After following a few MSDN articles I had client certificates and user name passwords working for my WCF service. The client required a certificate and a username and password to access my service.
Recently, the certificate stopped working, I can access the service without supplying the client certificate. I am using SOAP UI to test the client. Normally I have to add the client cert to the key store and then specify which key to use for the request.
Recently I set up a test and I didn't have to supply the client cert. Nothing in my conifg changed. Do I have the set up properly?
Thank you.
My Binding Config:
<wsHttpBinding>
<binding name="BasicBinding">
<security mode="TransportWithMessageCredential">
<transport clientCredentialType="Certificate" />
<message clientCredentialType="UserName" negotiateServiceCredential="false" establishSecurityContext="false" />
</security>
</binding>
</wsHttpBinding>
My Service:
<service behaviorConfiguration="APIServiceBehaviour" name="Service">
<endpoint address="api" binding="wsHttpBinding" bindingConfiguration="BasicBinding" name="soap-api" bindingNamespace="https://myserver.com" contract="IAIService" />
<host>
<baseAddresses>
<add baseAddress="https://myserver.com" />
</baseAddresses>
</host>
</service>
The Behavior:
<serviceAuthorization principalPermissionMode="Custom">
<authorizationPolicies>
<add policyType="MyAuthorizationPolicy,MyProject" />
</authorizationPolicies>
</serviceAuthorization>
<serviceCredentials>
<serviceCertificate findValue="tempSClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
<userNameAuthentication userNamePasswordValidationMode="Custom" includeWindowsGroups="false" customUserNamePasswordValidatorType="MyProject.UserAuth,MyProject" />
</serviceCredentials>
</behavior>
To program Windows Communication Foundation (WCF) security, X. 509 digital certificates are commonly used to authenticate clients and servers, encrypt, and digitally sign messages.
Certificates stores are kept in the system registry under the keys HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates and HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates.
Certificates are based on public key cryptography, which uses public and private keys to verify subject identities, as well as to encrypt and decrypt data. Each certificate contains the public key from the subject's private and public key pair. The subject retains the private key in its own secure environment.
Also known as computer certificates,machine certificates (as the name implies) give the system—instead of the user—the capability to do something out of the ordinary. The main purpose for machine certificates is authentication, both client-side and server-side.
The certificates have an expiration date. Did you check you certificate in certmgr.msc ?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With