473,594 Members | 2,756 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

WCF WSHttpBinding Certificate PeerTrust

I am developing a WCF based app on Vista using IIS 7.0 but it will be
deployed on Microsoft Server 2003 with IIS 6.0. The app uses WSHttpBinding
and mutual Certificate authentication. The app works fine in the Vista IIS7.0
environment, but when moving it to the test environment that matches
production, I cannot get certificate authentication to work. I get the
following error: "The certificate that was used has a trust chain that cannot
be verified. Replace the certificate or change the
certificateVali dationMode."

The strange this is that I have the certifcateValid ationMode set to PeerTrust.
<serviceCredent ials>
<clientCertific ate>
<authenticati on certificateVali dationMode="Pee rTrust"
trustedStoreLoc ation="LocalMac hine" />
</clientCertifica te>
<serviceCertifi cate findValue="AdcB ehindTheFirewal l"
storeLocation=" LocalMachine" storeName="My"
x509FindType="F indBySubjectNam e" />
</serviceCredenti als>

I also tried changing certificateVali dationMode="Non e" and still got the
same error.

Any ideas on what may be wrong in the Server 2003 environment?

Mar 16 '08 #1
1 6014
I have a bit more information regarding my issue. When testing the services
in Vista I was using certificates created with the MakeCert command. When
running the services on Server 2003, the certificates were created by the
client's IT department. One difference, is that my certificates were
self-signed while the certificates they created are signed by a root
authority. I moved the MakeCert generated certs to Server 2003 and the
service works with one setup difference. I had to put the public key cert not
only in the Trusted People store on the client, but also in the Trusted Root
CA store on the client. I am not sure why I had to do that since I am using
PeerTrust and did not have to do that on Vista.

Any idea on why the I have to put the cert in the Trusted Root CA store on
the client?

"Rick" wrote:
I am developing a WCF based app on Vista using IIS 7.0 but it will be
deployed on Microsoft Server 2003 with IIS 6.0. The app uses WSHttpBinding
and mutual Certificate authentication. The app works fine in the Vista IIS7.0
environment, but when moving it to the test environment that matches
production, I cannot get certificate authentication to work. I get the
following error: "The certificate that was used has a trust chain that cannot
be verified. Replace the certificate or change the
certificateVali dationMode."

The strange this is that I have the certifcateValid ationMode set to PeerTrust.
<serviceCredent ials>
<clientCertific ate>
<authenticati on certificateVali dationMode="Pee rTrust"
trustedStoreLoc ation="LocalMac hine" />
</clientCertifica te>
<serviceCertifi cate findValue="AdcB ehindTheFirewal l"
storeLocation=" LocalMachine" storeName="My"
x509FindType="F indBySubjectNam e" />
</serviceCredenti als>

I also tried changing certificateVali dationMode="Non e" and still got the
same error.

Any ideas on what may be wrong in the Server 2003 environment?
Mar 18 '08 #2

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
4
11315
Client Certificate Validation
by: Matt Frame | last post by:
I am working on a special ASP.Net application that receives files from customers. The connection is made via HTTPS and the client sends the file as a POST to my ASP.Net listener. All of this works fine. Now I am looking at how to validate the clients certificate programmatically. The client application sends to me with something like: .... Dim myHttp As HttpWebRequest = CType(WebRequest.Create(https://myserver/Receive.aspx),...
ASP.NET
6
1964
Q: to create a certificate
by: JIM.H. | last post by:
Hello, I am trying to create a certificate for our internet for our employees so that they can login to system from home. Do I have to go, for example, VeriSign to get a certificate? Can I create my own certificate and use it since it is not actually a public web site? Thanks,
ASP.NET
0
2735
Active Direcotory - Map a certificate to a user account
by: jakobsgaard | last post by:
It is possible to Map a certificate to a Active Directory User Account from DotNet? Please provide an example. Best regards, Ejnar Jakobsgaard ------------------------------------------------- To map a certificate to a user account Open Active Directory Users and Computers.
.NET Framework
11
4050
Obtaining SSL certificate info from SSL object - BUG?
by: John Nagle | last post by:
The Python SSL object offers two methods from obtaining the info from an SSL certificate, "server()" and "issuer()". The actual values in the certificate are a series of name/value pairs in ASN.1 binary format. But what "server()" and "issuer()" return are strings, with the pairs separated by "/". The documentation at "http://docs.python.org/lib/ssl-objects.html" says "Returns a string containing the ASN.1 distinguished name identifying...
Python
4
9212
WSHttpBinding in WCF
by: =?Utf-8?B?RGFuTQ==?= | last post by:
Hi, If I have a WCF web service deployed that uses the WSHttpBinding, is it possible for a web service client to connect to my service if that client does not support WS-Addressing, or is WS-Addressing mandatory when the WSHttpBinding is in use? Many thanks, Dan
.NET Framework
0
2386
WCF / wsHttpBinding / Digital Signature Corruption (!!)
by: Chris Mullins [MVP - C#] | last post by:
I've got a WCF Service hosted in IIS running on a Win2k3 machine. The service is built with Beta 2 of Orcas. The service is configured for Message Security, using the UserNameToken provider. Users are authenticated using the ASP.Net Membership provider, and authorized using the ASP.NET role provider. The server has a self-signed certificate installed and properly configured. The Service is configured to find this cert, and all of that...
.NET Framework
0
1493
wsHttpBinding without WS-Addressing
by: =?Utf-8?B?RGVubmlzIE1jQ2FydGh5?= | last post by:
I need to configure a WCF service that uses all of the wsHttpBinding defaults, except WS-Addressing. (The Java client technology that will use this service does not support the WS-Addressing specification.) Can anyone tell me how to do this in a configuration file? Thanks, Dennis
.NET Framework
1
1751
Configuring for wsHttpBinding in vs2005 dev environment
by: Bill Fuller | last post by:
I am trying to test a WCF web service in Visual Studio 2005 that has been configured to use wsHttpBinding and getting a security error. I am not sure how to do this. Is there any examples or docs on this?
C# / C Sharp
2
12864
WCF and ASP.Net wsHTTPBinding Access Denied
by: =?Utf-8?B?RWRkaWU=?= | last post by:
Here is my scenario for a problem I can't solve. I am hosting a 3.5 WCF service in IIS on Windows Server 2003. The service works fine with the WCF test client in Visual Studio 2008 and from an ASP.Net client hosted on my development machine in VS2008. As soon as I deploy the ASP.net client to the "Same" IIS server, I get Access Denied messages. My goal is to use AD security groups so the authenticated user on the ASP.net page should be...
.NET Framework
0
7946
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
7876
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
Windows Server
0
8251
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
8234
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
General
0
6654
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
1
5739
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
Microsoft Access / VBA
0
5408
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
3897
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
0
1210
bsmnconsultancy
Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
General

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us