Edit: I kinda forgot about this question! I ended up remapping the configuration, the error disappeared and I couldn't find the reason.
I have a WCF service that is hosted on IIS, and a Windows Forms client that is trying to connect to it.
The WCF service should be secured, so the IIS web app is configured to use a certificate that is issued by the domain (the CA is on the domain) issued to "localhost" for our dev environment.
The SSL settings on IIS is set to "Require SSL" and "Client certificates = Require".
The WCF service uses custom binding, and the configuration in the web.config is as follows:
<diagnostics>
<messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtTransportLevel="true" maxMessagesToLog="25" />
</diagnostics>
<services>
<service behaviorConfiguration="SpecificBehaviorType" name="MyCom.Service">
<endpoint address="" binding="customBinding" bindingConfiguration="CustomBindingConfiguration" contract="MyCom.IMyService">
<!--<identity>
<dns value="localhost" />
</identity>-->
</endpoint>
<!--<host>
<baseAddresses>
<add baseAddress="http://localhost:8999/" />
</baseAddresses>
</host>-->
</service>
</services>
<bindings>
<customBinding>
<binding name="CustomBindingConfiguration">
<MyComMessageEncoding innerMessageEncoding="textMessageEncoding" />
<httpsTransport maxReceivedMessageSize="10000000" maxBufferPoolSize="10000000" requireClientCertificate="true" />
</binding>
</customBinding>
</bindings>
<behaviors>
<serviceBehaviors>
<behavior name="SpecificBehaviorType">
<!-- To avoid disclosing metadata information,
set the value below to false and remove the metadata endpoint above before deployment -->
<serviceMetadata httpGetEnabled="True"/>
<!-- To receive exception details in faults for debugging purposes,
set the value below to true. Set to false before deployment
to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="True" />
</behavior>
</serviceBehaviors>
</behaviors>
</system.serviceModel>
To enable the client to connect to the service, we exported the "localhost" certificate as "localhost.cer" file and used that file in our code (this should be another trusted certificate specific for the client, but we are using the localhost one for testing purposes). The client configuration is done programmatically (no specific reason why here according to my knowledge).
The client code is as following:
Dim isHttps As Boolean = uri.ToLower().StartsWith("https")
'TODO: set quotas for message size
Dim binding As New CustomBinding()
binding.Elements.Add(New MyComEncodingBindingElement(New TextMessageEncodingBindingElement(MessageVersion.Soap12, System.Text.Encoding.UTF8)))
'TODO: make configurable to support both http and https
If isHttps Then
Dim httpsBinding As New HttpsTransportBindingElement
binding.Elements.Add(httpsBinding)
Else
Dim transport As New HttpTransportBindingElement()
binding.Elements.Add(transport)
End If
Dim channelFactory = New ChannelFactory(Of IRequestChannel)(binding, New EndpointAddress(uri))
channelFactory.Endpoint.Behaviors.Add(New MustUnderstandBehavior(False))
If isHttps Then
For counter As Integer = 0 To channelFactory.Endpoint.Behaviors.Count - 1
If TypeOf channelFactory.Endpoint.Behaviors(counter) Is System.ServiceModel.Description.ClientCredentials Then
CType(channelFactory.Endpoint.Behaviors(counter), System.ServiceModel.Description.ClientCredentials).ClientCertificate.Certificate = New X509Certificate2("localhost.cer")
Exit For
End If
Next
End If
channelFactory.Open()
Dim channel = channelFactory.CreateChannel()
channel.Open()
Now the problem is once we try to establish a connection, we get "HTTP request was forbidden with client authentication scheme 'Anonymous'"
We tried to change the:
httpsBinding.AuthenticationScheme
but no use.
What am I missing?
