none
Single endpoint which will accept client cert optionally RRS feed

  • Question

  • My WCF service is hosted in IIS and it has SSL settings = Client Certificates = "Accept" (As per my understanding, it means it is okay to make request to this service with or without client certificate.

    Now WCF service side in my config i am using something like this

    <webHttpBinding>
    <binding name="webBinding">
    <security mode="Transport">
    <transport clientCredentialType="Certificate"/>
    </security>
    </binding>

    </webHttpBinding>

    With this, If i am sending a certificate in the http request made to this service, i can see the cert thumbprint and it goes as expected.

    Problem is when i do not send a certificate with the http request made to the service. It give me 403 forbidden problem. Which i can understand that because clientCredentialType="Certificate" so WCF runtime will expect a certificate.

    So i  changed the binding like this

    <webHttpBinding>
    <binding name="webBinding">
    <security mode="Transport">
    <transport clientCredentialType="None"/>
    </security>
    </binding>

    </webHttpBinding>

    Now if i make request to the service without client certificate it don't give any error. But now if i make a request to the service with client certificate, it ignore the certificate and i cannot see any value in OperationContext.Current.ServiceSecurityContext.PrimaryIdentity.Name

    WCF runtime simply ignores the certificate and do not pass it in the operationcontext. 

    Am i doing something wrong here? Please advise.

    ViBi



    • Edited by vkbishnoi Friday, December 5, 2014 5:49 AM
    Friday, December 5, 2014 5:41 AM

Answers

  • Hi vkbishnoi,

    Yes, as you said that if we are using the Certificate authentication, then the WCF runtime will expect a certificate.
    But if we set the clientCredentialType to None. It means that the WCF service specifies anonymous authentication. So once we make a request to the service with client certificate, it will ignore the certificate.

    For more information, please try to refer to the following article:
    #ClientCredentialType:
    http://msdn.microsoft.com/en-us/library/system.servicemodel.httptransportsecurity.clientcredentialtype(v=vs.110).aspx .


    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Monday, December 8, 2014 2:48 AM
    Moderator