I see there are quite a few questions regarding this particular problem. I have a day and a half trying all the different suggestions. None so far have worked for me and I'm at a loss as to what to do next. So I'm appealing to the vast knowledge base found here with the hopes that somebody will see the problem and help me out. At one time, a couple of years ago, I had this all working for me, several PCs ago. But when I had to change to a new PC, I was unable to make it work then or any time since but was able to work around it. Now I need to resolve this for a current assignment.
I have a SOAP WCF WebService running in IIS (not IIS Express) on my local machine.
I created an App Pool. Basic Settings are .NET Framework v4.0.30319 with Integrated pipeline mode. Advanced settings have Identity set to ApplicationPoolIdentity.
I created a website (not using the default website.)
Two bindings defined:
We have a client and a Service self-signed certs that we use for development and QA. I have the Service cert assigned to the https binding. The webservice communicates to another wcf service via net.tcp.
In the basic settings, I have defined the physical path to c:\inetpub\websitename. In order to connect successfully, using Test Settings..., I had to connect as a Specific User, using my network domain userid and password. I haven't yet found a way to get around that.
In Advanced Settings.... Application Pool is set to the app pool I created. Physical path is c:\inetpub\wwwroot\websitename. Enabled Protocols set to http,net.tcp.
I am able to browse successfully to the website.
Here is the web.config for the web service:
<system.serviceModel>
<client>
<endpoint address="net.tcp://10.100.13.28:8102/Acord/201307" behaviorConfiguration="NetTcpCertificatesBehavior" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" contract="AcordContract.IAcordService201307" name="AcordEndpoint">
<identity>
<certificateReference findValue="7da522dd75f3fca2687837b7b67e117a8700ec62" isChainIncluded="false" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
<!--<dns value="localhost" />-->
</identity>
</endpoint>
<endpoint address="net.tcp://qaschedapp:8002/IMS/201210" behaviorConfiguration="NetTcpCertificatesBehavior" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" contract="IdentityManagementContract.IIdentityManagementService201210" name="IMSEndpoint">
<identity>
<certificateReference findValue="7da522dd75f3fca2687837b7b67e117a8700ec62" isChainIncluded="false" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
</identity>
</endpoint>
</client>
<services>
<service name="AcordWebService.AcordWebService" behaviorConfiguration="Visible">
<endpoint address="" binding="basicHttpsBinding" contract="AcordWebService.IAcordWebService201307" bindingConfiguration="BasicHttpsBinding">
<identity>
<dns value="localhost" />
</identity>
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange" />
<host>
<baseAddresses>
<add baseAddress="http://ift.tt/26rJTNR" />
</baseAddresses>
</host>
<!--binding for clients outside the firewall calling from C# with WCF using certs -->
<endpoint address="net.tcp://10.100.13.28:8122/AcordWebService.svc" binding="netTcpBinding" bindingConfiguration="NetTcpCertificatesBinding" name="NetTcpCertificatesEndpoint" contract="AcordWSContract.IAcordWSService201309">
<identity>
<dns value="localhost"/>
</identity>
</endpoint>
</service>
</services>
<behaviors>
<endpointBehaviors>
<behavior name="NetTcpCertificatesBehavior">
<clientCredentials>
<clientCertificate findValue="631f5a67a9a70bc78540bb809e73fd1dbd00bbeb" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint" />
<serviceCertificate>
<authentication certificateValidationMode="None" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
<serviceBehaviors>
<behavior name="Visible">
<!-- To avoid disclosing metadata information, set the values below to false before deployment -->
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" httpGetUrl=""/>
<!-- To receive exception details in faults for debugging purposes, set the value below to true. Set to false before deployment to avoid disclosing exception information -->
<serviceDebug includeExceptionDetailInFaults="true"/>
<serviceCredentials>
<serviceCertificate findValue="7da522dd75f3fca2687837b7b67e117a8700ec62" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
<clientCertificate>
<certificate findValue="631f5a67a9a70bc78540bb809e73fd1dbd00bbeb" storeLocation="LocalMachine" storeName="My" x509FindType="FindByThumbprint"/>
</clientCertificate>
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<bindings>
<basicHttpsBinding>
<!--binding for clients within the firewall but calling the old style soap service-->
<binding name="BasicHttpsBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<security mode="Transport">
<transport clientCredentialType="None" />
</security>
</binding>
</basicHttpsBinding>
<netTcpBinding>
<binding name="NetTcpCertificatesBinding" maxBufferPoolSize="2147483647" maxBufferSize="2147483647" maxReceivedMessageSize="2147483647">
<!--<readerQuotas maxDepth="32" maxStringContentLength="65535" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" />-->
<!--<reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" />-->
<security>
<transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign" />
</security>
</binding>
</netTcpBinding>
</bindings>
<protocolMapping>
<add binding="wsHttpBinding" scheme="https" />
</protocolMapping>
<serviceHostingEnvironment aspNetCompatibilityEnabled="true" multipleSiteBindingsEnabled="true" />
Here is the full error I am receiving when trying to add a service to the WCF Test Client:
Error: Cannot obtain Metadata from http://ift.tt/26rJTNT If this is a Windows (R) Communication Foundation service to which you have access, please check that you have enabled metadata publishing at the specified address. For help enabling metadata publishing, please refer to the MSDN documentation at http://ift.tt/1g0JtV3 Exchange Error URI: http://ift.tt/26rJTNT Metadata contains a reference that cannot be resolved: 'http://ift.tt/26rJTNT'. Could not establish trust relationship for the SSL/TLS secure channel with authority '10.100.13.28:51448'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.HTTP GET Error URI: http://ift.tt/26rJTNT There was an error downloading 'http://ift.tt/26rJTNT'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. The remote certificate is invalid according to the validation procedure.
Lastly, to fill in a few holes in the information:
Any and all help will be appreciated if I'm able to finally resolve this problem.
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire