none
HTTP Error 403.7 - Forbidden: SSL client certificate is required.

    Question

  • Hi!

    I can't make next scheme working:

    Hosting - Windows Server 2003 with IIS 6.
    I host there WCF service. Add to them mapping one-to-one certificate on domain user. Service uses basic http binding, here is web.config:

           
    <bindings> 
                <basicHttpBinding> 
                  <binding name="SecurityByCertificate" maxBufferSize="6553600" maxReceivedMessageSize="6553600" transferMode="Buffered" bypassProxyOnLocal="true" openTimeout="00:10:00" sendTimeout="00:10:00" receiveTimeout="00:10:00"
                    <security mode="Transport"
                      <transport clientCredentialType="Certificate"/> 
                      </security> 
                  </binding> 
                </basicHttpBinding> 
            </bindings> 
            <behaviors> 
                <serviceBehaviors> 
                    <behavior name="Test.Services.DataServiceBehavior"
                        <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/> 
                        <serviceDebug includeExceptionDetailInFaults="true"/> 
                    </behavior> 
                </serviceBehaviors> 
            </behaviors> 
     

    here is client config:
            <bindings> 
                <basicHttpBinding> 
                    <binding name="BasicHttpBinding_ITestService" closeTimeout="00:01:00" 
                        openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" 
                        allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" 
                        maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" 
                        messageEncoding="Text" textEncoding="utf-8" transferMode="Buffered" 
                        useDefaultWebProxy="true"
                        <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" 
                            maxBytesPerRead="4096" maxNameTableCharCount="16384" /> 
                        <security mode="Transport"
                            <transport clientCredentialType="Certificate" /> 
                        </security> 
                    </binding> 
                </basicHttpBinding> 
            </bindings> 
            <behaviors> 
                <endpointBehaviors> 
                    <behavior name="certBehavior"
                        <clientCredentials> 
                            <clientCertificate findValue="myservername" 
                                      storeLocation="CurrentUser" 
                                      x509FindType="FindBySubjectName" /> 
                        </clientCredentials> 
                    </behavior> 
                </endpointBehaviors> 
               
            </behaviors> 
            <client> 
                <endpoint address="https://myservername/Test.Services/TestService.svc" 
                    binding="basicHttpBinding" behaviorConfiguration="certBehavior" bindingConfiguration="BasicHttpBinding_ITestService" 
                    contract="TestServiceStub.ITestDataService" name="BasicHttpBinding_ITestService" /> 
            </client> 

    and client code calling service:

    1 using (TestServiceClient testClient = new TestServiceClient()) 
    2
    3     ServicePointManager.ServerCertificateValidationCallback =  
    4                     new System.Net.Security.RemoteCertificateValidationCallback(delegate{                                                     
    5         return true;  
    6     }); 
    7     try 
    8     { 
    9         testClient.Open(); 
    10         testClient.Do(); 
    11         testClient.Close(); 
    12     } 
    13     catch(Exception ex) 
    14     { 
    15     } 
    16 }

    at line 10 occurs exception : The HTTP request was forbidden with client authentication scheme 'Anonymous'. And inner exception: HTTP Error 403.7 - Forbidden: SSL client certificate is required.

    I check testClient it found Client certificate. In fiddler there are 2 requests: first containt info about server certificate, but for client certificate it was message : None. And second call to method Do - which actually causes specified exception...

    Who can help me - I've no idea what to check else...?
    Friday, December 19, 2008 4:18 PM

Answers

  • -> Who can help me - I've no idea what to check else...?

    I think you might need to enable client authentication using certificate as client credential, but the client certificate cannot be found, have you tried the following method to send the client certificate to WCF service:

    http://support.microsoft.com/default.aspx/kb/895971

    And after you get the certificate either via "cer" file or client certificate store, you could pass the certificate to the client proxy as follows:

    var client = new WcfService.ChatServiceClient();
    client.ClientCredentials.ClientCertificate.Certificate = cer;

    Hope this helps

    Another Paradigm Shift
    http://shevaspace.blogspot.com
    Tuesday, December 23, 2008 8:21 AM