How to configure service reference to point to Https, with MutualSSL setup? - wcf

In my project I recently changed my WCF service to use Https. It is configured to be a mutual ssl setup and the client and server certificates are both installed appropriately. Server side looks fine and even started fine in the browser as shown below.
However, when trying to configure the service reference from the WPF client side (service proxy that was previously added and generated). I get a 403 forbidden error code as shown below. Any idea why?
Here are my configurations.
WCF Server Side Config
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
</appSettings>
<system.web>
<compilation debug="true" targetFramework="4.5.2" />
<httpRuntime targetFramework="4.5.2" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" x509FindType="FindByIssuerName" findValue="QuickFire Root Authority" />
</serviceCredentials>
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service name="PushNotification_SignalR_PoC.WCF.PushNotificationService">
<endpoint binding="wsHttpBinding" bindingConfiguration="MutualSslLargeMessageBinding" contract="PushNotification_SignalR_PoC.WCF.IPushNotificationService" />
</service>
</services>
<bindings>
<wsHttpBinding>
<binding name="MutualSslLargeMessageBinding" maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate"></transport>
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<add binding="basicHttpsBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true" />
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
WPF Client Side Config
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<startup>
<supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
</startup>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WsHttpBinding_IPushNotificationService"
closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:30:00" sendTimeout="00:01:00"
allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://localhost:44367/PushNotificationService.svc"
binding="wsHttpBinding" bindingConfiguration="WsHttpBinding_IPushNotificationService"
contract="ServiceProxy.IPushNotificationService" name="WsHttpBinding_IPushNotificationService" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="MutualSslBehavior">
<clientCredentials>
<clientCertificate storeLocation="CurrentUser" x509FindType="FindBySubjectName" findValue="QuickFire Test Client"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

If we want to call the service by adding service reference, we should add the MEX endpoint in the service endpoints on the server side. It could exchange metadata of the service over all platforms.
Like below,
<services>
<service name="PushNotification_SignalR_PoC.WCF.PushNotificationService">
<endpoint binding="wsHttpBinding" bindingConfiguration="MutualSslLargeMessageBinding" contract="PushNotification_SignalR_PoC.WCF.IPushNotificationService" />
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"></endpoint>
</service>
</services>
For details,
https://learn.microsoft.com/en-us/dotnet/framework/wcf/extending/how-to-configure-a-custom-ws-metadata-exchange-binding
Feel free to let me know if there is anything I can help with.

Related

A binding instance has already been associated to listen URI .after moving from .NET 4.0 to 4.5

After 3 days of never ending search I am posting this. Please help. The following is the config file I have. There is only one endpoint specified , but its saying there is a conflict in the endpoints. Please help me rectifying this conflict.
System.InvalidOperationException: A binding instance has already been
associated to listen URI
'http://dd.myserver.net/MyWebService/MyService'. If two endpoints want
to share the same ListenUri, they must also share the same binding
object instance. The two conflicting endpoints were either specified
in AddServiceEndpoint() calls, in a config file, or a combination of
AddServiceEndpoint() and config.
<?xml version="1.0"?>
<configuration>
<appSettings>
<add key="aspnet:UseTaskFriendlySynchronizationContext" value="true"/>
<add key="wcf:webservicehost:enableautomaticendpointscompatability" value="true"/>
</appSettings>
<system.web>
<compilation debug="true" strict="false" explicit="true" targetFramework="4.5"/>
<httpRuntime targetFramework="4.5"/>
<authentication mode="None"/>
<customErrors mode="Off"/>
</system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="ServiceBehavior" name="MyRESTService.MyService">
<endpoint address="" behaviorConfiguration="web" binding="webHttpBinding" contract="MyRESTService.IMyService" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp />
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647"/>
<security mode="None">
</security>
</binding>
</webHttpBinding>
</bindings>
<protocolMapping>
<add binding="webHttpBinding" scheme="http"/>
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="false"/>
</system.webServer>
</configuration>
Finally I resolved the error given by one guy [https://stackoverflow.com/questions/12643113/wcf-conflicting-endpoints-after-net-4-5-installation/39394010]
I have just removed the security tag inside
before
<webHttpBinding>
<binding maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647"/>
<security mode="None">
</security>
</binding>
</webHttpBinding>
After
<webHttpBinding>
<binding maxReceivedMessageSize="2147483647" maxBufferPoolSize="2147483647" maxBufferSize="2147483647">
<readerQuotas maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647"/>
</binding>
</webHttpBinding>
This little thing took me 3 days of search. thanks to stackoverflow.

transfert large file with wcf service

I want to run a WCF service file transfer
my problem is when sending a large file, I get this exception message ProtocolException
(413) Request Entity Too Large.
this is my configuration
I found this code on the internet, so I'm not sure that it works
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime executionTimeout="999999" maxRequestLength="2097151" />
</system.web>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior>
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<services>
<service name="BasicHttpBinding_ITransferService">
<endpoint
binding="basicHttpBinding" contract="ITransferService"
bindingConfiguration="BasicHttpBinding_ITransferService" />
</service>
</services>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ITransferService" closeTimeout="04:01:00"
openTimeout="04:01:00" receiveTimeout="04:10:00" sendTimeout="04:01:00"
allowCookies="false" bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferSize="2147483647" maxBufferPoolSize="2147483647"
maxReceivedMessageSize="2147483647"
messageEncoding="Mtom" textEncoding="utf-8"
transferMode="Streamed"
useDefaultWebProxy="true">
<readerQuotas maxDepth="128"
maxStringContentLength="2147483647" maxArrayLength="2147483647"
maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</binding>
</basicHttpBinding>
</bindings>
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
<directoryBrowse enabled="true"/>
</system.webServer>
</configuration>
I'd try to send a file part by part.
Your API could be sth like this:
byte[] GetFile (string FileID, int startByte, int bytes, ...)
That way you can easily resume transfer after error, you don't need to worry about timeouts, etc.

WCF streaming large file

I read this article http://www.codeproject.com/Articles/166763/WCF-Streaming-Upload-Download-Files-Over-HTTP to upload large file via WCF.
I've created the same configuration but I've just upload file 48kb even I added attribute maxReceivedMessageSize ="2147483647". When I try to upload file over 48kb I got an error
The remote server returned an error: (413) Request Entity Too
Large.
Did I get wrong or miss something? Below is my config
Server config:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime executionTimeout="4800" maxRequestLength="2097150"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<!--BINDING-->
<bindings>
<basicHttpBinding>
<binding name="TransferService"
closeTimeout="00:10:00"
maxBufferPoolSize="2147483647"
maxBufferSize="2147483647"
maxReceivedMessageSize ="2147483647"
openTimeout="00:10:00"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
messageEncoding="Text"
transferMode="Streamed"
>
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"
maxArrayLength="2147483647"/>
</binding>
</basicHttpBinding>
</bindings>
<!--SERVICE-->
<services>
<service name="TransferService.TransferService"
behaviorConfiguration="TransferServiceBehavior" >
<endpoint
address=""
binding="basicHttpBinding"
bindingConfiguration="TransferService"
contract="TransferService.ITransferService" >
</endpoint>
</service>
</services>
<!--BEHAVIOR-->
<behaviors>
<serviceBehaviors>
<behavior name="TransferServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483647" />
<serviceThrottling maxConcurrentCalls="500" maxConcurrentSessions="500" maxConcurrentInstances="500" />
</behavior>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="false" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="500000000"></requestLimits>
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Web client config:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="BasicHttpBinding_ITransferService" />
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpBinding_ITransferService"
address="http://localhost/transfer/TransferService.svc"
binding="basicHttpBinding"
bindingConfiguration="BasicHttpBinding_ITransferService"
contract="TransferService.ITransferService" />
</client>
</system.serviceModel>
Please suggest any solutions.
Thanks in advance
Now I've changed config as your suggest but it's still raise the same error 400 or 413. Below is my test project. I don't know reason why? (Environment: Window 7 Pro 64 bit, IIS7 , WCF 4.0)
https://skydrive.live.com/redir?resid=BFE92959302FBAA0!105&authkey=!ANO_URChpql9gKE
I'm spent two week to research and but it's the same error.
Please help me. Thanks in advance.
Well, the client config must also define the same binding configuration (with the larger transfer size), and specify that binding configuration in its endpoint configuration!
So change your client side config to:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="TransferService"
closeTimeout="00:10:00"
maxBufferPoolSize="2147483647"
maxBufferSize="2147483647"
maxReceivedMessageSize ="2147483647"
openTimeout="00:10:00"
receiveTimeout="00:10:00"
sendTimeout="00:10:00"
messageEncoding="Text"
transferMode="Streamed"
>
<readerQuotas
maxDepth="2147483647"
maxStringContentLength="2147483647"
maxBytesPerRead="2147483647"
maxNameTableCharCount="2147483647"
maxArrayLength="2147483647"/>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint name="BasicHttpBinding_ITransferService"
address="http://localhost/transfer/TransferService.svc"
binding="basicHttpBinding"
bindingConfiguration="TransferService"
contract="TransferService.ITransferService" />
</client>
</system.serviceModel>
and then you should have the same settings on the client and the server, and then those settings would become useful !
I checked your project, replace your webconfig with this and update the service reference try again,
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
<httpRuntime executionTimeout="4800" maxRequestLength="2097150"/>
</system.web>
<system.serviceModel>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<!--BINDDING-->
<bindings>
<basicHttpBinding>
</basicHttpBinding>
<customBinding>
<binding name="LargeSilverlight" closeTimeout="00:21:00" openTimeout="00:20:00"
receiveTimeout="00:20:00" sendTimeout="00:50:00">
<textMessageEncoding maxReadPoolSize="2147483647" maxWritePoolSize="2147483647">
<readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"
maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
</textMessageEncoding>
<httpTransport maxBufferPoolSize="2147483647" maxReceivedMessageSize="2147483647"
maxBufferSize="2147483647" />
</binding>
</customBinding>
</bindings>
<client>
</client>
<!--SERVICE-->
<services>
<service name="TransferService.TransferService" behaviorConfiguration="SilverlightWCFLargeDataApplication" >
<endpoint address="" binding="customBinding" bindingConfiguration="LargeSilverlight" behaviorConfiguration="SilverlightWCFLargeDataApplication" contract="TransferService.ITransferService" >
</endpoint>
</service>
</services>
<!--BEHAVIOR-->
<behaviors>
<serviceBehaviors>
<behavior name="SilverlightWCFLargeDataApplication">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="SilverlightWCFLargeDataApplication">
<dataContractSerializer maxItemsInObjectGraph="2147483647"/>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
<system.webServer>
<security>
<requestFiltering>
<requestLimits maxAllowedContentLength="500000000"></requestLimits>
</requestFiltering>
</security>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
I am facing Same Problem. and I am used this code in config File then I am able to upload 25MB file
try this
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="webserviceMOSSuiteSoap"
closeTimeout="00:01:00"
maxBufferPoolSize="20000000"
maxBufferSize="20000000"
maxReceivedMessageSize="20000000"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
messageEncoding="Text"
transferMode="Buffered"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
textEncoding="utf-8"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32"
maxStringContentLength="20000000"
maxArrayLength="20000000"
maxBytesPerRead="20000000"
maxNameTableCharCount="20000000"/>
<security mode="None">
<transport clientCredentialType="None"
proxyCredentialType="None"
realm=""/>
<message clientCredentialType="UserName"
algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://localhost/WebServiceConnect/webservice.asmx"
binding="basicHttpBinding"
bindingConfiguration="webserviceMOSSuiteSoap"
contract="ServiceReference1.webserviceMOSSuiteSoap"
name="webserviceMOSSuiteSoap"/>
</client>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true"
multipleSiteBindingsEnabled="true"/>
</system.serviceModel>

WCF - Message credential vs TransportWithMessageCredential certificate verification

I'm having an interesting issue setting up a WCF service message credential security. I'm getting this exception on my client side:
An unhandled exception of type 'System.InvalidOperationException' occurred in mscorlib.dll
Additional information: The service certificate is not provided for target 'http://myMachine/SPTestService/Service1.svc'. Specify a service certificate in ClientCredentials.
This leads me to believe that I need to specify a server cert in my client config, but I'm not sure why. This should be using ChainTrust. Interestingly enough, when I switch it over to TransportWithMessageCredential (so it's working over SSL), it works, and correctly verifies the message credential as well. Is this a WCF bug? Fortunately, TransportWithMessageCredential was where I was heading, so I'll accelerate that process.
Using only Message credential, my configs look like this:
Client:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="serviceBehavior">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine"
findValue="CN=myCert" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="serviceEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Message">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="http://myMachine/SPTestService/Service1.svc"
behaviorConfiguration="serviceBehavior"
binding="basicHttpBinding" bindingConfiguration="serviceEndpoint"
contract="ServiceReference2.IService1" name="serviceEndpoint" />
</client>
</system.serviceModel>
</configuration>
Service:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="serverBinding" messageEncoding="Mtom">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
<serviceCredentials>
<serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="CN=myCert" />
<clientCertificate>
<authentication revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="serviceBehavior" name="SPTestService.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="serverBinding" name="serviceEndpoint" contract="SPTestService.IService1" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>
Using TransportWithMessage, my configs look like this:
Client:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name="serviceBehavior">
<clientCredentials>
<clientCertificate storeName="My" storeLocation="LocalMachine"
findValue="CN=myCert" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<basicHttpBinding>
<binding name="serviceEndpoint" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://myMachine/SPTestService/Service1.svc"
behaviorConfiguration="serviceBehavior"
binding="basicHttpBinding" bindingConfiguration="serviceEndpoint"
contract="ServiceReference2.IService1" name="serviceEndpoint" />
</client>
</system.serviceModel>
</configuration>
Service:
<?xml version="1.0"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="serverBinding" messageEncoding="Mtom">
<security mode="TransportWithMessageCredential">
<message clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="serviceBehavior">
<serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" />
<serviceDebug includeExceptionDetailInFaults="true" />
<dataContractSerializer maxItemsInObjectGraph="2147483646" />
<serviceCredentials>
<serviceCertificate storeName="My" storeLocation="LocalMachine" findValue="CN=myCert" />
<clientCertificate>
<authentication revocationMode="NoCheck"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<service behaviorConfiguration="serviceBehavior" name="SPTestService.Service1">
<endpoint address="" binding="basicHttpBinding" bindingConfiguration="serverBinding" name="serviceEndpoint" contract="SPTestService.IService1" />
</service>
</services>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
<system.webServer>
<modules runAllManagedModulesForAllRequests="true"/>
</system.webServer>
</configuration>

WCF - The security protocol cannot verify the incoming message.

I am trying to create a WCF service that uses certificate authentication over SSL to create a Business to Business gateway. I have created a CA and a client certificate and put them in the Trusted root and personal folders respectively. I have set up the SSL routing but I keep getting the following error ‘The security protocol cannot verify the incoming message.’ And I can’t figure out why.
Below is my service configuration:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.web>
<compilation debug="true" targetFramework="4.0" />
</system.web>
<system.serviceModel>
<services>
<service name="B2BGateway.SSOBackChannel" behaviorConfiguration="B2B">
<endpoint binding="wsHttpBinding"
bindingConfiguration="WSCertificateSecurity"
contract="B2BGateway.Contracts.ISSOBackChannel"
address="https://blah.com/SSOBackChannel.svc"></endpoint>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="B2B">
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<serviceCertificate />
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<serviceAuthorization principalPermissionMode="None"></serviceAuthorization>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="B2B">
<clientCredentials>
<clientCertificate findValue="2e2ecba0f33265085cc53cb53c0b00977aaa9e9e" storeName="My" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSCertificateSecurity">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
</system.serviceModel>
<system.diagnostics>
<sources>
<!-- See here for recommended diagnostics settings: http://msdn.microsoft.com/en-us/library/aa702726.aspx -->
<source name="System.ServiceModel" switchValue="Warning,Information,ActivityTracing,Verbose" propagateActivity="true">
<listeners>
<add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="d:\logs\gah.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<system.webServer>
<directoryBrowse enabled="true" />
</system.webServer>
</configuration>
And the client configuration is just the autogenerated code:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_ISSOBackChannel" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="None" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://blah.com/SSOBackChannel.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_ISSOBackChannel"
contract="SSOBackChannelService.ISSOBackChannel" name="WSHttpBinding_ISSOBackChannel" />
</client>
</system.serviceModel>
</configuration>
I wrote a unit test to see if the thing works which is where I’m getting the error...
[TestMethod]
public void Should_Call_Service_As_Machine_Does_Have_x509Certificate()
{
SSOBackChannelClient service = new SSOBackChannelClient();;
service.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "2e2ecba0f33265085cc53cb53c0b00977aaa9e9e");
var result = service.CheckBackChannelToken("123456789");
}
Any help would be so greatly appreciated!!
Josh
You are using wsHttpBinding but you havent specified the certificate it needs to use to secure your transport channel. Try to specify a certificate it needs to use. i.e. for SSL
Also try enabling tracing on your service. See here how to enable tracing.