WCF what is wrong with this

Question

In short: I cannot get my console client connected to an https endpoint of the WCF service which is hosted on another PC in the same network. It pops up an error at debug time at: Object loginObject = client.Login(password, username); and says:Unable to automatically step into this server machine domain.Connecting to the server machine failed. Logon failure:unknown user name or bad password.

I am not hosting this on IIS, i just host the service from visual studio

-----for more details check below-----

I have a wcf service hosted in console on a computer, the config file with only the binding, endpoint and behaviour, looks like this:

<bindings>
  <wsHttpBinding>
    <binding
    name="HighQuotaWSHttpBinding"
    receiveTimeout="00:10:00"
    sendTimeout="00:10:00"
    bypassProxyOnLocal="true"
    maxBufferPoolSize="2147483647"
    useDefaultWebProxy="false"
    maxReceivedMessageSize="2147483647">
      <security mode="Transport">
        <transport clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

<services>
  <!-- WebDataService -->
  <service
  behaviorConfiguration="WebDataServiceBehaviour"
  name="ANameSpace">
    <endpoint
    address="WebDataService"
    binding="wsHttpBinding" bindingConfiguration="HighQuotaWSHttpBinding"
    contract="AContract"
    name="WebDataServiceHttpBinding">
      <!--<identity>
<dns value="" />
</identity>-->
    </endpoint>
    <endpoint
    address="mex"
    binding="mexHttpsBinding"
    contract="IMetadataExchange"
    name="mexManagement" />
    <host>
      <baseAddresses>
        <add baseAddress="http://mylocalip:9650/" />
        <add baseAddress="https://mylocalip:9651/" />
      </baseAddresses>
    </host>
  </service>
</services>

<!-- Definition of WebDataService behaviour -->
<behaviors>
  <serviceBehaviors>
    <!-- Behavior for WebserviceData interface -->
    <behavior name="WebDataServiceBehaviour">
      <!-- Set throttling of (concurrent) cals -->
      <serviceThrottling
      maxConcurrentCalls="100"
      maxConcurrentSessions="100"
      maxConcurrentInstances="100"/>
      <!-- To avoid disclosing metadata information, 
set the value below to false and remove the metadata endpoint above before deployment -->
      <serviceMetadata httpsGetEnabled="True"/>
      <serviceCredentials>
        <!--certificate storage path in the server -->
        <serviceCertificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="LocalMachine"  storeName="My"/>
        <issuedTokenAuthentication allowUntrustedRsaIssuers="true"/>
        <!--certificate storage path in the client -->
        <clientCertificate>
          <certificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My"/>
        </clientCertificate>
        <userNameAuthentication userNamePasswordValidationMode="MembershipProvider"/>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>

  <endpointBehaviors>
    <behavior name="WebDataServiceBehaviour">
      <clientCredentials>
        <!--certificate storage path in the client -->
        <clientCertificate findValue="localhost" storeLocation="LocalMachine" x509FindType="FindBySubjectName" storeName="My"/>
        <serviceCertificate>
          <authentication certificateValidationMode="PeerOrChainTrust"/>
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>

I made my own root and server certificate by doing this:

Root: makecert.exe -sv SignRoot.pvk -cy authority -r signroot.cer -a sha1 -n "CN=AuthorityName" -ss my -sr localmachine

Server: makecert.exe -iv SignRoot.pvk -ic signroot.cer -cy end -pe -n CN="localhost" -eku 1.3.6.1.5.5.7.3.1 -ss my -sr localmachine -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

Then with a program called httpconfig.exe i added this cert to the ports 9651..

Now on another pc in the same network I try to make a simple C# console client.. The program.cs is as follows:

class Program
{
    static void Main(string[] args)
    {


        System.Net.ServicePointManager.ServerCertificateValidationCallback += (se, cert, chain, sslerror) =>
        {
            return true;
        };
        wcf1.WebDataServiceClient client = new wcf1.WebDataServiceClient();



        string username = "A";
        string password = "A";
        Object loginObject = client.Login(password, username);
        Console.WriteLine("bla");
        Console.ReadLine();
        client.Close();
    }
}

and the config is generated as follows:

  <system.serviceModel>
    <bindings>
      <wsHttpBinding>
        <binding name="WebDataServiceHttpBinding" closeTimeout="00:01:00"
            openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
            bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
            maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
            messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
            allowCookies="false">
          <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
              maxBytesPerRead="4096" maxNameTableCharCount="16384" />
          <reliableSession ordered="true" inactivityTimeout="00:10:00"
              enabled="false" />
          <security mode="Transport">
            <transport clientCredentialType="Certificate" proxyCredentialType="None"
                realm="" />
            <message clientCredentialType="Windows" negotiateServiceCredential="true" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <client>
      <endpoint address="https://Theipfromthepc:9651/WebDataService" binding="wsHttpBinding"
          bindingConfiguration="WebDataServiceHttpBinding" contract="wcf1.IWebDataService"
          name="WebDataServiceHttpBinding">
        <!--<identity>
<dns value="" />
</identity>-->

      </endpoint>
    </client>
  </system.serviceModel>

Answer 1

clientCredentialType="Certificate" means that the client will authenticate itself using a client certificate, but you have not provided a client certficate. You have only created a server certificate. Depending on how you have configured your server, chances are you want either:

clientCredentialType = "None"

or

clientCredentlaType = "Windows"