locked
The caller was not authenticated by the service. RRS feed

  • Question

  • Hi,

        I create a certification in my client as following, and install them there (client):

    makecert -n "CN=RootAuthDevCA" -r -sv RootAuthDevCA.pvk RootAuthDevCA.cer
    
    makecert -sk Dev_SignedByCA -iv RootAuthDevCA.pvk -n "CN=Dev_SignedByCA" -ic RootAuthDevCA.cer Dev_SignedByCA.cer -sr currentuser -ss My

    (as describe in : http://msdn.microsoft.com/en-us/library/ms733813.aspx )

    After that I install it also in my server where the WCF duplex hosted in (IIS 7.5). I can access the wcf service from web browser!!!!!, what im missing!!!

    I connect the service as:

    MyServiceClientProxy Proxy = new MyCallbackProxy();
    MyCallbackProxy myCallbackProxy = new InstanceContext(myCallbackProxy);
    
    this.Proxy = new MyServiceClientProxy(cntx, "WSDualHttpBinding_I_BridgeWCFService");
    //this.Proxy.ClientCredentials.Windows.ClientCredential.UserName = "y";
    //this.Proxy.ClientCredentials.Windows.ClientCredential.Password = "y";
    
    try
    {
    // Create and open proxy to the service
    this.Proxy.Open();
    }
    catch { //here the exception; }
    


    My WCF config (Web.config):

    <?xml version="1.0"?>
    <configuration>
      <system.serviceModel>
        <bindings>
          <wsDualHttpBinding>
            <binding name="WSDualHttpBinding_I_BridgeWCFService" closeTimeout="01:01:00" openTimeout="01:01:00" receiveTimeout="01:10:00" sendTimeout="01:01:00" bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646" messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
              <readerQuotas maxDepth="256" maxStringContentLength="2147483646" maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646"/>
              <reliableSession ordered="true" inactivityTimeout="01:10:00"/>
              <security mode="Message">
              </security>
            </binding>
          </wsDualHttpBinding>
    
          <wsHttpBinding>
            <binding name="CertificateForClient">
              <security>
                <message clientCredentialType="Certificate" />
              </security>
            </binding>
          </wsHttpBinding>
    
        </bindings>
        <services>
          <service behaviorConfiguration="_BridgeNameSpace.Service1Behavior" name="_BridgeNameSpace._BridgeWCFService">
            <endpoint address="" binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_I_BridgeWCFService" contract="_BridgeNameSpace.I_BridgeWCFService">
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>       
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="_BridgeNameSpace.Service1Behavior">
              <!-- To avoid disclosing metadata information, set the value below to false and remove the metadata endpoint above before deployment -->
              <serviceMetadata httpGetEnabled="true"/>
              <dataContractSerializer maxItemsInObjectGraph="2147483647"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="false"/>
              <serviceCredentials>
                <clientCertificate>
                  <authentication certificateValidationMode="None" mapClientCertificateToWindowsAccount="true" />
                </clientCertificate>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
      </system.serviceModel>
      <system.web>
        <compilation debug="true"/>
      </system.web>
    </configuration>
    

    my app.config:

    <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
      <system.diagnostics>
        <sources>
          <source name="System.ServiceModel" switchValue="Information, ActivityTracing" propagateActivity="true">
            <listeners>
              <add name="traceListener" type="System.Diagnostics.XmlWriterTraceListener" initializeData="c:\log\Traces.svclog"/>
            </listeners>
          </source>
        </sources>
      </system.diagnostics>
      <system.serviceModel>
        <bindings>
          <wsDualHttpBinding>
            <binding name="WSDualHttpBinding_I_BridgeWCFService" closeTimeout="00:01:00"
              openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
              bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
              maxBufferPoolSize="2147483646" maxReceivedMessageSize="2147483646"
              messageEncoding="Text" textEncoding="utf-8" useDefaultWebProxy="true">
              <readerQuotas maxDepth="256" maxStringContentLength="2147483646"
                maxArrayLength="2147483646" maxBytesPerRead="2147483646" maxNameTableCharCount="2147483646" />
              <reliableSession ordered="true" inactivityTimeout="00:10:00" />
              <security mode="Message"/>
            </binding>
          </wsDualHttpBinding>
        </bindings>
        <client>
          <endpoint address="http://win-j/_Bridge1/_BridgeWcfService.svc"
            binding="wsDualHttpBinding" bindingConfiguration="WSDualHttpBinding_I_BridgeWCFService"
            contract="_BridgeWcfServiceReference.I_BridgeWCFService"
            behaviorConfiguration="CertForClient"
            name="WSDualHttpBinding_I_BridgeWCFService">
          </endpoint>
        </client>
        <behaviors>
          <endpointBehaviors>
            <behavior name="CertForClient">
              <clientCredentials>
                <clientCertificate findValue="Dev_SignedByCA" x509FindType="FindBySubjectName" />
              </clientCredentials>
            </behavior>
          </endpointBehaviors>
        </behaviors>
      </system.serviceModel>
      <startup>
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.0,Profile=Client"/>
      </startup>
    </configuration>
    
    


    Sunday, January 22, 2012 4:54 PM

Answers

All replies

  • Markos,

    I see some missing things in your config files...

    At the service endpoint you point to the 'WSDualHttpBinding_I_BridgeWCFService' binding configuration. In that binding config you have this:

    <security mode="Message">
    </security>
    
    

    You are not setting the clientcredentialtype to 'certificate' for example... (the default is Windows!!)

    The same problem on the client app.config. The security element is not configured.

    Sunday, January 22, 2012 5:26 PM
  • When add those "missing" I got the follwing exception:

    "lient is unable to finish the security negotiation within the configured timeout (00:00:00).  The current negotiation leg is 1 (00:00:00)."

    Sunday, January 22, 2012 5:31 PM
  • Markos,

    Enable WCF tracing (via diagnostics)... It often gives much more detail of where exactly the security negotiation fails.

    Sunday, January 22, 2012 6:39 PM
  • Hi,

    I find the problem, its simply the firewall in the test application side which block the income channel from server during the duplex connection for call back. thanks to Richard Blewett

    All the time i tried to play with the server while the problem in my local PC (I just turn off the firewall in my pc) and it works.

    Now I have 2 questions, on what to do next: http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/f094ce4d-51a2-42b3-b5ed-66c0104847a1

    • Marked as answer by Yi-Lun Luo Monday, January 23, 2012 11:37 AM
    Monday, January 23, 2012 8:05 AM