Databases
StackOverflow2013
Postsdbo
POWhy does WCF complain over identity check failure?
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POWhy does WCF complain over identity check failure?
    text
    copied!<p>I'm creating a WCF application where I'll be using certificates to encrypt the communication between the client and server. In my development environment, I want to use a test certificate / self signed certificate which I've created using makecert. (Only the server will have a certificate, the client won't).</p> <p>I've installed the certificate into a certificate store, and everything is working fine. On the client, certificateValidationMode is currently set to "false", since I'm working with a test certificate.</p> <p>My problem:</p> <p>In the app.config on the client, I need to specify the identity element as this:</p> <pre><code>&lt;endpoint ... &gt; &lt;identity&gt; &lt;dns value="&lt;Name-Of-Server-Computer&gt;"/&gt; &lt;/identity&gt; &lt;/endpoint&gt; </code></pre> <p>If I remove the identity element, I get the following error message in the client when I try to connect to the server:</p> <blockquote> <p>Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'localhost' but the remote endpoint provided DNS claim 'Name-Of-Server-Computer'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'Name-Of-Server-Computer' as the Identity property of EndpointAddress when creating channel proxy.</p> </blockquote> <p>So here's my questions:</p> <ul> <li><p>Is the identity check only done when using a test/self-signed certificate? When I deploy my application using a real, trusted, certificate purchased from a CA, will the identity check still be made?</p></li> <li><p>Is there a way to disable the identity check? I know I can create my own custom certificate validator, but there doesn't seem to be a way to override the identity check using these.</p></li> </ul>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload