WCF and SSL Mutual Authentication 403 - Forbidden: Access is denied
Question
I have created a wcf data service and expose it over HTTP, with SSL required. I am trying to have a setup where both the service and the clients are authenticated through certificates (mutual authentication). I am using developer certificates. so, I added the server's certificate to the client's trusted people store.
but I'm still getting an exception : "403 - Forbidden: Access is denied."
1- Here is my server config :
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
</behaviors>
<services>
<service behaviorConfiguration="" name="PricingDataService">
<endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
name="webHttpEndpoint" contract="System.Data.Services.IRequestHandler" />
</service>
</services>
How do I make the server to recognise the client's certificate ? (it should be a developer certificate as well).
2- Here is my client config :
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientCredentialBehavior">
<clientCredentials>
<clientCertificate storeName="TrustedPeople" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" findValue="tempClientcert" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
contract="System.Data.Services.IRequestHandler" name="" kind=""
endpointConfiguration="" behaviorConfiguration="clientCredentialBehavior">
<identity>
<dns value="MyServiceSecure"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
3- Here's the code I use to call the wcf code :
> MyServiceContext service = new MyServiceContext (
new Uri("https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"));
service.SendingRequest += this.OnSendingRequest_AddCertificate;
//
private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
{
if (null != ClientCertificate)
(args.Request as HttpWebRequest).ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:\Localhost.cer"););
}
do I create a certificate on the server and then install it on the client ?
1 answers
solution1
1 2011-04-06 22:27:38
I think your certificates might be wrong, but start out by verifying in IIS that "Client certificates" under "SSL Settings" for the website are either set to Accept or Require (whichever suits you best).
I believe that for your purposes creating a self-signed certificate for the server in IIS and then exporting this certificate to a .pfx file and installing it in your trusted root should work.
If that doesn't help you, I'd look at this question: Using makecert for Development SSL
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.