WCF and Client Certificate Validation with WebHttpBinding

Question

Hi Guys,

Stack overflow is been great help every time I face problem. however, I have struggling to find an answer for a new issue i am facing. I have working on WCF service to validate client certificate using WebHttpBinding. I have service interface as shown below:-

// IAuthenticatedMessageService.cs 
namespace AuthenticatedMessageService
{
        [ServiceContract]
        public interface IAuthenticatedMessageService
        {

            [OperationContract]
      [WebInvoke(Method = "POST",
       BodyStyle = WebMessageBodyStyle.Bare,
       UriTemplate = "Upload")]
            void Upload(Stream data);
        }
}

I have service implementations has shown below:-

//  AuthenticatedMessageService.cs
namespace AuthenticatedMessageService
{
        [AspNetCompatibilityRequirements(RequirementsMode = AspNetCompatibilityRequirementsMode.Required)]
        public class AuthenticatedMessageService : IAuthenticatedMessageService
        {
            public void Upload(Stream data)
            {
       StreamReader sr = new StreamReader(data);
       File.WriteAllText(@"C:\WUTEMP\NAZ_STREAMTEST.xml", sr.ReadToEnd());
            }
        }
}

I have web.config file has shown belowL-

//  web.config
<system.serviceModel>
    <serviceHostingEnvironment aspNetCompatibilityEnabled ="true"></serviceHostingEnvironment>
    <bindings>
      <webHttpBinding>
        <binding name="WebConfiguration"
                 maxBufferSize="65536"
                 maxReceivedMessageSize="2000000000"
                 transferMode="Streamed">
           <!--<security mode="Transport">
        <transport clientCredentialType="Certificate"/>
      </security>-->
        </binding>
      </webHttpBinding>

    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="WebBehavior">
          <webHttp/>
        </behavior>
      </endpointBehaviors>
      <serviceBehaviors>
        <behavior name="AuthenticatedMessageService.Service1Behavior">
          <serviceMetadata httpGetEnabled="true"  httpsGetEnabled="true"  />
          <serviceDebug includeExceptionDetailInFaults="true" />
          <serviceCredentials>
            <serviceCertificate findValue="ServiceSideCertificate" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"></serviceCertificate>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
    <services>
      <service name="AuthenticatedMessageService.AuthenticatedMessageService" behaviorConfiguration="AuthenticatedMessageService.Service1Behavior">
    <endpoint
          address=""
          binding="webHttpBinding"
          behaviorConfiguration="WebBehavior"
          bindingConfiguration="WebConfiguration"
          contract="AuthenticatedMessageService.IAuthenticatedMessageService" >
    </endpoint>
      </service>
    </services>
  </system.serviceModel>

My service works so far using following client code:-

// Client Code
  protected void btn_Click(object sender, EventArgs e)
        {
   //X509Certificate Cert = X509Certificate2.CreateFromCertFile(@"C:\Projects\Dummy Tests\AuthenticatedMessageService\WebClientToTest\clientCert.cer");

   X509Certificate2 Cert = new X509Certificate2(@"C:\Projects\Dummy Tests\AuthenticatedMessageService\WebClientToTest\clientCert.cer");

   Uri address = new Uri("http://localhost/AuthenticatedMessageService/AuthenticatedMessageService.svc/Upload");


            // Create the web request  
            HttpWebRequest request = WebRequest.Create(address) as HttpWebRequest;
            request.ClientCertificates.Add(Cert);
            request.UserAgent = "Client Cert Sample";
            // Set type to POST  
            request.Method = "POST";
            request.ContentType = "application/x-www-form-urlencoded";

            // Create the data we want to send  
            string data = "{\"SomeData\":\"someTestData\"}";

            // Create a byte array of the data we want to send  
            byte[] byteData = UTF8Encoding.UTF8.GetBytes(data);

            // Set the content length in the request headers  
            request.ContentLength = byteData.Length;

   ServicePointManager.ServerCertificateValidationCallback = new RemoteCertificateValidationCallback(ValidateServerCertificate);

            // Write data  
            using (Stream postStream = request.GetRequestStream())
            {
                postStream.Write(byteData, 0, byteData.Length);
            }
        }

  public static bool ValidateServerCertificate(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)
  {
   return true;
  } 

However, if I apply following configuration and update my IIS7 SSL setting to Require SSL and Client Certificate as required for this web service then service stops working.

<security mode="Transport">
            <transport clientCredentialType="Certificate"/>
          </security>

Please Note: I do update my client code to use https instead of http. I am still struggling to understand why this is not working. WCF trace logs does not give my much information either.

Regards,

Naz Ali