CODEWITHSUNDEEP
wcfauthenticationiisssl
Pedro Angel
Pedro Angel

Reputation: 116

WCF SSL certificate authentication not recognizing configuration settings

I am trying to use SSL certificate authentication in WCF/.NET version 4.0 IIS version 7.5, but, when I enable the oneToOneMappings authentication, the system does not recognize the maxReceivedMessageSize, when I comment out the oneToOneMappings authentication section, IIS recognize the maxReceivedMessageSize variable.

Any ideas about how to make this WCF service use the maxReceivedMessageSize value that I set when the SSL certificate authentication is enabled?

Service Model section:

<system.serviceModel>
    <services>
      <service behaviorConfiguration="AServiceBehavior" name="<IContract>">
        <endpoint address=""  binding="basicHttpBinding" bindingConfiguration="MutualSslBinding" contract="<IContract>"  name="AnEndpoint" />
        <host><baseAddresses><add baseAddress="https://asite.com/service" /></baseAddresses></host>
      </service>
    </services>
    <behaviors>
      <serviceBehaviors>
        <behavior name="AServiceBehavior">
          <serviceCredentials>
          </serviceCredentials>
          <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
          <serviceDebug includeExceptionDetailInFaults="true" httpHelpPageEnabled="true" />
          <serviceSecurityAudit auditLogLocation="Security" />
        </behavior>
      </serviceBehaviors>
    </behaviors>
  <bindings>
      <basicHttpBinding>
        <binding name="MutualSslBinding" axReceivedMessageSize="2147483647">
          <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
                    maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
          <security mode="Transport"> <transport clientCredentialType="Certificate" /></security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <serviceHostingEnvironment aspNetCompatibilityEnabled="false" multipleSiteBindingsEnabled="true">
    </serviceHostingEnvironment>  
  </system.serviceModel>

Certificate Security section:

<system.webServer>
    <security>
      <access sslFlags="Ssl, SslNegotiateCert, SslRequireCert" />
      <authentication>
        <anonymousAuthentication enabled="true" />
        <basicAuthentication enabled="false" />
        <clientCertificateMappingAuthentication enabled="false" />
        <digestAuthentication enabled="false" />
        <windowsAuthentication enabled="false" />
        <iisClientCertificateMappingAuthentication enabled="true" oneToOneCertificateMappingsEnabled="true" manyToOneCertificateMappingsEnabled="true">
          <oneToOneMappings>
                        <clear />
                        <add userName="<LocalUser>" password="<EncryptedPassword>" certificate="<Authentication certificate text>" />
          </oneToOneMappings>
        </iisClientCertificateMappingAuthentication>
      </authentication>
    </security>
    <modules runAllManagedModulesForAllRequests="true" />
    <directoryBrowse enabled="false" />
  </system.webServer>

Upvotes: 2

Views: 503

Answers (1)

Pedro Angel
Pedro Angel

Reputation: 116

On this specific case the issue was not related to the WCF configuration but to the uploadReadAheadSize setting in IIS.

TLS Overhead

When you are using SSL Certificate Authentication the overhead of your request can increase the size to more than 49Kb on the authentication process.

Returning the error 413 Entity Too Large

Use uploadReadAheadSize to control the allowed request size for IIS.

First verify the IIS Request Filtering.

To do this, open IIS Manager. Select your application. In the Features view you will see “Request Filtering”. Open this feature and on the right hand panel you will find “Edit Feature Settings” Maximum Allowed Content Length is an Optional U-Int attribute. It specifies the maximum length of content in a request, in bytes. The default value is 30000000, which is approximately 28.6MB. Next, we can set the uploadReadAheadSize in IIS.

To navigate to this setting, use the following steps:

Launch "Internet Information Services (IIS) Manager"

  • Expand the Server field
  • Expand Sites
  • Select the site your application is in.
  • In the Features section, double click "Configuration Editor"
  • Under "Section" select: system.webServer>serverRuntime

The default setting value is 49Kb.

Response provided by Wanjun Dong at MSDN

serverRuntime settings

Upvotes: 2

Related Questions