[Mono-list] basichttpbinding with client certificates not working - alternatives?
Darkness
peter.speybrouck at gmail.com
Thu Nov 5 20:10:15 UTC 2015
Hi,
I am trying to set up a selfhosted WCF service with transport security and
client certificates.
Transport security is working fine with basicHttpBinding, but when I set the
transport client credential type to certificate, the client authentication
does not seem to work on mono. (all certificates are in place)
When debugging the service in Visual studio on .Net 4.0, everything seems to
work, and the service can also get the certificate from the client to do
some extra checks for access.
When I transfer this to a linux server with Mono 3.12.0, the service seems
to be working, but it can not get the client certificate. After
investigating, it seems that
*OperationContext.Current.IncomingMessageProperties.Security.ServiceSecurityContext*
is null where this is not when running on .Net.
It seems as if basicHttpBinding does not support client certificates and
instead just lets everything pass as if it was authenticated...
I could not really find if basicHttpBinding supports client certificates or
not, so it's a little unclear if this is possible at all.
If this is not implemented, is there another type of binding that does
support https+client certificates?
Right now I was trying with transport security but message security is also
acceptable if this would be an option.
Some code snippets for some more details:
Serverside config:
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Certificate;
ServiceHost serviceHost = new ServiceHost(typeof(DataService));
serviceHost.AddServiceEndpoint(typeof(IDataService), binding,
"https://localhost:9902/DataService");
serverside client identification:
var cert =
((System.IdentityModel.Claims.X509CertificateClaimSet)OperationContext.Current.ServiceSecurityContext.AuthorizationContext.ClaimSets[0]).X509Certificate;
Clientside:
BasicHttpBinding binding = new BasicHttpBinding();
binding.Security.Mode = BasicHttpSecurityMode.Transport;
binding.Security.Transport.ClientCredentialType =
HttpClientCredentialType.Certificate;
ChannelFactory<IDataService> factory = new
ChannelFactory<IDataService>(binding, "https://localhost:9902/DataService");
factory.Credentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindByThumbprint,
clientCertificateThumbprint);
IDataService proxy = factory.CreateChannel();
Is there some way to get this working with basicHttpBinding or another
binding?
This page is rather vague about what is implemented and what not. At least
not clear enough to determine if it is possible:
http://www.mono-project.com/docs/web/wcf/
--
View this message in context: http://mono.1490590.n4.nabble.com/basichttpbinding-with-client-certificates-not-working-alternatives-tp4666882.html
Sent from the Mono - General mailing list archive at Nabble.com.
More information about the Mono-list
mailing list