Is it possible to have transport security without authentication? I'm well aware of it's flaws but atm I can't install a certificate a the client side. It seems I can set WSHttpBinding.SecurityMode to Transport and the ClientCredentialType to HttpClientCredentialType.None, but when I try to call the service I get this exception:
An error occurred while making the HTTP request to https://[MyService]. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
I don't think it's a mismatch of the security binding between the client and the server because I'm using a proxy generated by svcutil.
Why's it looking for a server certificate if I've set the ClientCredentialType to None?
You can have HTTPS communication without authentication, but you cannot have HTTPS communication without certificates, since HTTPS encryption uses certificates.
There are a few things to check:
If you can't access the WSDL or another resource on the site over HTTPS, then HTTPS isn't configured on the server.
If you get warnings about the certificate, then you don't have a certificate that the client will trust. There are three options here; one is to get a valid certificate from somewhere like Verisign that will be trusted, the other is to install the certificate in a trusted part of the user's store (which you can't do as you mentioned), and the final is to turn off the cerificate revocation in the client's WCF configuration.
What you have set up looks correct for what you want.
I think that the problem relates to the difference between the certificate needed to ensure transport level security (HTTPS) and any certificate needed for authentication.
To perform transport level security you need to configure a certificate for the IIS server to use for its encryption. This is in no way used to identify parties in the WCF communication, just to secure the communication. (the certificate used for this HTTPS transport is also used to identify the server but that isn't related to WCF identity)
Here is a link to a blog post explaining how to set up a certificate in IIS for this purpose. Not necessarily the best google has to offer, just the first I found that covered all the important points. MSDN should cover this in detail too.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With