Databases
StackOverflow2013
Postsdbo
POCustom certificate validation in WCF service
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POCustom certificate validation in WCF service
    text
    copied!<p>I want to check client certificates in my WCF service.</p> <p>My goal is to allow only clients with certificates with specific thumbprints to be able to communicate with my service. </p> <p>My WCF service is hosted in IIS, I'm using basicHttpBinding and security mode="transport" with credential type "Certificate". IIS requires client certificates for communication with the service.</p> <p>Thanks in advance for help.</p> <p>UPDATE: My configuration:</p> <pre><code>&lt;basicHttpBinding&gt; &lt;binding name="testBinding" maxReceivedMessageSize="2147483647"&gt; &lt;readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647" maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" /&gt; &lt;security mode="Transport"&gt; &lt;transport clientCredentialType="Certificate"/&gt; &lt;/security&gt; &lt;/binding&gt; &lt;/basicHttpBinding&gt; </code></pre> <p>Behavior:</p> <pre><code>&lt;serviceBehaviors&gt; &lt;behavior name="SomeServiceBehavior"&gt; &lt;serviceMetadata httpsGetEnabled="true" /&gt; &lt;serviceDebug includeExceptionDetailInFaults="true" /&gt; &lt;serviceCredentials&gt; &lt;clientCertificate&gt; &lt;authentication certificateValidationMode="Custom" customCertificateValidatorType="SomeService.CustomCertificateValidator,SomeService" /&gt; &lt;/clientCertificate&gt; &lt;/serviceCredentials&gt; &lt;/behavior&gt; &lt;/serviceBehaviors&gt; </code></pre> <p>Service configuration:</p> <pre><code>&lt;service behaviorConfiguration="SomeServiceBehavior" name="SomeService"&gt; &lt;endpoint address="" binding="basicHttpBinding" bindingConfiguration="testBinding" contract="ISomeService"&gt; &lt;/endpoint&gt; &lt;/service&gt; </code></pre> <p>And for test purpose I implemented validator in this way:</p> <pre><code>public class CustomCertificateValidator : X509CertificateValidator { public override void Validate(System.Security.Cryptography.X509Certificates.X509Certificate2 certificate) { throw new SecurityTokenValidationException("TEST Certificate was not issued by a trusted issuer TEST"); } } </code></pre> <p>And this doesn't work. I can connect to my service with any valid certificate.</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload