none
Service Certificate not detected in App.Config / Microsoft Management Console (MMC) RRS feed

  • Question

  • I encountered a problem whereby the WCF Service Host does not detect the existence of the service certificate that is needed to host a WCF service.

    I created a certificate in the Personal -> Certificates location, called "CertServer" for testing purposes, and it has been made into a trusted certificate, ready to be used. I have included the following behaviour:

    <behavior name="SecurityBehavior">
       <serviceMetadata httpGetEnabled="True"/>
       <serviceDebug includeExceptionDetailInFaults="True"/>
       <serviceCredentials>
         <serviceCertificate findValue="CertServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
         <clientCertificate>
           <certificate findValue="CertClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
           <authentication certificateValidationMode="None"/>
         </clientCertificate>
       </serviceCredentials>
    </behavior>

    in order to locate the service certificate. However, when I tried to host the service, it gave me this error:

    System.InvalidOperationException: The service certificate is not provided. Specify a service certificate in ServiceCredentials. 

    despite that I specified the serviceCertificate tag in the App.Config of the project, as well as having a valid and trusted certifcate that is ready to be used. I would like to know what is causing the issue above.

    Tuesday, March 21, 2017 8:43 AM

Answers

  • >>System.InvalidOperationException: The service certificate is not provided. Specify a service certificate in ServiceCredentials.

    Based on this error, it seems you did not specify the SecurityBehavior in the Service Behavior. Could you share us the complete web.config?

    Here is a simple demo:

       <system.serviceModel>
        <services>
          <service name="WCFCertificate.CertService" behaviorConfiguration="cert">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="certBinding" contract="WCFCertificate.ICertService"/>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
          </service>
        </services>
        <bindings>
          <basicHttpBinding>
            <binding name="certBinding">
              <security mode="Message">
                <message clientCredentialType="Certificate"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior name="cert">
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <serviceCertificate findValue="Certificate Name" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
            <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>    
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>

    I suggest you refer the link below for more information.

    #How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms
    https://msdn.microsoft.com/en-us/library/ff648360.aspx#Step2


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by KM Wong Friday, March 24, 2017 12:58 AM
    Wednesday, March 22, 2017 2:50 AM

All replies

  • >>System.InvalidOperationException: The service certificate is not provided. Specify a service certificate in ServiceCredentials.

    Based on this error, it seems you did not specify the SecurityBehavior in the Service Behavior. Could you share us the complete web.config?

    Here is a simple demo:

       <system.serviceModel>
        <services>
          <service name="WCFCertificate.CertService" behaviorConfiguration="cert">
            <endpoint address="" binding="basicHttpBinding" bindingConfiguration="certBinding" contract="WCFCertificate.ICertService"/>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
          </service>
        </services>
        <bindings>
          <basicHttpBinding>
            <binding name="certBinding">
              <security mode="Message">
                <message clientCredentialType="Certificate"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        <behaviors>
          <serviceBehaviors>
            <behavior name="cert">
              <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <serviceCertificate findValue="Certificate Name" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
            <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>    
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true"/>
      </system.serviceModel>

    I suggest you refer the link below for more information.

    #How to: Use Certificate Authentication and Message Security in WCF Calling from Windows Forms
    https://msdn.microsoft.com/en-us/library/ff648360.aspx#Step2


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by KM Wong Friday, March 24, 2017 12:58 AM
    Wednesday, March 22, 2017 2:50 AM
  • <?xml version="1.0" encoding="utf-8" ?>
    <configuration>
    
      <appSettings>
        <add key="aspnet:UseTaskFriendlySynchronizationContext" value="true" />
      </appSettings>
      <system.web>
        <compilation debug="true" />
      </system.web>
      <!-- When deploying the service library project, the content of the config file must be added to the host's 
      app.config file. System.Configuration does not support config files for libraries. -->
      <system.serviceModel>
        <services>
          <service name="MSMQSecuredService.SecuredMSMQService">
            <endpoint address="net.msmq://localhost/private/testqueue" binding="netMsmqBinding"
                      bindingConfiguration="SecuredBinding" contract="MSMQSecuredService.ISecuredMSMQService">
              <identity>
                <dns value="localhost" />
              </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
            <host>
              <baseAddresses>
                <add baseAddress="http://localhost:8733/Design_Time_Addresses/MSMQSecuredService/SecuredMSMQService/" />
              </baseAddresses>
            </host>
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="SecurityBehavior">
              <serviceMetadata httpGetEnabled="True"/>
              <serviceDebug includeExceptionDetailInFaults="True"/>
              <serviceCredentials>
                <serviceCertificate findValue="CertServer" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                <clientCertificate>
                  <certificate findValue="CertClient" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                  <authentication certificateValidationMode="None"/>
                </clientCertificate>
              </serviceCredentials>
            </behavior>
            <behavior>
              <!-- To avoid disclosing metadata information, 
              set the values below to false before deployment -->
              <serviceMetadata httpGetEnabled="True" httpsGetEnabled="True"/>
              <!-- To receive exception details in faults for debugging purposes, 
              set the value below to true.  Set to false before deployment 
              to avoid disclosing exception information -->
              <serviceDebug includeExceptionDetailInFaults="False" />
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <bindings>
          <netMsmqBinding>
            <binding name="SecuredBinding" exactlyOnce="true" receiveErrorHandling="Fault">
              <security mode="Message">
                <message clientCredentialType="Certificate"/>
              </security>
            </binding>
          </netMsmqBinding>
        </bindings>
      </system.serviceModel>
    
    </configuration>
    

    The above is my complete config file. I am actually trying to use MSMQ using certification. It is based on the example from this link:

    https://www.codeproject.com/Articles/326909/Creating-a-WCF-Service-with-MSMQ-Communication-and

    but somehow, it cannot detect the certificate existing in the specified location above.

    Wednesday, March 22, 2017 6:29 AM
  • You need to add the serviceBehavior to service node.

    <service name="WCFMSMQCertificate.MSMQCertificate" behaviorConfiguration="SecurityBehavior">
    I suggest you pay attention to "behaviorConfiguration" in above code.


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Thursday, March 23, 2017 4:33 AM