0

I create a certificate with Pluralsight Selfcert. when I use it in wcf service it takes an SecurityNegotiation Exception. I search it and found a solution. I put certificateValidationMode="None" in clientCertificate of Web.config but problem not solved. but if I put this command on client app.config problem solve. but I I don't want to change my client configs. why this command doesn't work in server side? is there any other way?

The X.509 certificate CN=QtasCert chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

<services>
  <service name="ArchiveBoundedContext.WcfService.WcfServices.ArchiveWcfService">
    <endpoint address="" binding="netTcpBinding" bindingConfiguration="QTasBinding" name="QTasEndpoint" contract="ArchiveBoundedContext.WcfService.WcfServices.IArchiveWcfService" />
    <endpoint address="mex" binding="mexTcpBinding" name="QTasMex" contract="IMetadataExchange" />
    <host>
      <baseAddresses>
        <add baseAddress="net.tcp://localhost:808/WcfServices/" />
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior>
      <serviceSecurityAudit auditLogLocation="Application" serviceAuthorizationAuditLevel="SuccessOrFailure" messageAuthenticationAuditLevel="SuccessOrFailure" suppressAuditFailure="true" />
      <serviceCredentials>
        <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ArchiveBoundedContext.WcfService.ServiceAuthenticator, ArchiveBoundedContext.WcfService" />
        <serviceCertificate findValue="QtasCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />
        <clientCertificate>
          <authentication certificateValidationMode="None" revocationMode="NoCheck" />
        </clientCertificate>
      </serviceCredentials>
      <serviceAuthorization principalPermissionMode="UseAspNetRoles" />
      <serviceMetadata httpGetEnabled="false" />
      <serviceDebug includeExceptionDetailInFaults="true" />
    </behavior>
  </serviceBehaviors>
ArMaN
  • 2,306
  • 4
  • 33
  • 55
  • Probably the reason that it doesn't work on server side is that it's on the client side that this particular validation takes place :) You can import the certificate in the trusted root store on the client machines to eliminate this error. – 500 - Internal Server Error Aug 19 '15 at 12:52

1 Answers1

0

I install certificate in client and the problem solved.

class Program
{
    static void Main(string[] args)
    {
        Console.WriteLine(@"Certificate Installer v1.0");

        var certificate = new X509Certificate2(Certificates.QTasCert, "*****");
        var rootStore = new X509Store(StoreName.Root, StoreLocation.LocalMachine);
        rootStore.Open(OpenFlags.ReadWrite);
        rootStore.Add(certificate);
        rootStore.Close();

        var myStore = new X509Store(StoreName.My, StoreLocation.LocalMachine);
        myStore.Open(OpenFlags.ReadWrite);
        myStore.Add(certificate);
        myStore.Close();

        Console.WriteLine(@"Certificate Installed Successfuly");
        Console.ReadKey();
    }
}
ArMaN
  • 2,306
  • 4
  • 33
  • 55