none
Does transport security requires certificate? RRS feed

  • Question

  • I'm reading essential wcf and there's a sentence saying 'The server's certificate is specified in the <serviceCredential> node. This is necessary so that the server knows which certificate and key pair to use in the SSL handshake.'. So I thought that to use SSL a server need to have a certificate.

    But when I use netTcpBinding with the security configuration below, (which is the default)

        <bindings>
          <netTcpBinding>
            <binding name="MyBinding">
              <security mode="Transport">
                <transport clientCredentialType="Windows"/>
              </security>
            </binding>
          </netTcpBinding>
        </bindings>

    I have no problem starting the service even if I didn't provide any certificate.

    Then I changed the clientCredentialType to None and I get InvalideOperationException saying 'The service certificate is not provided. Specify a service certificate in ServiceCredentials.' which I expected.

    Wednesday, July 30, 2008 7:46 AM

Answers

  • This is exactly how it should work !

     

    When you have clientCredentialType as Windows, you are asking wcf to use the Default Kerboros authentication(this works when you also have the client in the same machine or run it with same windows credentials) and when you set clientCredtype as None, which means that the service will not require clients to present credentials, then it actually looks for alternate auth mechanism and finds that the serviceCredentials donot have the serviceCertificate and hence this behv

     

    Cheers

    SreeramG

    Wednesday, July 30, 2008 1:34 PM