I've scoured the internet (and SO) for solutions to this. None of the questions that will appear in the RHS as of today solve my problem, so here goes.
TLDR: I'm trying to build a WCF service that requires client certificates, and I'm running into this error:
Security settings for this service require Windows Authentication but it is not enabled for the IIS application that hosts this service.
I had several problems getting the service to identify the self-signed certificate I generated for testing. It seems to be working now, because clients that don't have the certificate show me an IIS error of 403 (forbidden) instead of this exception.
Relevant snippets of my service web.config:
<wsHttpBinding>
<binding name="clientCertificateBinding">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
I have two end-points defined: one for "mex" (tried removing it, doesn't solve my problem) and one for the actual service. The service binding uses binding="wsHttpBinding" bindingConfiguration="clientCertificateBinding" as the specification.
Later, I tell my behaviour to use the service certificate:
<behavior name="AwesomeBehaviour">
<serviceMetadata httpsGetEnabled="true"/>
<serviceCredentials>
<serviceCertificate
storeLocation="LocalMachine"
storeName="My"
findValue = 'CN=...' />
</serviceCredentials>
<serviceDebug includeExceptionDetailInFaults="true"/>
</behavior>
Also, IIS is set to Rquire SSL and require client certificates. Not just accept them, but require them.
I've tried (as some suggest) changing the security mode from Transport to Message and TransportWithMessageCredential; this doesn't do anything.
There's also this thread which talks about NTLM and Negotiate as a transport credential type. This does not fix my problem.
There's also this KB article which talks about cscript.exe. I installed the compatibility tools and added the NTLM authentication provider, to no avail.
I'm not sure what I'm missing.
