WCF: Could not establish trust relationship for the SSL/TLS secure channel with authority
Question
I have set up my IIS WCF web service to use Windows authentication (over https) and on accessing the WSDL I get a request from the server to authenticate, which then works. So all is well there.
However, I cannot figure out how to pass over the current user's Windows credentials, I keep getting the error as detailed in the subject.
This is the server web.config:
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="wsBindingTest">
<security mode="Transport">
<message negotiateServiceCredential="true" clientCredentialType="Windows"/>
<transport clientCredentialType="Windows"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<protocolMapping>
<remove scheme="http" />
<add scheme="http" binding="wsHttpBinding" bindingConfiguration="wsBindingTest" />
</protocolMapping>
<behaviors>
<serviceBehaviors>
<behavior name="">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
</behavior>
</serviceBehaviors>
</behaviors>
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
</system.serviceModel>
</configuration>
This is the client:
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="BasicHttpBinding_ITRIMService">
<security mode="Transport">
<transport clientCredentialType="Windows" proxyCredentialType="None" />
<message clientCredentialType="Windows" negotiateServiceCredential="true"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<client>
<endpoint address="https://servername.net/TRIMDev/TRIMService.svc"
binding="wsHttpBinding" bindingConfiguration="BasicHttpBinding_ITRIMService"
contract="Service.ITRIMService" name="BasicHttpBinding_ITRIMService">
<identity>
<servicePrincipalName value="host/servername.net" />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
This is the code that ultimately creates the channel:
ConfigurationChannelFactory<ITRIMService> channelFactory = new ConfigurationChannelFactory<ITRIMService>("BasicHttpBinding_ITRIMService", config, null);
var channel = channelFactory.CreateChannel();
I tried adding the following to the client config, with no luck, hoping it could be done without having to code anything into the client:
<system.web>
<identity impersonate="true"/>
<authentication mode="Windows" />
</system.web>
Any help would be much appreciated as I just don't know enough to know why it's not working.
1 answers
solution1
0 2016-09-23 20:21:16
Windows authentication does not work over wsHttpBinding , it is only supported for NetTcpBinding . Reference information here .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.