none
Certification as Authentication Method within WCF client/server module. RRS feed

  • Question

  • (Reposting as standalone thread, to detach from original Endpoint query).

    I am struggling using certification as the authentication mechanism for a WCF client/service.. After going through many challenges with IIS on my virtual server, I have Web Deploy working, and I have also generated a test RootCA. I have used that RootCA to generate a certificate for the server and a certificate for the client - both of which have the private key installed.

    When I try to run the sample WCF client/server, I receive the error "{"The caller was not authenticated by the service."}".

    I had to detour slightly from the supplied example (https://msdn.microsoft.com/en-us/library/ff648360.aspx), as when finally generating the client certificate, the command supplied did not install a certificate with a private key to the personal store. Instead, it saved the certificate to disk, and it then had to be installed, but not include the private key - and I had an error stating so when I ran the WCF service. So instead, I generated the client certificate using the same command as was used on the server to create the server certificate - but obviously on the client machine. Is that where I have gone wrong? Essentially, instead of this command to generate the client cert,

    makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr CurrentUser -ss my -sky signature -pe tempCert.cer

    I used this command:

    makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr CurrentUser -ss my -sky exchange -pe

    Both client and server certificates are definitely signed by my test RootCA. But I notice that the server certificate (and RootCA) are both 1024-bit, whereas the client certificate is 2048-bit.


    Cheers, John

    Saturday, June 13, 2015 10:05 AM

Answers

  • hi john,
       As per your case, I suggest you to refer the following articles which may guide you to resolve this issue :

    1. Click here to refer about An easy way to use certificates for WCF security.

    2. Click here to refer about Securing WCF Services with Certificates.

    Tuesday, June 30, 2015 6:47 AM

All replies

  • Hi John,
       As per this case, Please make sure that you have done all the steps properly from the mentioned msdn link.
    When you create a certificate signed by the root CA certificate like below

    makecert -sk MyKeyName -iv RootCATest.pvk -n "CN=tempCert" -ic RootCATest.cer -sr CurrentUser -ss my -sky signature -pe tempCert.cer

    You need to enter Private Key Password for the root CA private key file created

    After that Configure the Client Certificate in the WCF Client Application & verify the config file as below :

    <system.serviceModel>
        <behaviors>
            <endpointBehaviors>
                <behavior name="NewBehavior">
                    <clientCredentials>
                        <clientCertificate findValue="CN=tempCert"/>
                    </clientCredentials>
                </behavior>
            </endpointBehaviors>
        </behaviors>
        ...
    
    
    Monday, June 15, 2015 9:01 AM
  • Thanks Edwin - I will try this again soon. I have moved on to my 'proper' application now (the one which has matured to the point of needing the WCF service). I will try what you suggest once I've built up the service innards. One thing I do not properly understand though...

    - the way I eventually got the test WCF service working was to add a personal certificate to the key store on the client machine, which was signed by RootCA - known to both the client and server. If I used the makecert syntax about, which saves the certificate to a file, then I don't think I've really understood how my application would reference that file?

    Thanks

    John


    Cheers, John

    Wednesday, June 17, 2015 9:13 PM
  • Apologies for taking ages to reply by the way...I do appreciate your responding - but family life, work life and general tiredness really hampers 'hobby' time nowadays!

    John


    Cheers, John

    Wednesday, June 17, 2015 9:14 PM
  • hi john,
       As per your case, I suggest you to refer the following articles which may guide you to resolve this issue :

    1. Click here to refer about An easy way to use certificates for WCF security.

    2. Click here to refer about Securing WCF Services with Certificates.

    Tuesday, June 30, 2015 6:47 AM