Service1.svc"
binding="basicHttpBinding" bindingConfiguration="basi cHttpBindi ng_Config"
contract="ServiceReference 1.MyServic e" name="BasicHttpBinding_MyS ervice" />
</client>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<clientCertificate findValue="clientKey"
storeLocation="LocalMachin e"
storeName="My"
x509FindType="FindBySubjec tName" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Client App Console Code:
static void Main(string[] args)
{
System.Net.ServicePointMan ager.Serve rCertifica teValidati onCallback += delegate { return true; };
ServiceReference1.MyServic eClient client = new ServiceReference1.MyServic eClient();
string[] a = client.GetMethods(ref mh);
foreach (string s in a)
{
Console.WriteLine(s);
}
Console.ReadKey();
}
I did look to other similar issues but none has solve it yet, I'm continuously searching for the right solutions, I appreciate any help or advice from anyone.
Below is the web.config, app.config, and the code I have on the client app.
Service Web.config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_Con
<security mode="Transport">
<transport clientCredentialType="Cert
</security>
</binding>
</basicHttpBinding>
</bindings>
<services>
<service name="MyProject.MyService"
<endpoint address="" binding="basicHttpBinding"
contract="MyService" />
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchang
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFa
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode=
</clientCertificate>
<serviceCertificate findValue="www.example.com" x509FindType="FindBySubjec
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAll
</system.webServer>
</configuration>
Client app.config:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="basicHttpBinding_Con
<security mode="Transport">
<transport clientCredentialType="Cert
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://www.example.com/sub/Service1.svc"
binding="basicHttpBinding"
contract="ServiceReference
</client>
<behaviors>
<endpointBehaviors>
<behavior>
<clientCredentials>
<clientCertificate findValue="clientKey"
storeLocation="LocalMachin
storeName="My"
x509FindType="FindBySubjec
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Client App Console Code:
static void Main(string[] args)
{
System.Net.ServicePointMan
ServiceReference1.MyServic
string[] a = client.GetMethods(ref mh);
foreach (string s in a)
{
Console.WriteLine(s);
}
Console.ReadKey();
}
I did look to other similar issues but none has solve it yet, I'm continuously searching for the right solutions, I appreciate any help or advice from anyone.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.