locked
basicHttpBinding with Username credential RRS feed

  • Question

  •  

    Hello Everybody,

    I have created a WCF service with wsHttpBinding with Custom Username Validator. Later, we found that wsHttpBinding is not compatible with JAVA. So now we are moving on to basicHttpBinding with Custom Username validator.

     

     

     

    <system.serviceModel>

    <bindings>

    <basicHttpBinding>

    <binding name="BupaBasicHttpBinding">

    <security mode="TransportCredential">

    <message clientCredentialType="UserName"/>

    </security>

    </binding>

    </basicHttpBinding>

    </bindings>

    <services>

    <service name="Service" behaviorConfiguration="ServiceBehavior">

    <endpoint address="basicEndpoint" binding="basicHttpBinding" bindingConfiguration="BupaBasicHttpBinding" contract="IService"/>

    </service>

    </services>

    <behaviors>

    <serviceBehaviors>

    <behavior name="ServiceBehavior">

    <serviceMetadata httpsGetEnabled="true"/>

    <serviceDebug includeExceptionDetailInFaults="true"/>

    <serviceCredentials>

    <clientCertificate>

    <authentication certificateValidationMode="None" revocationMode="NoCheck" />

    </clientCertificate>

    <serviceCertificate findValue="GBSTAPOC01"

    storeLocation="LocalMachine"

    storeName="TrustedPeople"

    x509FindType="FindBySubjectName"/>

    </serviceCredentials>

    </behavior>

    </serviceBehaviors>

    </behaviors>

    </system.serviceModel>

     

    This is my .config file

    The certificate i have mentioned in the service credential is the certificate i got from comodo (free online certificate provider). I installed this certificate under trusted people.

    If I place the certificate under "Personal Folder", I am getting "Multiple certificates found" exception.

    . In IIS (5.0 in Windows 2003 Server), I mapped the particular WCF Service node to certificate which is different from the certificate I use in .config file. (Hope you understand my scenario)

    Can these certificates be different???

     

    Fine, with different certificates, one at IIS and another at .config file, I managed to bring the service up. But, not able to create the proxy. I am getting, "The underlying connection was closed. Could not establish trust relationship for the SSL/TLS secure channel.
    The remote certificate is invalid according to the validation procedure" exception.

     

    Anybody to help me????

     

     

    PS: If all these are so confusing, can u give me any article that explains how to go about transport mode with custom username for basicHttpBinding?

     

     

    Anticipating for any helpful reply...

     

    -Saran

     

     

    Monday, September 29, 2008 12:56 PM

Answers

  • Try this:

     

    "Make sure to create a test certificate with data signing and key-exchange(Encryption) features. You can do that with the makecert.exe tool, this tool supports the following arguments:

     

    - sr: Store Location, it can be LocalMachine or CurrentUser
    - ss: Store Folder, it can take different values but these are probably the most common, My (Personal) or Trusted (Trusted Folder).
    - n: Certificate Distinguished name. It is very import to chose a right name for the certificate since it will identify it. (This name is also used to look for the certificate)

    For example,

     

    makecert.exe -sr LocalMachine -ss My -a sha1 -n CN=MyServerCert -sky exchange -pe 

     

    This tool only generates and stores the certificate in the certificate store, but it does not assign any permission on that certificate. If you planning to use the certificate from WCF, you may need to give read permission to the account running the service, for instance the account ASPNET for a normal web service.
    Microsoft provides another tool to grant permissions on certificates, the name of this tool is winhttpcertcfg.


    The following sample, grant permission on the certificate created above to the ASPNET account:

     

    winhttpcertcfg -g -c LOCAL_MACHINE\My -s MyServerCert -a ASPNET"

     

    Friday, October 3, 2008 8:58 PM

All replies