Client Certificate and SSL RRS feed

  • Question

  • Hello Folks! I have to offer WCF 3.5 based Web Service to a Customer which uses Certificate Authentication and is secured with SSL. I have to use Soap 1.1 standard so I have made a Custom Binding.

    I also have to use Asymmetric Key handling.

    Problem with Custom Binding is that it gives following error:

    System.InvalidOperationException: An exception was thrown in a call to a policy export extension.
    Extension: System.ServiceModel.Channels.AsymmetricSecurityBindingElement
    Error: Security policy export failed. The binding contains both an AsymmetricSecurityBindingElement
    and a secure transport binding element. Policy export for such a binding is not supported.

    I have checked Certificates in Store at least 10 times and I'm quite sure they are okey. My Custom Binding is following.


        <binding name="CertificateAndHttps">
         <security defaultAlgorithmSuite="TripleDesRsa15" allowSerializedSigningTokenOnReply="true"
          authenticationMode="MutualCertificateDuplex" requireDerivedKeys="false"
          securityHeaderLayout="Lax" includeTimestamp="true" keyEntropyMode="CombinedEntropy"
          messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10"
          <issuedTokenParameters keyType="AsymmetricKey" />
         <textMessageEncoding messageVersion="Soap11" />
         <httpsTransport />

    And Behaviour is below


    <behavior name="ServiceBehavior">
         <serviceMetadata httpsGetEnabled="false"/>
         <serviceDebug includeExceptionDetailInFaults="true"/>
     <authentication certificateValidationMode="PeerOrChainTrust"/>
          <serviceCertificate findValue="00 bb 27 96 69 32 53 8f f2 d6 66 ff 01 cd c5 aa 10 9b 88 1e"
          x509FindType="FindByThumbprint" />

    Is it really so that MutualCertificateDuplex can't be used with SSL or what could be the error?

    Br Mic




    Monday, May 17, 2010 11:38 AM


  • Found solution ourselves. Non-NET SoapTester added linefeeds and tabs into Soap Message and that caused the problem. After stripping all whitespaces from Soap Message it worked!


    • Marked as answer by Landy_Mic Tuesday, May 18, 2010 3:54 PM
    Tuesday, May 18, 2010 3:54 PM