stackoom
  简体   繁体   中英

The HTTP request was forbidden with client authentication scheme 'Anonymous'. 3

 原文  2014-06-02 11:57:06       c#/ .net/ wcf

Question

I am implementing mutual handshake over https using wcf, and I receive an error: "The HTTP request was forbidden with client authentication scheme 'Anonymous'."

Service code: 

        var binding = new BasicHttpBinding()
        {
            Security =
            {
                Mode = BasicHttpSecurityMode.Transport,
                Transport = { ClientCredentialType = HttpClientCredentialType.Certificate },
            },
        };

        var sh = new ServiceHost(typeof(EchoService), new Uri("https://localhost:9876"));
        //sh.Description.Behaviors.Add(new ServiceMetadataBehavior());
        //sh.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), "mex");
        sh.AddServiceEndpoint(typeof(IEchoService), binding, "");
        sh.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
        sh.Open();

Client code: 

        var binding = new BasicHttpBinding()
        {
            Security =
            {
                Mode = BasicHttpSecurityMode.Transport,
                Transport = { ClientCredentialType = HttpClientCredentialType.Certificate },
            },
        };

        var sslClientFactory = new ChannelFactory<IEchoService>(binding, "https://localhost:9876");
        sslClientFactory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");
        var sslClient = sslClientFactory.CreateChannel();
        var response = sslClient.Echo("Https Echo");

I have assign this certificate to port using httpcfg.

If I change binding from BasicHttpBinding to NetTcpBinding it works fine.

If I run two instances of my service (in one process), one which uses NetTcpBinding and second one which uses BasicHttpBinding, and consume it from net tcp client and https client, both works fine (clients use the same certificate).

What cases that if i run only my https client I get "The HTTP request was forbidden with client authentication scheme 'Anonymous'."?

1 answers

solution1
 0 ACCPTED  2014-06-05 07:56:02

I have noticed that I have a lot of doubled certs (pairs of two identically certs - with the same thumbrpint) in store (I dont know how i put them there like that), and I think that this was a problem. Maybe when certs are doubled in store, server sends to client only those issuers from not doubled certs?

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to add ClientCeritifcates, The HTTP request was forbidden with client authentication scheme 'Anonymous' Reproduce Issue: The http request was forbidden with client authentication scheme 'anonymous' How to fix "The HTTP request was forbidden with client authentication scheme 'Anonymous'" Getting 403 Forbidden error. The HTTP request was forbidden with client authentication scheme 'Anonymous' The HTTP request was forbidden with client authentication scheme 'Anonymous'. The remote server returned an error: (403) Forbidden The HTTP request is unauthorized with client authentication scheme 'Anonymous'? The HTTP request is not authorized with the 'Anonymous' client authentication scheme The HTTP request was forbidden with client authentication scheme 'Anonymous' error, when adding WCF service reference IIS hosted WCF with SSL security -“The HTTP request was forbidden with client authentication scheme 'Anonymous'” error BizTalk send port throws error System.Net.WebException: The HTTP request was forbidden with client authentication scheme 'Anonymous'
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM