C# WCF client configuration for X509 secured web service over https

Question

Hi guys

I been pulling my hair out for the past few days trying to connect to a web service using .Net 3.5 and WCF (have also tried using WSE 3.0) without much luck.

The web service is hosted by a 3rd party and we can access via https. They also make use of X509 certificates for security, to sign the message. I've been given some basic info and am able to connect and test the service using SOAP UI 3.5 without any problems, so we know that this is not the issue. Just trying to get it done in code!

I've added the X509 certificate into the certificate store using the mmc snap-in, and using tracing and logging i can see that the message is being signed, just unable to see which part i have got wrong.

Any healp GREATLY appreciated :)

I've been given an offline WSDL file, which I have imported in as a service reference is VS 2008.

My calling code looks like so, simple enough:

ServicePointManager.ServerCertificateValidationCallback = 
    delegate(object sender,X509Certificate certificate,X509Chain chain, SslPolicyErrors sslErrors) { return true; };

GatewayClient gateway = new GatewayClient();
CheckStatusResponse response = gateway.CheckLineStatus(); 

And my config looks like so:

    <basicHttpBinding>
      <binding name="Gateway_1.0" closeTimeout="00:01:00" openTimeout="00:01:00"
        receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
        bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered"
        useDefaultWebProxy="true">
        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />
        <security mode="TransportWithMessageCredential">
          <transport clientCredentialType="None" proxyCredentialType="None"
            realm="" />
          <message clientCredentialType="Certificate" algorithmSuite="Default" />
        </security>
      </binding>
    </basicHttpBinding>

    <customBinding>
      <binding name="Gateway_1">
        <security authenticationMode="CertificateOverTransport" includeTimestamp="true" messageProtectionOrder="SignBeforeEncrypt">
          <localClientSettings maxClockSkew="12:00:00" replayWindow="12:00:00" sessionKeyRolloverInterval="12:00:00" timestampValidityDuration="12:00:00" />
          <localServiceSettings maxClockSkew="12:00:00" sessionKeyRolloverInterval="12:00:00" timestampValidityDuration="12:00:00" />
          <secureConversationBootstrap />
        </security>
        <textMessageEncoding messageVersion="Soap11" />
        <sslStreamSecurity requireClientCertificate="true" />
        <httpsTransport hostNameComparisonMode="WeakWildcard" />
      </binding>
    </customBinding>

    <wsHttpBinding>
      <binding name="Gateway_1" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
        <security mode="TransportWithMessageCredential">
          <message clientCredentialType="Certificate" negotiateServiceCredential="false" establishSecurityContext="true" />
        </security>
      </binding>
    </wsHttpBinding>

  </bindings>

  <client>
      <endpoint address="https://XXX.XX.XXX.XX/SOAP" behaviorConfiguration="ClientCertificateBehavior" binding="wsHttpBinding" bindingConfiguration="Gateway_1" contract="B2BService.Gateway" name="Gateway_1_HTTPSPort">
          <identity>
              <dns value="ext.test.com" />
          </identity>
      </endpoint>
  </client>

  <behaviors>
    <endpointBehaviors>
      <behavior name="ClientCertificateBehavior">
        <clientCredentials>
          <clientCertificate findValue="mycertificate.com" storeLocation="CurrentUser" storeName="Root" x509FindType="FindBySubjectName" />
          <serviceCertificate>
            <authentication certificateValidationMode="PeerOrChainTrust" />
          </serviceCertificate>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors>

</system.serviceModel>

Regardless of which config I use, the code fails for one reason or another, causing internal server errors, Error processing message for security, Undefined 'badEncoding' resource property, or expected http URI given https, and a few other! Been going round and round a bit, and I am sure it is very simple once the cofig is set :(

I'm sure I've missed loads out, let me know if seeing the SOAP UI generated envelope and the currect WCF generated envelope will help.

many thanks. Kam

Answer 1

maxArrayLength="16384" This seems huge, depending on what objects you are storing in the array.

Anyhow I really don't know, also trying to figure out how to secure my future WCF service.