使用自签名证书的WCF服务

Question

When I execute the consuming application it is giving me the below exception: The requested service, ' https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc ' could not be activated.

and when I try to enter this path into chrome it says: A registration already exists for URI ' https://ws20.intra.local:53996/HistoricStatementsWS.HistoricStatements.svc '.

I don't know how to get rid of these exceptions and I have been through a lot of forums so far.

SERVER-SIDE app.config

<system.web>
<compilation debug="true" />
<membership defaultProvider="ClientAuthenticationMembershipProvider">
  <providers>
    <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />
  </providers>
</membership>
<roleManager defaultProvider="ClientRoleProvider" enabled="true">
  <providers>
    <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86400" />
  </providers>
</roleManager>
</system.web>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpointBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<services>
  <service behaviorConfiguration="behaviourHttps" name="HistoricStatementsWS.HistoricStatements">
    <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="wsHttpEndpoint" contract="HistoricStatementsWS.IHistoricStatements" />
    <endpoint address="HistoricStatementsWS.HistoricStatements.svc"
      binding="wsHttpBinding" bindingConfiguration="wsHttpEndpointBinding"
      name="mexEndpoint" contract="IMetadataExchange" />
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:53996/" />
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="behaviourHttps">
      <useRequestHeadersForMetadataAddress />
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"
        httpsGetUrl="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc"
        policyVersion="Policy15" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

CLIENT-SIDE Webconfig

<configuration>
<configSections>
</configSections>
<system.web>
<compilation debug="true" targetFramework="4.5" />
<httpRuntime targetFramework="4.5" />
</system.web>
<system.webServer>
<directoryBrowse enabled="true" showFlags="Date,Time,Extension,Size" />
</system.webServer>
<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="wsHttpEndpoint">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint behaviorConfiguration="endpointBehavior" address="https://localhost:53996/HistoricStatementsWS.HistoricStatements.svc" binding="wsHttpBinding"
    bindingConfiguration="wsHttpEndpoint" contract="IHistoricStatements.IHistoricStatements"
    name="wsHttpEndpoint" />
</client>
<behaviors>
  <endpointBehaviors>
    <behavior name="endpointBehavior">
      <clientCredentials>
        <clientCertificate storeLocation="LocalMachine" storeName="My" findValue="00B192126A72D282D2" x509FindType="FindBySerialNumber"/>
        <serviceCertificate>
          <authentication certificateValidationMode="None" revocationMode="NoCheck" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

Answer 1

For anyone with same problem I managed to solve the issue by directing my ip 127.0.0.1 to my full domain name: computername.intra.local. I changed localhost in the server's web config to my domain name (computername.intra.local) and removed the domain prefix from httpsGetUrl since the baseAddress is used also for this value so https://localhost:53996/ was duplicated. Although there is still duplicate values and the config is still not accurate, at least the wsdl is accessible from the browser. The browser (on my local) asks for a certificate and authenticates successfully.

However I still lack the know how of reaching the same url from a different machine on the same network. I installed the root and client certificates as they are on my local machine and still it gives this error: 'The HTTP request was forbidden with client authentication scheme 'Anonymous'.' I was having this error on my local from the client side but solved it by calling the certificate programmatically. The same code on the new machine does not work.

The code is:

WSHttpBinding httpBinding = new WSHttpBinding(SecurityMode.Transport);
httpBinding.Security.Transport.ClientCredentialType =     HttpClientCredentialType.Certificate;
httpBinding.Security.Message.NegotiateServiceCredential = false;
httpBinding.Security.Message.EstablishSecurityContext = false;

var httpUri = new Uri("https://ws12.intra.local:53996/HistoricStatementsWS.Historicstatements.svc");
var httpEndpoint = new EndpointAddress(httpUri, EndpointIdentity.CreateDnsIdentity(""));
var newFactory = new ChannelFactory<IHistoricStatements>(httpBinding, httpEndpoint);
newFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");
newFactory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ws12.intra.local");

I must add that no proxies are used, 'Anonymous' is switched on in IIS with user IUSR, root folder has full permissios to IUSR, IIS_IUSRS, Network, Network Service. I first wish to connect from the browser on new machine as this gives error:

403 -Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

Your replies are much appreciated.

Justin