Transport Security with Certificate Authentication

wcf ssl ssl-certificate transport-security
Brian T picture Brian T · Nov 3, 2010 · Viewed 8.7k times · Source

I'm getting the following error when I access my webservice localhost/MyService/MyService.svc

The SSL settings for the service 'SslRequireCert' does not match those of the IIS 'Ssl, SslNegotiateCert'.

I've following the web.config examples as specified in http://msdn.microsoft.com/en-us/library/ms731074.aspx

Here is my wcf server web.config:

<?xml version="1.0" encoding="UTF-8"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0">
  <appSettings />
  <system.web>
    <identity impersonate="false" />
    <roleManager enabled="true" />
    <authentication mode="Windows" />
    <customErrors mode="Off" />
    <webServices>
      <protocols>
        <add name="HttpGet" />
        <add name="HttpPost" />
      </protocols>
    </webServices>
  </system.web>
  <system.webServer>
    <directoryBrowse enabled="true" />
    <validation validateIntegratedModeConfiguration="false" />
    <security>
      <authorization>
        <remove users="*" roles="" verbs="" />
        <add accessType="Allow" users="*" roles="" />
      </authorization>
    </security>
  </system.webServer>
  <system.serviceModel>
    <services>
      <service name="AspNetSqlProviderService" behaviorConfiguration="MyServiceBehavior">
        <endpoint binding="wsHttpBinding" contract="Interface1" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
        <endpoint binding="wsHttpBinding" contract="Interface2" bindingConfiguration="CertificateWithTransportWSHttpBinding" />
        <endpoint address="mex" binding="wsHttpBinding" bindingConfiguration="CertificateWithTransportWSHttpBinding" name="Metadata_Exchange" contract="IMetadataExchange" />
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="MyServiceBehavior">
          <serviceDebug includeExceptionDetailInFaults="True" />
          <serviceMetadata />
          <serviceCredentials>
            <clientCertificate>
              <authentication trustedStoreLocation="LocalMachine"
                               revocationMode="Online"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <bindings>
      <wsHttpBinding>
        <binding name="CertificateWithTransportWSHttpBinding">
          <security mode="Transport">
            <transport clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
  </system.serviceModel>
</configuration>

I've configured IIS as follows:

  • https binding added using self signed certificate
  • Under SSL settings, require SSL and accept client certificates is checked
  • The self signed certificate has been added to the Local Computer Trusted Root CA.

I can browse and execute the .asmx service definition, but the .svc gives me the error described above.

Answer

Rajesh picture Rajesh · Apr 19, 2012

Try to comment out your mex endpoint. That should get it working

Related questions

Is it possible to force the WCF test client to accept a self-signed certificate?

I have a WCF web service running in IIS 7 using a self-signed certificate (it's a proof of concept to make sure this is the route I want to go). It's required to use SSL. Is it possible to use the …

Read More
WCF Self signed certificate is not trusted on the client

I have a WCF service that is ONLY every used between two server machines. It will NEVER be used publicly. I was hoping I could use SSL with a self signed certificate for security. I created a certificate using IIS7, …

Read More
Adding WCF Service Reference with https endpoint

My WCF service application works over http and https, however, when I add a service reference (with the https url) to it in my client, Visual Studio 2010 sets the endpoint in the config file to http. It doesn't appear to …

Read More