BasicHttpBinding using transport sercurity with Self signed Certificate
Certificate for HTTPS is not configured in WCF configuration. You must configure certificate for http.sys. To do that use netsh.exe from command line with elevated privileges. If you are hosting your service in IIS/WAS you don't have to use netsh and you can configure HTTPS directly in IIS.
Related videos on Youtube
25 : 01
06 : 49
08 : 12
05 : 20
20 : 25
04 : 04
14 : 47
11 : 33
05 : 44
11 : 53
12 : 35
Comments
-
Yuan almost 2 years
I have WCF service, using both BasicHttpBinding and NetTcpBinding at different endpoints within one ServiceHost. NetTcp is using a self signed certificate, which is loaded from file, all were well untill I try to actually make use of the BasicHttpBinding, so I do:
On server:
var ServiceHost host = new ServiceHost(blah blah); host.Credentials.ServiceCertificate.Certificate = GetCertificate(); //load a certificate from file host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; var httpBinding = new BasicHttpBinding(); httpBinding.Security.Mode = BasicHttpSecurityMode.Transport; httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;On Client:
ChannelFactory.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None; var cer = GetCertificate(); ChannelFactory.Credentials.ClientCertificate.Certificate = cer; var httpBinding = new BasicHttpBinding(); httpBinding.Security.Mode = BasicHttpSecurityMode.Transport; httpBinding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; //accept any cert System.Net.ServicePointManager.ServerCertificateValidationCallback = ((sender, certificate, chain, sslPolicyErrors) => true);However when connects, I got this error
Exception - An error occurred while making the HTTP request to https://localhost/MyService. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
certificate is not installed, and it worked fine with net tcp binding, I guess I must missed something small?
One thing I notice is net.tcp is duplex channel while basic http is simplex, I am sure there is a difference to setup? For example, I needed to load certificate at both end for net.tcp, what happens to basic http then?
Thanks in advance
-
Yuan about 13 yearsThe reason why I load from file (actually file is in memory) is I try to avoid command line as they are "harder" than configured in code and only valid until my service shut down. There is also a problem with port sharing If I bind a certificate to a port.
-
Ladislav Mrnka about 13 years@Yuan: HTTPS is provided by http.sys - it is Windows kernel driver with its own requirements. If you want to use HTTPS you must install certificate to certificate store and register it by netsh. You can do it as a custom action in the application installer.
-
Yuan about 13 yearsIt seems at msdn.microsoft.com/en-us/library/ms733791.aspx explains all, it is not very nice to setup certificate on the binding AND set setup in HTTP.SYS , you saved me a lot of time, thanks!
