By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
444,190 Members | 1,412 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 444,190 IT Pros & Developers. It's quick & easy.

WCF Transport Security fails if IIS running as NetworkService acco

P: n/a
Hi,

I'm working on a Web application that consumes a WCF Service that uses basic
HTTP binding with transport security and certificates for client credentials.
Just to clarify, the WebServer (IIS 7) is the client, and an application
that self hosts the WCF service is the server.

This is the binding configuration that I use on the client and service side:
<bindings>
<basicHttpBinding>
<binding name="basicHttpBindingWithTransportSecurity">
<security mode="Transport">
<transport clientCredentialType="Certificate" />
</security>
</binding>
</basicHttpBinding>
</bindings>

When I run IIS 7 using the default NetworkService account, I get this error:
Could not establish secure channel for SSL/TLS with authority
'localhost:50391'.

When I run IIS 7 using the LocalSystem account, or if I set the
clientCredentialType="None", then it works just fine.

What is it that causes the clientCredentialType="Certificate" to require
elevated rights in IIS 7?
I don't think it is access to the certificate, since I can see the public
key in debug.
(client.ClientCredentials.ClientCertificate.Certif icate.PublicKey.EncodedKeyValue.RawData seems to have a value).

Thanks,
Erik
Aug 9 '07 #1
Share this question for a faster answer!
Share on Google+

This discussion thread is closed

Replies have been disabled for this discussion.