1

If I have an issued SSL certificate from a trusted CA, do I still have to import the SSL certificate to the client machine when connecting to a WCF service over net.tcp?

When I was using wsdualhttpbinding I could simply connect via https. Now I switched to net.tcp and added

   <bindings>
      <netTcpBinding>
        <binding name="InsecureTcp" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType="Certificate"/>
          </security>
        </binding>
      </netTcpBinding>
    </bindings>

to the web.config file.

I can access the WSDL-file via https but when I try to connect from my client I get the following error:

Additional information: The client certificate is not provided. Specify a client certificate in ClientCredentials.

I have tried to add a custom behavior to the client config file:

 <behaviors>
  <endpointBehaviors>
    <behavior name="CustomBehavior">
      <clientCredentials>
        <clientCertificate findValue="example.com" x509FindType="FindBySubjectName"
          storeLocation="LocalMachine" storeName="My" />
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

But this only works in combination with importing the certificate to my local cert store...

libjup
  • 4,019
  • 2
  • 18
  • 23

1 Answers1

3

I hope I get your point - you don't want to use client certificates for authentication? Then modify <security mode="TransportWithMessageCredential"> <message clientCredentialType="Certificate"/> </security> the clientCredentialType to one of the following: http://msdn.microsoft.com/en-us/library/system.servicemodel.httpclientcredentialtype(v=vs.110).aspx

You can use multiple authentication mechanisms, if you want: http://msdn.microsoft.com/de-de/library/ms731316(v=vs.110).aspx

Sebastian
  • 379
  • 1
  • 7
  • I don't need authentication. I simply want to encrypt the data exchange between my WCF client and service... – libjup Sep 09 '14 at 09:36
  • 1
    then just replace Certificate in clientCredentialType with None (so clients wont auth) and add a servicebehavior for the server certificate. Look here: – Sebastian Sep 09 '14 at 09:43
  • sorry but could you elaborate what you mean with the servicebehavior ? client or server config ? which parameters ? – libjup Sep 09 '14 at 09:47
  • sorry, i didn't find the link that fast: http://stackoverflow.com/questions/10870677/using-wcf-ssl-certificate-over-tcp-without-client-certificate-server-side-only – Sebastian Sep 09 '14 at 09:48
  • i think, option 1 fits for you - did that help? – Sebastian Sep 09 '14 at 12:58