Reputation: 1065
WCF service client with cert auth, works when debug, but not live
Im using a certificate authenticated WCF service. I works when in VS debugmode, but when i publish and run it won't work.
The cerificatesd are stored in CurrentUser/TrustedPeople. This is my config behavior-section:
<behavior name="LoadClientCert">
<clientCredentials>
<clientCertificate findValue="CN=Certificate1"
storeLocation="CurrentUser" storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<serviceCertificate>
<defaultCertificate findValue="CN=Certificate2"
storeLocation="CurrentUser" storeName="TrustedPeople"
x509FindType="FindBySubjectDistinguishedName" />
<authentication certificateValidationMode="None"
revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
Error message: Request Error The server encountered an error processing the request. See server logs for more details.
My guess is that the IIS user don't have permissions to use the certificate. But that is only guessing.
And where can i find that server log? i tried event viewer but i didn't find anything. I also added this to my config without luck(its empty after trying the solution):
<system.diagnostics>
<sources>
<source name="System.ServiceModel.MessageLogging">
<listeners>
<add name="messages"
type="System.Diagnostics.XmlWriterTraceListener"
initializeData="f:\logs\messages.svclog" />
</listeners>
</source>
</sources>
</system.diagnostics>
<diagnostics>
<messageLogging
logEntireMessage="true"
logMalformedMessages="false"
logMessagesAtServiceLevel="true"
logMessagesAtTransportLevel="false"
maxMessagesToLog="3000"
maxSizeOfMessageToLog="2000"/>
</diagnostics>
Any suggestions?
Upvotes: 0
Views: 976
Answers (1)
Reputation: 7876
If you are using 2 was SSL i.e. securing the transport channel with SSL and authenticating your client with SSL then the certificates should be placed as follows:
For Server Certificate (.pfx file):
Install the certificate in Local Machine Personal folder.
For Client Certificates:
On Server machine(.cer file): Install the client certificate in Local Machine --> Trusted People Store
On Client Machine (.pfx file): Install the client certificate in Local User --> Personal Store
Also if the server certificate is self signed make sure to use the below code on your client side just before invoking the service method:
System.Net.ServicePointManager.ServerCertificateValidationCallback = (sender, cert, chain, error) =>
{
return true;
};
UPDATE:
Upvotes: 2
Related Questions
- WCF Certificate Based Authentication Issue. Service is Getting authenticated with an invalid Certificate
- Certificate is not found when WCF Application is hosted as a Windows Service on Windows 7
- WCF Certificate Authentication not working
- WCF service with certificate authentication: "The caller was not authenticated by the service"
- WCF - 'The service certificate is not provided for target' error for WCF client calling a WCF service
- WCF SSL certificate authentication not recognizing configuration settings
- Can't get certificate message credentials to work in my WCF service
- Certificate issue on console host and windows service host
- WCF service certificate giving error on IIS, running fine on local port
- WCF Certificate Configuration with ASP.NET