none
Add WCF reference failed when using Certificate Authentication and Transport Security RRS feed

  • Question

  • I have configured WCF using Certificate Authentication and Transport Security. I can browse it via https without any problem. Now I want to consume it in my client. When I add the service reference, I got the following error:

    There was an error downloading 'https://mydomain/myService/myService.svc/_vti_bin/ListData.svc/$metadata'.
    The request failed with HTTP status 403: Forbidden.
    Metadata contains a reference that cannot be resolved: 'https://mydomain/myService/myService.svc'.
    The HTTP request was forbidden with client authentication scheme 'Anonymous'.
    The remote server returned an error: (403) Forbidden.
    If the service is defined in the current solution, try building the solution and adding the service reference again.

    How do I solve this problem?

    Thanks in advance!!!

    Wednesday, June 26, 2013 9:04 PM

Answers

  • Hi,

    Please make sure you have httpsGetEnabled="true" configured in service behavior, if this was added already, please try uncheck the "Require SSL" option in IIS.

    As illustrated in the document below, when the service is hosted under IIS which is configured with SSL, the service is configured with an SSL (X.509) certificate to allow clients to verify the identity of the server. The client is also configured with an X.509 certificate that allows the service to verify the identity of the client. The server’s certificate must be trusted by the client and the client’s certificate must be trusted by the server.

    #Transport Security with Certificate Authentication

    http://msdn.microsoft.com/en-us/library/ms731074.aspx

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, June 27, 2013 6:54 AM
    Moderator

All replies

  • Hi,

    Please make sure you have httpsGetEnabled="true" configured in service behavior, if this was added already, please try uncheck the "Require SSL" option in IIS.

    As illustrated in the document below, when the service is hosted under IIS which is configured with SSL, the service is configured with an SSL (X.509) certificate to allow clients to verify the identity of the server. The client is also configured with an X.509 certificate that allows the service to verify the identity of the client. The server’s certificate must be trusted by the client and the client’s certificate must be trusted by the server.

    #Transport Security with Certificate Authentication

    http://msdn.microsoft.com/en-us/library/ms731074.aspx

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, June 27, 2013 6:54 AM
    Moderator
  • My client application and my WCF service are on different domain. When configuring WCF service endpoint binding, security mode is set to "Transport", transport clientCredentialType is set to Certificate. What about message clientCredentialType? Should be Certificate or Windows? The default is Windows. Should I change it to Certificate?

    Thanks

    Thursday, June 27, 2013 7:39 PM
  • Hi,

    >>What about message clientCredentialType? Should be Certificate or Windows? The default is Windows. Should I change it to Certificate?

    If you want Transport Security with Certificate, you do not need set the Message clientCredentialType, just like:

    <wsHttpBinding>
            <!-- configure wsHttp binding with Transport security mode and clientCredentialType as Certificate -->
            <binding>
              <security mode="Transport">
                <transport clientCredentialType="Certificate"/>            
              </security>
            </binding>
          </wsHttpBinding>
    

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, June 28, 2013 4:26 AM
    Moderator