Hi, I am trying to set up a selfhosted WCF service with transport security and client certificates.
Transport security is working fine with basicHttpBinding, but when I set the transport client credential type to certificate, the client authentication does not seem to work on mono. (all certificates are in place) When debugging the service in Visual studio on .Net 4.0, everything seems to work, and the service can also get the certificate from the client to do some extra checks for access. When I transfer this to a linux server with Mono 3.12.0, the service seems to be working, but it can not get the client certificate. After investigating, it seems that *OperationContext.Current.IncomingMessageProperties.Security.ServiceSecurityContext* is null where this is not when running on .Net. It seems as if basicHttpBinding does not support client certificates and instead just lets everything pass as if it was authenticated... I could not really find if basicHttpBinding supports client certificates or not, so it's a little unclear if this is possible at all. If this is not implemented, is there another type of binding that does support https+client certificates? Right now I was trying with transport security but message security is also acceptable if this would be an option. Some code snippets for some more details: Serverside config: BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; ServiceHost serviceHost = new ServiceHost(typeof(DataService)); serviceHost.AddServiceEndpoint(typeof(IDataService), binding, "https://localhost:9902/DataService";); serverside client identification: var cert = ((System.IdentityModel.Claims.X509CertificateClaimSet)OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets[0]).X509Certificate; Clientside: BasicHttpBinding binding = new BasicHttpBinding(); binding.Security.Mode = BasicHttpSecurityMode.Transport; binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate; ChannelFactory<IDataService> factory = new ChannelFactory<IDataService>(binding, "https://localhost:9902/DataService";); factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, clientCertificateThumbprint); IDataService proxy = factory.CreateChannel(); Is there some way to get this working with basicHttpBinding or another binding? This page is rather vague about what is implemented and what not. At least not clear enough to determine if it is possible: http://www.mono-project.com/docs/web/wcf/ -- View this message in context: http://mono.1490590.n4.nabble.com/basichttpbinding-with-client-certificates-not-working-alternatives-tp4666882.html Sent from the Mono - General mailing list archive at Nabble.com. _______________________________________________ Mono-list maillist - [email protected] http://lists.ximian.com/mailman/listinfo/mono-list
