0

I have a WCF Service hosted on IIS. This service use wsHttpBinding X509 certification authentication and all works fine. Now I need to access to this service from a Windows 2000 machine and the problem is that the Framework 2.0 does not supports wsHttpBinding authentication but only basicHttpBinding.

My questions:

  • Is it possible expose two different endpoints (wsHttpBinding ssl X509 authentication and anonymous basicHttpBinding) in the SAME service (aka IIS application)?

  • Is possibile to write a client application for Windows 2000 to connect to WCF service via wsHttpBinding X509 authentication (any language is accepted)

        <behaviors>
      <serviceBehaviors>
        <behavior name="CertBehavior">
          <serviceMetadata httpsGetEnabled="False"/>
          <serviceCredentials>
            <serviceCertificate findValue="CertServices" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName"/>
            <clientCertificate>
              <authentication certificateValidationMode="PeerTrust"/>
            </clientCertificate>
          </serviceCredentials>
        </behavior>
        <behavior name="AnonBehavior">
          <serviceMetadata httpGetEnabled="True"/>
          <serviceDebug includeExceptionDetailInFaults="true"/>
        </behavior>
      </serviceBehaviors>
    </behaviors>

  <services>
      <service name="Server.Service1" behaviorConfiguration="CertBehavior">
        <host>
          <baseAddresses>
            <add baseAddress="http://192.168.1.112:8732/Service"/>
            <add baseAddress="https://192.168.1.112/Service"/>
          </baseAddresses>
        </host>

        <endpoint address="" binding="wsHttpBinding" bindingConfiguration="CertBinding" contract="Server.IService1"/>
      </service>
    </services>

///////////////////////////////////////////////////////////////////////////////////////////

I am already try this configuration:

        <behaviors>
          <endpointBehaviors>
            <behavior name="basicHttpBehavior"/>
            <behavior name="certWsBehavior">
              <clientCredentials>
                <clientCertificate findValue="Services" storeLocation="LocalMachine" x509FindType="FindBySubjectName" /> 
                <serviceCertificate>
                  <defaultCertificate findValue="Services" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
                  <authentication certificateValidationMode="PeerTrust" />
                </serviceCertificate>
              </clientCredentials>
            </behavior>
          </endpointBehaviors>
        </behaviors>

        <services>
          <service name="Server.Service1">
            <clear />

            <endpoint address="" behaviorConfiguration="certWsBehavior" binding="wsHttpBinding"  contract="Server.IService1">
            </endpoint>

            <!--endpoint address="/basic" binding="basicHttpBinding" bindingConfiguration="BasicAnonBinding" contract="Server.IService1" /-->

            <host>
              <baseAddresses>
                <add baseAddress="http://192.168.1.112:8732/PcrService" />
                <add baseAddress="https://192.168.1.112/PcrService" />
              </baseAddresses>
            </host>
          </service>
        </services>

many thanks, Riccardo

Rick
  • 1,042
  • 2
  • 14
  • 34

1 Answers1

0

Is it possible expose two different endpoints (wsHttpBinding ssl X509 authentication and anonymous basicHttpBinding) in the SAME service (aka IIS application)?

Yes, you could have multiple endpoints for the same service:

<service name="MyApp.MyService">
    <endpoint 
        address="/ws" 
        binding="wsHttpBinding" 
        contract="MyApp.IMyService" 
    />

    <endpoint 
        address="/basic" 
        binding="basicHttpBinding" 
        contract="MyApp.IMyService" 
    />
</service>

Now you could connect to the /basic endpoint from your Windows 2000 client.

Is possibile to write a client application for Windows 2000 to connect to WCF service via wsHttpBinding X509 authentication (any language is accepted)

Yes, you could use WSE 3.0 (Web Service Extensions). It's completely deprecated now, but what can we say about Windows 2000? Take a look at the following article.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • Thank you, but my problem is that I defined a 'serviceBehaviors' for all endpoint configuration (please see the code). On the contrary I have to defined a new endpoint with a no X509 authentication and no ssl encryption. How can I get this? – Rick Jul 27 '12 at 08:15
  • You should use an endpointBehavior instead of a serviceBehavior and apply the X509 certificate only to the first endpoint. – Darin Dimitrov Jul 27 '12 at 08:21
  • I am already trying to defined a end point behavior but it doesn't works. Can you tell me what is wrong in the new code? And how can I set the ssl configuration in IIS? (required, accepted, ignored??) thank you. – Rick Jul 27 '12 at 08:50