IIS hosted WCF with SSL security -"The HTTP request was forbidden with client authentication scheme 'Anonymous'" error

c# wcf security iis ssl
21,373

At least the issue has been found. When I looked inside Windows Event Log I saw that error

When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.

I backed some certificates up and deleted them. After this operation my program works.

Share:
21,373
Omer
Author by

Omer

I am a copmputer engineer since 2012... Working on mostly Microsoft technologies.

Updated on June 07, 2020

Comments

  • Omer
    Omer almost 4 years

    I am trying to host wcf on IIS using transport security. I found a good tutorial and follow the instructions : http://robbincremers.me/2011/12/27/wcf-transport-security-and-client-certificate-authentication-with-self-signed-certificates/. I am always getting "The HTTP request was forbidden with client authentication scheme 'Anonymous'". How can I handle it?

    What I did so far is:

    1. I created self-signed root authority certificate as explained here.

      makecert -n "CN=TempCA" -r -sv TempCA.pvk TempCA.cer

    2. Created a new server certificate signed by a root authority certificate

      makecert -sk SignedByCA -iv TempCA.pvk -n "CN=localhost" -ic TempCA.cer localhost.cer -sr localmachine -ss My

    3. Created a new client certificate signed by a root authority certificate

      makecert -sk SignedByCA -iv TempCA.pvk -n "CN=clientCert" -ic TempCA.cer clientCert.cer -sr localmachine -ss My

    4. Added CA to Trusted Root Certificate

      enter image description here

    5. Added these certificates to Personal --> Certificates enter image description here

    6. Added client certificate to Trusted People enter image description here

    7. Everything looks OK enter image description here

    8. Created very simple WCF application. Added it IIS enter image description here

    9. Adjust security settings enter image description here

    10. This is my service web.config file

    > <?xml version="1.0"?> <configuration>   <system.web>
>     <compilation debug="true" targetFramework="4.5" />
>     <httpRuntime targetFramework="4.5"/>   </system.web>   <system.serviceModel>
>     <bindings>
>       <basicHttpBinding>
>         <binding name="EmployeeBindingConfig">
>           <security mode="Transport">
>             <transport clientCredentialType="Certificate" />
>           </security>
>         </binding>
>       </basicHttpBinding>
>     </bindings>
>     <behaviors>
>       <serviceBehaviors>
>         <behavior name="EmployeeServiceBehavior">
>           <serviceMetadata httpsGetEnabled="true"/>
>           <serviceDebug includeExceptionDetailInFaults="true"/>
>           <serviceCredentials>
>             <clientCertificate>
>               <authentication certificateValidationMode="PeerOrChainTrust"
> trustedStoreLocation="LocalMachine" />
>             </clientCertificate>
>           </serviceCredentials>
>         </behavior>
>       </serviceBehaviors>
>     </behaviors>
>     <services>
>       <service
>         behaviorConfiguration="EmployeeServiceBehavior"
>         name="WCF.Tutorial.TransportSecurity.ServiceNew.EmployeeService">
>         <host>
>           <baseAddresses>
>             <add baseAddress="https://localhost/WCF.Tutorial.TransportSecurity.ServiceNew"/>
>           </baseAddresses>
>         </host>
>         <endpoint address="EmployeeService"
>                   binding="basicHttpBinding"
>                   bindingConfiguration="EmployeeBindingConfig"
>                   contract="WCF.Tutorial.TransportSecurity.ServiceNew.IEmployeeService"
> />
>         <endpoint
>            address="mex"
>            binding="mexHttpsBinding"
>            contract="IMetadataExchange" />
>       </service>
>     </services>   </system.serviceModel>   <system.webServer>
>     <modules runAllManagedModulesForAllRequests="true"/>   </system.webServer> </configuration>
    1. This is my client app.config
    >     <?xml version="1.0" encoding="utf-8" ?>
>     <configuration>
>         <startup> 
>             <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" />
>         </startup>
>       <system.serviceModel>
>         <behaviors>
>           <endpointBehaviors>
>             <behavior name="EmployeeEndpointBehaviour">
>               <clientCredentials>
>                 <clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="omer-HP"/>
>               </clientCredentials>
>             </behavior>
>           </endpointBehaviors>
>         </behaviors>
>         <bindings>
>           <basicHttpBinding>
>             <binding name="EmployeeBindingConfig">
>               <security mode="Transport">
>                 <transport clientCredentialType="Certificate" />
>               </security>
>             </binding>
>           </basicHttpBinding>
>         </bindings>
>         <client>
>           <endpoint address="https://localhost/WCF.Tutorial.TransportSecurity.ServiceNew/EmployeeService.svc"
>                     binding="basicHttpBinding" bindingConfiguration="EmployeeBindingConfig"
>             contract="WCF.Tutorial.TransportSecurity.ServiceNew.IEmployeeService"
> name="serviceEndpoint"
> behaviorConfiguration="EmployeeEndpointBehaviour"/>
>         </client>
>       </system.serviceModel>
>     </configuration>
    1. This is my client code and error enter image description here

    My question is how can I pass this error? I need your help.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

SSL WCF "Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'
WCF HTTPS SSL Self Hosted Cert. How to Get Working Correctly?
The HTTP request was forbidden with client authentication scheme 'Anonymous'. The remote server returned an error: (403) Forbidden
"Authentication failed because the remote party has closed the transport stream" for normal users
500 Server error when hosting WCF
Is Application_Start of Global.asax is called by iis on wcf application when the iis is the host ?
What does my installed .cer certificate not show in IIS?
server certificate is not configured properly with HTTP.SYS in the HTTPS case
EndpointNotFoundException - 404 - Hosting WCF Service over HTTPS in IIS through Visual Studio
Get username in WCF service using basic auth with IIS