tags:

views:

2472

answers:

1
+1  Q: 

BasicHttpBinding with Certificate authentication - error "forbidden"?

I'm trying go get WCF server and client mutually authenticate each other using SSL certificates on transport level using BasicHttpBinding. Here's how the server is getting created:

var soapBinding = new BasicHttpBinding() { Namespace = "http://test.com" };
soapBinding.Security.Mode = BasicHttpSecurityMode.Transport;
soapBinding.Security.Transport.ClientCredentialType =
    HttpClientCredentialType.Certificate;
var sh = new ServiceHost(typeof(Service1), uri);
sh.AddServiceEndpoint(typeof(IService1), soapBinding, "");
sh.Credentials.ServiceCertificate.SetCertificate(
    StoreLocation.LocalMachine, StoreName.My, 
    X509FindType.FindBySubjectName, "localhost");
sh.Open();

Here's the client:

var binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
var service = new ServiceReference2.Service1Client(binding,
    new EndpointAddress("https://localhost:801/Service1"));

service.ClientCredentials.ClientCertificate.SetCertificate(
    StoreLocation.LocalMachine, StoreName.My, 
    X509FindType.FindBySubjectName, "localhost");

service.ClientCredentials.ServiceCertificate.Authentication.
    CertificateValidationMode =
        System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;

service.HelloWorld();

Certificate for localhost is in Personal, Trusted Root and Trusted 3rd Party containers. Internet Explorer can connect to host and see WSDL. Also, SSL calls work fine with ClientCredentialType = HttpClientCredentialType.None

HelloWorld() fails with:

System.ServiceModel.Security.MessageSecurityException occurred<br/>
  Message="The HTTP request was forbidden with client authentication
  scheme 'Anonymous'."

which is a rethrown exception from: "The remote server returned an error: (403) Forbidden."

how does one go around figuring out wtf is going on?

+3  A: 

Try adding this in the client just after setting Security.Mode:

binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
 2009-04-09 22:47:06
I can't believe it was so easy and I didn't catch it :(
galets  2009-04-10 17:01:54
I have the same problem but where the app.config has: <transport clientCredentialType="Certificate" proxyCredentialType="None" realm="">in the transport element :-(
Ronnie  2010-03-10 16:11:21

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?