Reputation: 17930
WCF and SSL Mutual Authentication 403 - Forbidden: Access is denied
I have created a wcf data service and expose it over HTTP, with SSL required. I am trying to have a setup where both the service and the clients are authenticated through certificates (mutual authentication). I am using developer certificates. so, I added the server's certificate to the client's trusted people store.
but I'm still getting an exception : "403 - Forbidden: Access is denied."
1- Here is my server config :
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
</behaviors>
<services>
<service behaviorConfiguration="" name="PricingDataService">
<endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
name="webHttpEndpoint" contract="System.Data.Services.IRequestHandler" />
</service>
</services>
How do I make the server to recognise the client's certificate ? (it should be a developer certificate as well).
2- Here is my client config :
<system.serviceModel>
<bindings>
<webHttpBinding>
<binding name="webHttpBindingConfig">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</webHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="clientCredentialBehavior">
<clientCredentials>
<clientCertificate storeName="TrustedPeople" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" findValue="tempClientcert" />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"
binding="webHttpBinding" bindingConfiguration="webHttpBindingConfig"
contract="System.Data.Services.IRequestHandler" name="" kind=""
endpointConfiguration="" behaviorConfiguration="clientCredentialBehavior">
<identity>
<dns value="MyServiceSecure"/>
</identity>
</endpoint>
</client>
</system.serviceModel>
3- Here's the code I use to call the wcf code :
> MyServiceContext service = new MyServiceContext (
new Uri("https://MyServiceSecure/MyServiceSecure/MyServiceSecure.svc"));
service.SendingRequest += this.OnSendingRequest_AddCertificate;
//
private void OnSendingRequest_AddCertificate(object sender, SendingRequestEventArgs args)
{
if (null != ClientCertificate)
(args.Request as HttpWebRequest).ClientCertificates.Add(X509Certificate.CreateFromCertFile(@"C:\Localhost.cer"););
}
do I create a certificate on the server and then install it on the client ?
Upvotes: 1
Views: 5459
Answers (1)
Reputation: 4787
I think your certificates might be wrong, but start out by verifying in IIS that "Client certificates" under "SSL Settings" for the website are either set to Accept or Require (whichever suits you best).
I believe that for your purposes creating a self-signed certificate for the server in IIS and then exporting this certificate to a .pfx file and installing it in your trusted root should work.
If that doesn't help you, I'd look at this question: Using makecert for Development SSL
Upvotes: 1
Related Questions
- IIS hosted WCF with SSL security -"The HTTP request was forbidden with client authentication scheme 'Anonymous'" error
- WCF Authentication not working
- Stumped by "The remote server returned an error: (403) Forbidden" with WCF Service in https
- WCF showing 403 Forbidden using SSL and client certificates
- Self-Hosted WCF Service with Mutual SSL (between Service and Client) fails with 403 Forbidden
- Access denied in WCF when switching to SSL (ASP.NET Forms authentication)
- 401 - Unauthorized: Access is denied due to invalid credentials
- Authentication failed while calling WCF service from ASP.NET
- WCF call gets "Access is denied" over HTTPS on .NET 4
- WCF windows authentication security error