HI All,
I am facing an issue regarding the WCF certificates.
I have created certificates and stored in my local machine as well as in Trusted root folder.
I have applied custom binding in my WCF Web.Config file.
Kindly help its urgent...Thanks in advance.
Here is the web.config file.
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.serviceModel>
<services>
<service name="WcfServicetoConcat.Service1" behaviorConfiguration="WcfServicetoConcat.Service1Behavior">
<endpoint address="" binding="customBinding" bindingConfiguration="PolicyBinding" contract="WcfServicetoConcat.IService1">
<identity>
<certificateReference findValue="WCfServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="WcfServicetoConcat.Service1Behavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="false"/>
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode ="PeerTrust"/>
</clientCertificate>
<serviceCertificate findValue="WCfServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding">
<security>
<message clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
<customBinding>
<binding name="PolicyBinding">
<transactionFlow transactionProtocol="WSAtomicTransactionOctober2004"/>
<security defaultAlgorithmSuite="Default" authenticationMode="MutualCertificate" requireDerivedKeys="true" securityHeaderLayout="Strict" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncryptAndEncryptSignature" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10" requireSignatureConfirmation="true">
<secureConversationBootstrap/>
</security>
<mtomMessageEncoding maxReadPoolSize="64" maxWritePoolSize="16" messageVersion="Default" maxBufferSize="2147483647" writeEncoding="utf-8">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
</mtomMessageEncoding>
<httpTransport manualAddressing="false" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647" allowCookies="false" authenticationScheme="Anonymous" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" keepAliveEnabled="true" maxBufferSize="2147483647" proxyAuthenticationScheme="Anonymous" realm="" transferMode="Buffered" unsafeConnectionNtlmAuthentication="false" useDefaultWebProxy="true"/>
</binding>
</customBinding>
</bindings>
</system.serviceModel>
</configuration>
Client Web.config file
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true" targetFramework="4.0"/>
<authentication mode="Windows"/>
<pages controlRenderingCompatibilityVersion="3.5" clientIDMode="AutoID"/>
</system.web>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom"
textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="Certificate" negotiateServiceCredential="true"
algorithmSuite="Default" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="http://inbom1-w0040.mcint.local/WCFService/Service1.svc"
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService1"
contract="WCFService.IService1" name="WSHttpBinding_IService1" behaviorConfiguration="ClientCert">
<identity>
<certificate encodedValue="AwAAAAEAAAAUAAAAMkf8a3FWNN+RnQynuNXaS1KCMD0gAAAAAQAAAPwBAAAwggH4MIIBYaADAgECAhB9by+wm+d+vkI71UqWf8hwMA0GCSqGSIb3DQEBBAUAMBUxEzARBgNVBAMTClJvb3RDQVRlc3QwHhcNMTMwMTI4MDUyMDMyWhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlXQ2ZTZXJ2ZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMz9tAEOxFyLnk4JrLEmXP+anZ+LNHex0m3lU4WZ/i70Sr4SU04gu/bH42HveLrbhfOPRVAcqp+2STBKQmwNoTELx8EuP8sqtrX2abncbxMh4mM+4v8lLPsVSop8Pr/qb+T9FtSZu+KUFKZFYdmG1Bht954QC1A3RrzAKYry7sD/AgMBAAGjSjBIMEYGA1UdAQQ/MD2AEALyFbbJwckwFdikG7azmiGhFzAVMRMwEQYDVQQDEwpSb290Q0FUZXN0ghC2nVqXi142i03XiRUwYKbsMA0GCSqGSIb3DQEBBAUAA4GBAC3rBQWRz4/Fln7ovKxg8NA1QhFsOp1nSpxCo9Av8XqmsUPt+CHbQ/857I8/KFubttprjuOsdR/XZqEaCsXlecvW7L3PpixL+ZqDTFJAxzpxCplBomFITTJ+tY8/Y/Fu0gXuMljqtKQqXZDvuliBPDODxEoojhLwT6x3LhoyyBCb" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientCert">
<clientCredentials>
<clientCertificate findValue="WcfClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
Error in IE
An error occurred when verifying security for the message.
i get the following exception from event veiwer
Exception information:
Exception type: SecurityNegotiationException
Exception message: Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
After enabling the WCF trace i have found the below error
Excpetion type :System.ServiceModel.Security.MessageSecurityException, System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Message :Security processor was unable to find a security header in the message. This might be because the message is an unsecured fault or because there is a binding mismatch between the communicating parties. This can occur if the service is configured for security and the client is not using security
Kindly help