Pass ClientCredentials.UserName to server

0
votes

Web config:

<?xml version="1.0"?>
  <configuration>
<system.serviceModel>
    <behaviors>
        <serviceBehaviors>
            <behavior name="ServiceCredentialsBehavior">
                <serviceCredentials>
                    <serviceCertificate findValue="cool"    storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
                </serviceCredentials>
                <serviceMetadata httpGetEnabled="true" />
            </behavior>
        </serviceBehaviors>
    </behaviors>
    <services>
        <service behaviorConfiguration="ServiceCredentialsBehavior" name="Service">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="MessageAndUserName" name="SecuredByTransportEndpoint" contract="IService"/>
        </service>
    </services>
    <bindings>
        <wsHttpBinding>
            <binding name="MessageAndUserName">
                <security mode="Message">
                    <message clientCredentialType="UserName"/>
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client/>
</system.serviceModel>
<system.web>
    <compilation debug="true"/>
</system.web>

Client cfg:

<?xml version="1.0" encoding="utf-8"?>
 <configuration>
<system.serviceModel>
    <bindings>
        <wsHttpBinding>
            <binding name="WSHttpBinding_IService" >
                <security mode="Message">
                    <message clientCredentialType="UserName" />
                </security>
            </binding>
        </wsHttpBinding>
    </bindings>
    <client>
        <endpoint address="http://localhost:48097/WCFServer/Service.svc"
                  binding="wsHttpBinding"
                  bindingConfiguration="WSHttpBinding_IService"
                  contract="ServiceReference1.IService"
                  name="WSHttpBinding_IService">
            <identity>
                <dns value ="cool" />
            </identity>
        </endpoint>
    </client>
</system.serviceModel>

The scope is to pass ClientCredentials.UserName.UserName/Password through a secure connection. I did x509 certificates with pluralsight self cert..

The error is:

SOAP security negotiation with 'http://localhost:48097/WCFServer/Service.svc' for target 'http://localhost:48097/WCFServer/Service.svc' failed. See inner exception for more details.

InnerException:

The X.509 certificate CN=cool chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

How can i solve this exception? Regards,
Sergiu.

1
wcfweb-servicessoapwcf-binding
See inner exception for more detailsLadislav Mrnka
The X.509 certificate CN=cool chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.croisharp

1 Answers

4
votes

You are using self signed certificate which is not trusted by default. You must tell your client application that it should trust the certificate:

<behaviors>
  <endpointBehaviors>
    <behavior name="LocalCertValidation">
      <clientCredentials>
        <serviceCertificate>
          <authentication certificateValidationMode="PeerTrust" />
        </serviceCertificate>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

Reference this behavior from your endpoint configuration in client by behaviorConfiguration="LocalCertValidation". To make it work you must install public certificate to current user's certification store under trusted people. You can also set validation mode to None and certificate will not be validated at all but that should be used only in development environment.