WCF Routing with Message Security

StackOverflow https://stackoverflow.com/questions/9197937

  •  27-04-2021
  •  | 
  •  

Question

I have a WCF service with Message Security Authentication.

I want to set up a routing service for Load Balancing.

For some reason it doesn't work, I've enabled includeExceptionDetailInFaults to see exceptions, so in the client I see:

The client certificate is not provided. Specify a client certificate in ClientCredentials.

It seems that the certificate isn't forwarded from router->service.

Currently the client/router/service is on the same machine, so I have all the certificates, but if I deploy them on a different machine will the Router have to have the private keys?

In addition, if I want to establish a non-secured connection between the router and service (offload the security), how can I provide the Identity of the caller?

EDIT : For all Client/Router(both server&client)/Server the security configured the same :

            <security mode="Message">
                <message clientCredentialType="Certificate" negotiateServiceCredential="false"
                    algorithmSuite="Default" establishSecurityContext="false" />
            </security>
Was it helpful?

Solution 4

This blog post explains that Microsoft didn't support this scenarion-

http://blogs.microsoft.co.il/blogs/applisec/archive/2011/12/12/wcf-routing-and-message-security.aspx

OTHER TIPS

There are many articles that says Microsoft didn't support this scenario and it is true.

This article explains how to write your own custom solution to provide security to all client/router/service.

The client certificate is not provided. Specify a client certificate in ClientCredentials.

I have seen this error when the service certificate doesn't match the host domain name.

If you are still seeing this issue can you post some of your configuration entries?

1) As first try to set certificate in the client side by code.

ChannelFactory<IService1> factory = 
             new ChannelFactory<IService1>("Service1_Endpoint");
factory.Credentials.ServiceCertificate.SetDefaultCertificate(
             System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser,
             System.Security.Cryptography.X509Certificates.StoreName.My,
             System.Security.Cryptography.X509Certificates.X509FindType.FindBySubjectName,
             "<SeriveCerificateName>");

If you really have problem with certificate you promptly get exception at the application startup.

2) If there is no exception then check thumbprints of the service certificate on both sides.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top