Hi,
I have a WCF with server and client certificates.
When calling service I get the following error and have no idea how to fix it:
Test method TestProject1.UnitTest1.TestMethod1 threw exception: System.ServiceModel.Security.SecurityNegotiationException: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint. ---> System.ServiceModel.FaultException: The request for security token has invalid or malformed elements..
Service configuration:
<system.serviceModel>
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtServiceLevel="true" logMessagesAtTransportLevel="true" />
</diagnostics>
<bindings>
<wsHttpBinding>
<binding name="DotNetStoreBinding" receiveTimeout="00:00:15">
<reliableSession inactivityTimeout="00:00:20" />
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<services>
<service behaviorConfiguration="ServiceBehavior" name="WcfServiceCustumer.Service1">
<endpoint binding="wsHttpBinding" contract="WcfServiceCustumer.IService1">
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ServiceBehavior">
<serviceMetadata httpsGetEnabled="false" httpGetEnabled="true"/>
<serviceCredentials>
<serviceCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" findValue="CN=DotNetStore" />
<clientCertificate>
<certificate storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName" findValue="Bob"/>
<authentication certificateValidationMode="PeerTrust" />
</clientCertificate>
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
I call the service with following code:
EndpointAddress address = new EndpointAddress(
new Uri("http://klemen-pc/CustomerServiceSite/Customer.svc"),
EndpointIdentity.CreateDnsIdentity("klemen-pc"),
new AddressHeaderCollection()
);
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Message;
binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;
var client = new CustomerService.Service1Client(binding, address);
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.PeerTrust;
client.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "Bob");
client.Open();
I am adding some info about my WCF. I created WCF service first. Then I created a site which is published in IIS. I have certificates settings (Web.conf) in Site project only (not in standalone WCF).
Any idea?