none
HTTP Error 403.7 – Forbidden: The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes. RRS feed

  • Question

  • I have developed a sample WCF service to test 2 way authentication with Certificates. Create a client console application, consumed the WCF service and it is working fine.

    Same WCF service I have deployed in IIS as below:

    1. Published the WCF Service
    2. Opened IIS
    3. Create a website and selected the physical path as above published site
    4. Selected “https” and Port number as “50005”
    5. Selected the certificate (Self-signed certificate created from IIS and hosted in local computer and current user trusted root certification)
    6. Selected SSL settings from IIS window
    7. Checked “Required SSL” and Selected “Require” under client certificates section
    8. Set the default document as my WCF service .svc file
    9. Added the client certificate in IE browser under (File – internet options – content – certificates)

    10.  Now, right click on WCF service website and click on browse

    11.  I have received below error

    Error Message:

    HTTP Error 403.7 – Forbidden: The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.

    WCF Error

    Below is my WCF Service web.config file:

    <system.serviceModel>

        <services>

          <service name="MathService" behaviorConfiguration="behavior1">

            <endpoint contract="IMathService" binding="basicHttpBinding" bindingConfiguration="binding1"/>

          </service>

        </services>

        <behaviors>

          <serviceBehaviors>

            <behavior name="behavior1">

              <serviceMetadata httpsGetEnabled="true"/>

              <serviceDebug includeExceptionDetailInFaults="true"/>

            </behavior>

          </serviceBehaviors>

        </behaviors>

        <bindings>

          <basicHttpBinding>

            <binding name="binding1">

              <security mode="Transport">

                <transport clientCredentialType="Certificate"/>

              </security>

            </binding>

          </basicHttpBinding>

        </bindings>

      </system.serviceModel>

    Note:

    I have tried with wsHttoBinding also.

    Could you please anyone let me know whether I did any mistake here?

    Tuesday, March 10, 2015 11:52 AM

Answers

  • Hi,

    This problem occurs because the Require SSL option is selected. This option appears on the SSL Settings page of Internet Information Services (IIS) Manager. When this option is selected, all requests that client computers make to the Web application must use a Secure Sockets Layer (SSL) connection.

    Additionally, the Require option of the "Client certificates" feature is selected. This option also appears on the SSL Settings page of IIS Manager. When this option is selected, all client computers that send requests to the server that is running IIS must have valid client certificates.

    To resolve this problem, use one of the following methods.

    Method 1

    Configure a client certificate on the client computer. The client certificate is issued by a certification authority that is trusted by the server that is running IIS.
    For more information about how to configure a client certificate, view Enabling Client Certificates in IIS 6.0
    (http://www.microsoft.com/technet/prodtechnol/WindowsServer2003/Library/IIS/096519f4-3079-4571-9d28-8e5d286c5ab9.mspx)

    .

    Method 2

    If you do not require that users have client certificates to run the Web application, use the Accept option instead of the Require option of the "Client certificates" feature. You can change this setting on the SSL Settings page for the Web application in IIS Manager. To do this, follow these steps:

    1. On the computer that is running IIS 7.0, click Start, type inetmgr in the Start Search box, right-click Inetmgr in the Programs list, and then click Run as administrator.

      If you are prompted for an administrator password or for a confirmation, type your password, or click Continue.
    2. In IIS Manager, locate the Web application for which you want to change the SSL setting.
    3. In Features View, double-click SSL Settings.
    4. On the SSL Settings page, select the Accept option under Client certificates.

    In the Actions pane, click Apply.

    For more information, you could refer to:

    https://support.microsoft.com/kb/942067?wa=wsignin1.0

    http://blogs.msdn.com/b/friis/archive/2011/11/15/troubleshooting-403-7-client-certificate-required-errors-amp-step-by-step-to-make-sure-your-client-certificate-is-displayed-and-selected.aspx

    Regards

    Thursday, March 12, 2015 2:24 AM
    Moderator