WCF证书身份验证

Question

While implementiong wcf security using certificate, I am facing below mentioned error.

Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel.

I have already put the certificates in Trusted People.

It looks like identity problem and I have tried setting the identity both in service and client config but still it didn't work.

Below are the configuration details.

Service Configuration

<bindings>
      <wsHttpBinding>
        <binding name="WSHTTP">
          <security mode="Message">
            <message clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

<service name="WCFCertificateAuth.Service1">
        <endpoint address="" binding="wsHttpBinding" bindingConfiguration=""
          bindingName="WSHTTP" contract="WCFCertificateAuth.IService1">
          <!--<identity>
            <dns value="WCfServer"/>
          </identity>-->
        </endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" /> 

<behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="False" />
          <serviceCredentials>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
            <serviceCertificate findValue="WCfServer" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors> 

Client Configuration

<bindings>
            <wsHttpBinding>
                <binding name="WSHTTP_IService1" sendTimeout="00:05:00">
                    <security mode="Message">
                        <message clientCredentialType="Certificate" />
                    </security>
                </binding>
            </wsHttpBinding>
        </bindings>

<client>
 <endpoint address="http://localhost:8733/WCFCertificateAuth/Service1/"
                binding="wsHttpBinding" bindingConfiguration="WSHTTP_IService1"
                contract="IService1" name="WSHTTP_IService1">
                <identity>
                    <dns value="WCfServer" />
                </identity>
 </endpoint>
 </client> 

<behaviors>
        <endpointBehaviors>
          <behavior>
            <clientCredentials>
              <serviceCertificate>
                <authentication certificateValidationMode="PeerTrust"/>
              </serviceCertificate>
              <clientCertificate findValue="WCfClient" storeLocation="CurrentUser" storeName="TrustedPeople" x509FindType="FindBySubjectName"/> 
            </clientCredentials>
          </behavior>
        </endpointBehaviors>
</behaviors>  

Answer 1

I removed the identity tag and used full name of machine in address field in place of "localhost" and its working fine. Hope this helps anyone who is getting above mentioned error.