Hi
I've succeeded in getting WCF Transport security going for our Logon web service using a self-signed certificate issued against localhost. I added the self-signed certificate as trusted root certificate authority to prevent IE about moaning about a non-trusted certificate. When testing against localhost everything works fine and because we are using localhost it also allows all developers to test the service from their own machines without any problems.
However, I'm now trying to get this working on our remote testing server. When running on the remote server, a localhost certificate is obviously not going to work anymore. So I created a self-signed test certificate for the server machine using IIS7 and setup IIS to use this certificate for https comms on the web site. I also added this to the server's trust root certificate authority store. I then change the WCFserver behaviour configuration to now not look for a localhost certificate anymore, but to find one tied to the DNS name of the machine as illustrated below:
<behavior name="SSL">
<serviceCredentials>
<serviceCertificate
findValue="prods-build.mydomain.co.za"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
This behaviour is then linked to the Logon service in the web.config file:
<service behaviorConfiguration="SSL" name="Pragma.OnKey.Services.Common.LogonService">
<endpoint address="" bindingConfiguration="pragmaSSL" binding="basicHttpBinding" name="Silverlight" contract="Pragma.OnKey.Services.Common.ILogonService" />
</service>
For reference I also include the binding configuration used:
<binding name="pragmaSSL">
<security mode="Transport"/>
</binding>
When I run a test from a browser using the fully qualified domain name on the server machine itself, everyting works fine. Fiddler shows the HTTPS connection being made for the Logon web service call. However, as soon as I try to run the same test using the fully qualified domain name from a remote machine, I get the usual "Error trying to make request to URI https://myserver/Services/Logon.svc ..check the clientaccesspolicy.xml" error . The clientaccesspolicy.xml (see below) is in place at the root folder of the web site and remember, this all works fine until I try and access the service remotely using the fully qualified DNS name.
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPACTION">
<domain uri="http://*"/>
<domain uri="https://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
So my question is, what am I doing wrong? What piece of this puzzle am I missing? How do I go about testing the SSL implementation on a remote machine using a self-signed test certificate and a Silverlight client?
Remember all of this works fine using a self-signed certificate issed against localhost. I however need to get this running for testing our application in our testing and staging environments.
Thanks Carel