none
Client Certificate and SSL RRS feed

  • Question

  • Hello Folks! I have to offer WCF 3.5 based Web Service to a Customer which uses Certificate Authentication and is secured with SSL. I have to use Soap 1.1 standard so I have made a Custom Binding.

    I also have to use Asymmetric Key handling.

    Problem with Custom Binding is that it gives following error:

    System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
    Extension: System.ServiceModel.Channels.AsymmetricSecurityBindingElement
    Error: Security policy export failed. The binding contains both an AsymmetricSecurityBindingElement
    and a secure transport binding element. Policy export for such a binding is not supported.

    I have checked Certificates in Store at least 10 times and I'm quite sure they are okey. My Custom Binding is following.

      

     <customBinding>
        <binding name="CertificateAndHttps">
     
         <security defaultAlgorithmSuite="TripleDesRsa15" allowSerializedSigningTokenOnReply="true"
          authenticationMode="MutualCertificateDuplex" requireDerivedKeys="false"
          securityHeaderLayout="Lax" includeTimestamp="true" keyEntropyMode="CombinedEntropy"
          messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
          requireSecurityContextCancellation="false">
          <issuedTokenParameters keyType="AsymmetricKey" />
         </security>  
      
         <textMessageEncoding messageVersion="Soap11" />
         <httpsTransport />
      
        </binding>
       </customBinding>

    And Behaviour is below

          

    <behavior name="ServiceBehavior">
         <serviceMetadata httpsGetEnabled="false"/>
         <serviceDebug includeExceptionDetailInFaults="true"/>
         <serviceCredentials> 
       <clientCertificate>
     <authentication certificateValidationMode="PeerOrChainTrust"/>
       </clientCertificate>   
          <serviceCertificate findValue="00 bb 27 96 69 32 53 8f f2 d6 66 ff 01 cd c5 aa 10 9b 88 1e"
          storeLocation="LocalMachine"
          storeName="My"
          x509FindType="FindByThumbprint" />
          </serviceCredentials>   
        </behavior>

    Is it really so that MutualCertificateDuplex can't be used with SSL or what could be the error?

    Br Mic

     

     

     

    Monday, May 17, 2010 11:38 AM

Answers

  • Found solution ourselves. Non-NET SoapTester added linefeeds and tabs into Soap Message and that caused the problem. After stripping all whitespaces from Soap Message it worked!

     

    • Marked as answer by Landy_Mic Tuesday, May 18, 2010 3:54 PM
    Tuesday, May 18, 2010 3:54 PM