tags:

views:

65

answers:

1
+1  Q: 

Certificate Information from WCF Service using Transport security mode

Is there any way to pull information about which client certificate was used inside of my web service method when using <security mode="Transport>? I sifted through OperationContext.Current but couldn't find anything obvious.

My server configuration is as follows:

  <basicHttpBinding>
    <binding name="SecuredBasicBindingCert">
      <security mode="Transport">
        <message clientCredentialType="Certificate" />
      </security>
    </binding>
  </basicHttpBinding>

I'm working with a third party pub/sub system who is unfortunately using DataPower for authentication. It seems like if I'm using WCF with this configuration, then I'm unable to glean any information about the caller (since no credentials are actually sent).

I somehow need to be able to figure out whose making calls to my service without changing my configuration or asking them to change their payload.

+1  A: 

Yes, but it's unintuitive.

First, be sure and reference the System.IdentityModel assembly from your service library.

Now, add something similar the following to your service method where you would like to know about the client certificate:

// Find the certificate ClaimSet associated with the client
foreach (ClaimSet claimSet in OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets)
{
    X509CertificateClaimSet certificateClaimSet = claimSet as X509CertificateClaimSet;
    if (certificateClaimSet != null)
    {
        // We found the ClaimSet, now extract the certificate
        X509Certificate2 certificate = certificateClaimSet.X509Certificate;

        // Do something interesting with information contained in the certificate
        Debug.Print("Certificate Subject: " + certificate.Subject);
    }
}

Hope this helps!

luksan  2010-06-03 01:39:21
Thanks for the answer, but `OperationContext.Current.ServiceSecurityContext.AuthorizationContext` is empty! Maybe IIS doesn't provide the certificate to WCF?
Langdon  2010-06-04 17:41:08
Or perhaps it's only available when `<security mode="TransportWithMessageCredential"/>`?
Langdon  2010-06-04 18:00:05
I don't know, it works for us when using transport level security with the net.tcp binding in a self-hosted scenario. I don't know why the AuthorizationContext would be null in your case.
luksan  2010-06-07 13:22:03

related questions

Dynamic programming with WCF
WCF Service Returning "Method Not Allowed"
Exceptions in Web Services
What SPN do I need to set for a net.tcp service?
How do I unit test a WCF service?
Best practices for versioning your services with WCF?
Lazy Loading with a WCF Service Domain Model?
How many ServiceContracts can a WCF Service have?
How can I authenticate using client credentials in WCF just once?
WCF - Domain Objects and IExtensibleDataObject
InvalidOperationException while creating wcf web service instance
Closing and Disposing a WCF Service
What WCF best practices do you follow in object model design?
WCF push to client through firewall?
Loading System.ServiceModel configuration section using ConfigurationManager
I would like some tips for debugging WCF Web Service exceptions
What's the best way to authenticate over WCF?
Good Reads for Distributed Systems
.Net - Returning DataTables in WCF
What is the easiest way to add compression to WCF in Silverlight?
WCF Backward Compatibility Issue
Best Practices for securing a REST API / web service
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
WCF - High availability