views:

58

answers:

0

My question stems from an earlier client proxy that svcutil generated for me based on a server configuration.

I use a server side certificate credential using a Sql Memebership provider to authenticate the user.

For the bindings I simply used

    <behavior name="MembershipBehaviour">
      <serviceMetadata httpsGetEnabled="true" />
      <serviceCredentials>
        <serviceCertificate findValue="xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx"
          storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"
          membershipProviderName="SqlMembershipProvider" />
      </serviceCredentials>
    </behavior>

  <wsHttpBinding>
    <binding name="SqlMembershipProvider">
      <security mode="TransportWithMessageCredential">
       <message clientCredentialType="UserName" />
      </security>
    </binding>
  </wsHttpBinding>

Then when svcutil generated my client config, it added an Identity node to my endpoint with what looks like an encrypted value for the certificate. Also note that the security mode transport credential type is set to certificate.

      <security mode="TransportWithMessageCredential">
        <transport clientCredentialType="Certificate" proxyCredentialType="None" realm=""/>
      <message clientCredentialType="UserName" negotiateServiceCredential="true"      algorithmSuite="Default" establishSecurityContext="true" />


 <client>
  <endpoint address="https://towps.com/Website/Service/Service.svc/SqlMembershipProvider"
      binding="wsHttpBinding" bindingConfiguration="SqlMembershipProvider"
      contract="IHoldingFileUploadService" name="SqlMembershipProvider">
    <identity>
      <certificate encodedValue="Insert Encoding Here" />
    </identity>
  </endpoint>
</client>

That to me seemed, at the time, to be what it should be doing.
I'm since revisiting this and generating the client proxy now for my localhost URL, even though the server side config is the same (save for a different cert thumbprint and different end point address), svcutil is no longer giving me the Identity node with the encrypted value for the certificate.
Also the security mode transport credential is being set to none by default.

Using my client still works though and if I change the thumbprint value in the server config, svcutil fails saying it can't validate the cert.

When should I expect the certificate encoded value in the Identity node when doing this type of authentication over SSL?
Is it necessary? Has it been deprecated?
The last time I tried this was before upgrading to Visual Studio 2010. I'm thinking something may have changed in the svcutil.