ssl - Transport Security with WCF, IIS, along with client authentication.. is it possible or not? -
i can find out few similar questions on regarding this, quite unsure answer this. more , more confused read through different posts on this. asking satisfaction.
i have wcf service hosted on iis. , have client connects service , invokes method. try use certificates make use of transport security.
on client side have config
<bindings> <basichttpbinding> <binding name="testbinding"> <security mode="transport"> <transport clientcredentialtype="certificate" proxycredentialtype="basic"/> </security> </binding> </basichttpbinding> </bindings> <behaviors> <endpointbehaviors> <behavior name="testbehavior"> <clientcredentials> <clientcertificate storelocation="localmachine" storename="my" x509findtype="findbysubjectname" findvalue="client007"/> </clientcredentials> </behavior> </endpointbehaviors> </behaviors>
on server side have configuration
<behaviors> <servicebehaviors> <behavior name="testservicebehavior"> <servicemetadata httpsgetenabled="true"/> <servicedebug includeexceptiondetailinfaults="true"/> <servicecredentials> <clientcertificate> <authentication certificatevalidationmode="peertrust" trustedstorelocation="localmachine"/> </clientcertificate> </servicecredentials> </behavior> </servicebehaviors> </behaviors> <bindings> <basichttpbinding> <binding name="testservicebinding"> <security mode="transport"> <transport clientcredentialtype="certificate"/> </security> </binding> </basichttpbinding> </bindings>
now, scenario want is, client has public key installed on trusted people of server can access service.
but in case, whether install public key in trusted people or not. can access service certificate self create.
i checked anonymous authentication enabled, because of this? when disable anonymous access error saying
the http request unauthorized client authentication authentication received server basic realm
how make sure client public key on server can access service?
does kind of validation not work transport security? please me. thanks
Comments
Post a Comment