0

I have created a wcf web service and host it with window service. The issue comes when i made changes in the config file for SSL. I have created self signed certificate using make cert command as describe here (http://www.digitallycreated.net/Blog/38/using-makecert-to-create-certificates-for-development) and those certificate have been added to trusted and peresonal folder of my machine. Although i am able to browse my service but when i call the service method with client application this error comes (The HTTP request was forbidden with client authentication scheme 'Anonymous'.). I have also configured my port with ssl using netsh command.

To do all this i have followed this tutorial (http://talal-khan.blogspot.com/2010/02/hosting-https-ssl-wcf-as-windows.html).

Window service config:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.serviceModel>

 <behaviors>
  <serviceBehaviors>
    <behavior name="OurServiceBehavior">
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="ChainTrust" revocationMode="NoCheck"
            trustedStoreLocation="LocalMachine" />
        </clientCertificate>
        <serviceCertificate findValue="24d7ac65704bc0a161cc2539d22ad2916f5cf4b0"
          storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
      </serviceCredentials>
      <serviceMetadata httpsGetEnabled="true" />
    </behavior>
  </serviceBehaviors>
</behaviors>

<services>
  <service behaviorConfiguration="OurServiceBehavior" name="Service.Calculator">
    <host>
      <baseAddresses>
        <add baseAddress="https://localhost:8022/CalculatorService" />
      </baseAddresses>
    </host>
    <endpoint address=""
      binding="wsHttpBinding" bindingConfiguration="SecureBinding"
      contract="Service.Calculator" />
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
  </service>
</services>

<bindings>
  <wsHttpBinding>
    <binding name="SecureBinding" closeTimeout="00:010:00"
      openTimeout="00:010:00" receiveTimeout="00:10:00" sendTimeout="00:010:00"
      bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
      maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
      textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
        maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00"
        enabled="false" />
      <security mode="Transport">
        <transport clientCredentialType="Certificate" proxyCredentialType="None"
          realm="" />
      </security>
    </binding>
  </wsHttpBinding>
  </bindings>

  </system.serviceModel>
 </configuration>

And this is Client App config

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
 <system.net>
<settings>
  <servicePointManager checkCertificateName="false"/>
 </settings>
</system.net>

 <system.serviceModel>
  <behaviors>
   <endpointBehaviors >
    <behavior name="SecureEpBehavior">

      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="ChainTrust" trustedStoreLocation="LocalMachine" revocationMode="NoCheck"/>
        </serviceCertificate>
        <clientCertificate findValue="1df9b9ff70a1d876aec9f30e5a315604937f7c91"
          storeLocation="LocalMachine" storeName ="My" x509FindType="FindByThumbprint" />
      </clientCredentials>

    </behavior>
  </endpointBehaviors>

</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="WSHttpBinding_Calculator" closeTimeout="00:01:00"
        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
        bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
        maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
        messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true"
        allowCookies="false">
      <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
          maxBytesPerRead="4096" maxNameTableCharCount="16384" />
      <reliableSession ordered="true" inactivityTimeout="00:10:00"
          enabled="false" />
      <security mode="Transport">
        <transport clientCredentialType="Certificate" proxyCredentialType="None"
            realm="" />
        <message clientCredentialType="Windows" negotiateServiceCredential="true" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint address="https://localhost:8782/CalculatorService/"
      binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_Calculator" behaviorConfiguration="SecureEpBehavior"
      contract="CalculatorService.Calculator" name="WSHttpBinding_Calculator" />
  </client>
  </system.serviceModel>
  </configuration>
Hussey
  • 127
  • 1
  • 2
  • 8
  • Have you seen these related SO posts - [this](https://stackoverflow.com/questions/14853135/the-http-request-was-forbidden-with-client-authentication-scheme-anonymous) and [this](https://stackoverflow.com/questions/26169136/the-http-request-was-forbidden-with-client-authentication-scheme-anonymous-th) – Subbu Aug 09 '17 at 04:33
  • yes its working fine with clientCredentialType="None" but how it can be run fine with clientCredentialType="Certificate", because i need to install this web service on a client with proper certificate/authentication and all that, for development purpose i am using self signed certificate but on client it will be real authorized certificate... can anyone explain it to me thanks for your comment (Subbu) – Hussey Aug 10 '17 at 09:37

0 Answers0