Securing wcf service using certificates

Certificate validation

Setup:

Create a client and a server certificate

Add both the certificates to Trusted People

Interface:


[ServiceContract]
public interface IService1

{
	[OperationContract]

	string GetData(int value);
}

Web.config

Bindings


<bindings>
    <wsHttpBinding>
        <binding name="ws">
            <security mode="Message">
                <message clientCredentialType="Certificate"/>
            </security>
        </binding>
    </wsHttpBinding>
</bindings>

Service


<services>
    <service name="ServerCert.Service1" behaviorConfiguration="myBehavior">
        <endpoint address="" binding="wsHttpBinding" contract="ServerCert.IService1" bindingConfiguration='ws'></endpoint>
        <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"></endpoint>
    </service>
</services>

Behavior


<behaviors>
    <serviceBehaviors>
        <behavior name="myBehavior">
            <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
            <serviceDebug includeExceptionDetailInFaults="false"/>
            <serviceCredentials>
                <clientCertificate>
                    <authentication certificateValidationMode="PeerTrust"/>
                </clientCertificate>
                <serviceCertificate findValue="Test"
                      storeLocation="LocalMachine"
                      storeName="My"
                      x509FindType="FindBySubjectName"/>
           </serviceCredentials>
        </behavior>
    </serviceBehaviors>
</behaviors>

Client

Add a service Reference

Client.Service1Client client = new Client.Service1Client();
client.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = X509CertificateValidationMode.None;
client.GetData(1);

Config file:

<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IService1">
<security>
<message clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior name="custom">
<clientCredentials>
<clientCertificate findValue="Client"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<client>
<endpoint address="http://localhost/Service1.svc" binding="wsHttpBinding"
bindingConfiguration="WSHttpBinding_IService1" contract="Client.IService1"
name="WSHttpBinding_IService1" behaviorConfiguration="custom">
<identity>
<certificate encodedValue="<>" />
</identity>
</endpoint>
</client>
</system.serviceModel>
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s