none
a diffuicult SharePoint WCF Problem RRS feed

  • Question

  • Hi there,

    I create a SharePoint WCF Service with HTTPS and Cert. my step was:

    1.  Command: "makecert.exe" a Cert in the SharePoint Server and put it into the Certificates/Personal && Certificates/Trusted Root Certification Authorities && Certificates/SharePoint
    2. Upload the Cert without key into SharePoint from CA
    3. Binding an SSL certificate in the IIS
    4. Create a Client .NET Core Console App to connect the WCF Service
    5. It turns out that error message comes up :: "System.ServiceModel.Security.MessageSecurityException: 'The HTTP request was forbidden with client authentication scheme 'Anonymous'.'
      "

    I also list out my server side web.config for someone of experience to look at like the following configuration. Honestly speaking, I spent more time on it and have no idea what happened in this situation. Cert problem or Source code. does anyone have workarounds on it depends on your experience. thanks in advanced.

    <system.serviceModel>
        <behaviors>
          <serviceBehaviors>
            <behavior name="MyServiceBehavior">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"></serviceMetadata>
              <serviceDebug includeExceptionDetailInFaults="true"></serviceDebug>
    		  <serviceCredentials>
    				<serviceCertificate findValue="extlab.litwareinc.pri" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
    		  </serviceCredentials>
    		</behavior>
          </serviceBehaviors>
          <endpointBehaviors>
            <behavior name="jsonBehaviour">
              <webHttp />
            </behavior>
          </endpointBehaviors>
        </behaviors>
        <bindings>
          <wsHttpBinding>
            <binding name="wsHttpsEndpointBinding" maxBufferPoolSize="524288" maxReceivedMessageSize="2147483647">
              <security mode="Transport">  
                <transport clientCredentialType="Certificate"/>  
              </security>  
            </binding>
          </wsHttpBinding>
        </bindings>
        <services>
          <service name="TecturaWsListItems.v2.Service" behaviorConfiguration="MyServiceBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="wsHttpsEndpointBinding" contract="TecturaWsListItems.v2.IService" />
            <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange">
            </endpoint>
          </service>
        </services>
        <serviceHostingEnvironment aspNetCompatibilityEnabled="true">
        </serviceHostingEnvironment>
      </system.serviceModel>

    my client side source code ::

    using System;
    using System.Security.Cryptography.X509Certificates;
    using System.Security.Principal;
    using System.ServiceModel;
    using System.ServiceModel.Security;
    
    namespace core.ConsoleApp._2
    {
        class Program
        {
            static void Main(string[] args)
            {
                Console.WriteLine("Hello World!");
    
                var myBinding = new WSHttpBinding();
                myBinding.Security.Mode = SecurityMode.Transport;
                myBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
    
                var myEndPoint = new EndpointAddress("https://extlab.litwareinc.pri/_vti_bin/TecturaWsListItems.v2/service.svc");
    
                serviceClient.ServiceClient actionsClient = new serviceClient.ServiceClient(myBinding, myEndPoint);
    
                //actionsClient.ClientCredentials.Windows.ClientCredential.UserName = "Administrator";
                //actionsClient.ClientCredentials.Windows.ClientCredential.Password = "pass@word1";
                //actionsClient.ClientCredentials.Windows.ClientCredential.Domain = "litwareinc";
                //actionsClient.ClientCredentials.Windows.AllowedImpersonationLevel = TokenImpersonationLevel.Impersonation;
    
                //actionsClient.ClientCredentials.UserName.UserName = "litwareinc\\Administrator";
                //actionsClient.ClientCredentials.UserName.Password = "pass@word1";
    
                actionsClient.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName,
        "extlab.litwareinc.pri");
    
                //    actionsClient.ClientCredentials.ServiceCertificate.SslCertificateAuthentication =
                //new X509ServiceCertificateAuthentication()
                //{
                //    CertificateValidationMode = X509CertificateValidationMode.None,
                //    RevocationMode = System.Security.Cryptography.X509Certificates.X509RevocationMode.NoCheck
                //};
    
                //        ServicePointManager.ServerCertificateValidationCallback =
                //        delegate (
                //            object s,
                //            X509Certificate certificate,
                //            X509Chain chain,
                //            SslPolicyErrors sslPolicyErrors
                //        )
                //        {
                //            return true;
                //        };
    
                Console.WriteLine(actionsClient.DoWork(1));
            }
        }
    }
    


    Hi there, if you found my comment very helpful then please | Propose as answer | . Thanks and Regards.

    Thursday, November 21, 2019 4:38 PM

All replies

  • Hi,

    Please check if the "LocalMachine" had many certiciates by the name "extlab.litwareinc.pri" which probably means they has exact same thumbprints as well. The article below with the similar issue.

    HTTP request was forbidden with client authentication scheme 'Anonymous'

    If you want to create custom WCF web service in SharePoint 2013, the following article for your reference.

    SharePoint 2013: Create a Custom WCF REST Service Hosted in SharePoint and Deployed in a WSP

    Best Regards,

    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Friday, November 22, 2019 9:03 AM
    Moderator
  • Hi,

    Would you please provide us with an update on the status of your issue?

    Best Regards,
    Dennis


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    SharePoint Server 2019 has been released, you can click here to download it.
    Click here to learn new features. Visit the dedicated forum to share, explore and talk to experts about SharePoint Server 2019.

    Thursday, November 28, 2019 7:12 AM
    Moderator
  • Dennis, the status of issue still exists. recently I will have it a try and post some further information here. thanks for you help

    Hi there, if you found my comment very helpful then please | Propose as answer | . Thanks and Regards.

    Thursday, November 28, 2019 7:42 AM