Josh
Reputation: 8477
Use WCF Client to consume Non-WCF Service and pass Client Certificate
I have an ASP.NET application that calls a Java Web Service using a WCF Client. The communication works until a certificate is required. I updated the config, but I'm receiving errors on call. Does anyone have good example of the configuration? The certificate is stored in Certificate Store.
Config that works when Client Certificate is not needed:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="DocManagementSOAP" closeTimeout="00:01:00" openTimeout="00:01:00"
receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false"
bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="None" proxyCredentialType="None" realm="" />
<message clientCredentialType="UserName" algorithmSuite="Default" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://acme.com/services/docmanagement_V3"
binding="basicHttpBinding"
bindingConfiguration="DocManagementSOAP"
contract="FileNetDmsServiceReference.docManagement"
name="DocManagementSOAP" />
</client>
</system.serviceModel>
Config that is failing that I'm trying to setup to pass Client Cert:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="DocManagementSOAP"
closeTimeout="00:01:00"
openTimeout="00:01:00"
receiveTimeout="00:10:00"
sendTimeout="00:01:00"
allowCookies="false"
bypassProxyOnLocal="false"
hostNameComparisonMode="StrongWildcard"
maxBufferSize="65536"
maxBufferPoolSize="524288"
maxReceivedMessageSize="65536"
messageEncoding="Mtom"
textEncoding="utf-8"
transferMode="Buffered"
useDefaultWebProxy="true">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<security mode="Transport">
<transport clientCredentialType="Certificate" proxyCredentialType="None" realm=""/>
<message clientCredentialType="Certificate" algorithmSuite="Default"/>
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://acme.com/services/docmanagement_V3"
binding="basicHttpBinding"
bindingConfiguration="DocManagementSOAP"
behaviorConfiguration="CertificateBehavior"
contract="ServiceReference.docManagement"
name="DocManagementSOAP">
<identity>
<dns value="cert.acme.com" />
</identity>
</endpoint>
</client>
<behaviors>
<endpointBehaviors>
<behavior name="CertificateBehavior">
<clientCredentials>
<clientCertificate x509FindType="FindBySubjectName" findValue="cert.acme.com" storeLocation="LocalMachine"/>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust"
revocationMode="NoCheck"
trustedStoreLocation="LocalMachine" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
Upvotes: 1
Views: 808
Answers (1)
Josh
Reputation: 8477
After working with Microsoft Tech support, this is configuration finally worked:
<system.serviceModel>
<bindings>
<basicHttpBinding>
<binding name="DocManagementSOAP"
messageEncoding="Mtom"
textEncoding="utf-8">
<security mode="Transport">
<transport clientCredentialType="Certificate" proxyCredentialType="None" realm="" />
</security>
</binding>
</basicHttpBinding>
</bindings>
<client>
<endpoint address="https://acme.com/services/docmanagement_V3"
binding="basicHttpBinding"
behaviorConfiguration="cert"
bindingConfiguration="DocManagementSOAP"
contract="docManagement"
name="DocManagementSOAP" />
</client>
<behaviors>
<endpointBehaviors>
<behavior name="cert">
<clientCredentials>
<clientCertificate findValue="cert.acme.com"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
Note: If your service doesn't support MTOM, remove or change the messageEncoding attribute.
Upvotes: 1
Related Questions
- Consume WCF web service using x509 certificate in .Net Standard 2.0 Library?
- Wcf with certificate as ClientCredentials
- Calling a WCF service with certificate from a client application without having the contract interface
- C# WCF communication with client certificate
- Using Wcf SSl certificate over Tcp without client certificate (Server side only)
- WCF service reference with certificate authentication
- WCF Certificate Authentication with Service Only (No Client Cert)
- WCF Service on Client Side - SSL Certificate
- How can I use a client certificate with a missing CA to communicate with a external Web service?
- Where do I get my WCF service to handle X509 certificates? C#.NET