Reputation: 3094
WCF self-hosted service with transport security (Authentication failed because the remote party has closed the transport stream.)
I have a self-hosted service that I want to add transport security to. I've set WSHttpBinding.SecurityMode to Transport and the ClientCredentialType to HttpClientCredentialType.None. I've created a certificate and set it to my host with ServiceHost.Credentials.ServiceCertificate.SetCertificate() I've also registered it using netsh http add sslcert ipport=127.0.0.1:80 certhash=[MyCertHash] certstorename=MY appid=[TheGuidOfTheAppTahtRunsTheService] verifyclientcertrevocation=disable
I'm getting the following error message whenever I try to call the service: "Authentication failed because the remote party has closed the transport stream."
Does this mean the the client and server try to authenticate each other? How can I disable it? To make things clear, I do not want to install a certificate at the client, I'm not looking for any authentication atm, just securing the messages content, if that's even possible.
Upvotes: 3
Views: 6746
Answers (3)
Reputation: 8231
I was trying to track down this same error, and came across this post. WCF tracing doesn't help as the error appears on the client side in the HTTP stack, and on the server side the request is rejected before it ever makes it to the WCF layer.
I found that I wasn't being thorough enough. Make sure all the following conditions are met. I had some but not all of these properly set up:
The server's certificate issuer has a valid and matching issuing trusted root CA on the same machine.
The server certificate subject name matches the machine name exactly, and the machine name the client is accessing matches as well ("localhost" vs the server's
Environment.MachineNamevalue)The server certificate's thumbprint has been set by an Administrator using the following command (use
netshequivalent for newer versions of Windows)httpcfg set ssl -i 0.0.0.0:{port} -h {thumbprint}This client also has the same valid issuing root CA certificate on the client machine.
Here's a good reference: SSL with Self-hosted WCF Service.
Upvotes: 2
Reputation: 2532
Certificates can be a pain in the ass some times to get working. First thing you should always do with WCF is turn on tracing:
http://msdn.microsoft.com/en-us/library/ms733025.aspx
Then, you can use SVCTraceViewer to view the exceptions that your service is generating behind the scenes and get a little insight into what is happening, which is a must with many WCF problems. 9 out of 10 times, the trace will tell you everything you need to know.
Also, make sure that both the client and the server have the certificate configured, since the certificate needs to be installed on both machines.
Upvotes: 2
Reputation: 12680
This MSDN post may help solve your problem. The initial request in the post is to configure a different security mode than yours but they switch to Transport mode for troubleshooting and that info should apply to your situation.
If what you describe is all you've done to install the certificate then you're missing a few steps. The post outlines the process to get a valid certificate installed. Good luck!!
Upvotes: 2
Related Questions
- Selfhosted WCF Service with SSL and Username and Password authentication
- WCF transport security: socket connection was aborted
- "Authentication failed because the remote party has closed the transport stream" for normal users
- SSL Error with WCF Service using Transport Security & Cert. Authentication
- WCF transport security with no authentication
- Exception in configuring Transport Security in Self Hosted Service using NetTcpBinding in WCF
- Secure self-hosted WCF service
- WCF self-hosted service SSL/transport security/Basic authentication doesn't ask for credentials
- WCF HTTPS self-hosted service does not work ("connection to the server was reset")
- Windows Authentication using WCF and Self Hosting