WCF - 'The service certificate is not provided for target' error for WCF client calling a WCF service

Question

I'm trying to create a test service/client in WCF using Message security, with certificates. I'm using the basic service that Visual Studio creates out of the box, and am calling it from another project that I have set up as the client.

I have created two certificates, one for the server, and the other for the client, and imported them into my certificates store. I've also followed the instructions at: http://msdn.microsoft.com/en-us/library/ms733098.aspx

However, no luck. When invoking the server from the client I'm getting the error:

The service certificate is not provided for target 'http://localhost:1704/Service1.svc'. Specify a service certificate in ClientCredentials.

My service config is as follows:

<system.serviceModel>
    <services>
      <service name="WcfService2.Service1" behaviorConfiguration="ServiceCredentialsBehavior">
        <endpoint address="" binding="wsHttpBinding" contract="WcfService2.IService1" bindingConfiguration="MyHTTPBindingConfig">
          <identity>
            <dns value="localhost"/>
          </identity>
        </endpoint>
      </service>
    </services>
    <bindings>
      <wsHttpBinding>
        <binding name="MyHTTPBindingConfig">
          <security mode="Message">
            <message clientCredentialType="Certificate" negotiateServiceCredential="false" establishSecurityContext="false" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <serviceBehaviors>
        <behavior name="ServiceCredentialsBehavior">
          <serviceCredentials>
            <serviceCertificate findValue="WCFTest" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
          </serviceCredentials>
        </behavior>
      </serviceBehaviors>
    </behaviors>
  </system.serviceModel>

My client config is:

<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IService1" closeTimeout="00:01:00"
                openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
                bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
                maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
                messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
                allowCookies="false">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
                    maxBytesPerRead="4096" maxNameTableCharCount="16384" />
                <reliableSession ordered="true" inactivityTimeout="00:10:00"
                    enabled="false" />
                <security mode="Message">
                    <transport clientCredentialType="Windows" proxyCredentialType="None"
                        realm="" />
                    <message clientCredentialType="Certificate" negotiateServiceCredential="false"
                        algorithmSuite="Default" establishSecurityContext="false" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:1704/Service1.svc" binding="wsHttpBinding"
            bindingConfiguration="WSHttpBinding_IService1" contract="ServiceReference1.IService1"
            name="WSHttpBinding_IService1" behaviorConfiguration="endpointCredentialBehaviours">
            <identity>
                <dns value="localhost" />
            </identity>
        </endpoint>
    </client>
  <behaviors>
    <endpointBehaviors>
      <behavior name="endpointCredentialBehaviours">
        <clientCredentials>
          <clientCertificate findValue="WCFClient" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName"/>
        </clientCredentials>
      </behavior>
    </endpointBehaviors>
  </behaviors>
</system.serviceModel>

And I'm invoking the service in the client with:

    ServiceReference1.Service1Client client = new ServiceReference1.Service1Client();
    string s = client.GetData(1);
    label1.Text = s;
    client.Close();

Can anybody tell me what I'm doing wrong?

Answer 1

This is an example of working client configuration:

<client>
 <endpoint address="http://example.com/Myservice.svc"
        binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IService"
        contract="Core.IService" name="WSHttpBinding_IService" behaviorConfiguration="myServiceBehaviour" >
   <identity>
    <dns value="SampleServiceCertificate"/>
   </identity>
 </endpoint>
</client>
    <behaviors>
      <endpointBehaviors>
        <behavior name="myServiceBehaviour">
          <clientCredentials>
            <serviceCertificate>
              <defaultCertificate storeLocation="LocalMachine" storeName="My" findValue="SampleServiceCertificate" x509FindType="FindBySubjectName"  />
            </serviceCertificate>
          </clientCredentials>
        </behavior>        
      </endpointBehaviors>      
    </behaviors>

In your posted configuration the clientCredentials node is missing the serviceCertificate child node.

Answer 2

As the error suggests it seems that your client is not providing a certificate. The first step I would do in order to troubleshoot this is to ensure that your client certificate is where you need it to be and the name in your config file is correct. You can do that with MMC. Here are the instructions on how to do that:

How to: View Certificates with the MMC Snap-in: http://msdn.microsoft.com/en-us/library/ms788967.aspx

I would also try adding a client certificate manually through code:

How to: Specify Client Credential Values: http://msdn.microsoft.com/en-us/library/ms732391.aspx