WCF and client certificate authentication

By : Ant
Source: Stackoverflow.com
Question!

Writing a web service client in C#/WCF and can't get the channel to authenticate. This is the error message that I get when I try to execute an API call:

"Could not establish secure channel for SSL/TLS with authority 'www.redacted.com'."

And the config file:

    <behaviors>
        <endpointBehaviors>
            <behavior name="NewBehavior0">
                <clientCredentials>
                    <clientCertificate findValue="th um bp ri nt va lu e  go es he re"
                        x509FindType="FindByThumbprint" />
                </clientCredentials>
            </behavior>
        </endpointBehaviors>
    </behaviors>
    <bindings>
        <basicHttpBinding>
            <binding name="WsApiServiceSoapBinding" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferSize="65536" maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Mtom" textEncoding="utf-8" transferMode="Buffered" useDefaultWebProxy="true">
                <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384"/>
                <security mode="Transport">
                    <transport clientCredentialType="None" proxyCredentialType="None" realm=""/>
                    <message clientCredentialType="UserName" algorithmSuite="Default"/>
                </security>
            </binding>
        </basicHttpBinding>
    </bindings>
    <client>
        <endpoint address="https://www.<redacted>.com/services/WsApiService/"
            behaviorConfiguration="NewBehavior0" binding="basicHttpBinding"
            bindingConfiguration="WsApiServiceSoapBinding" contract="WsApiServicePortType"
            name="WsApiServicePort" />
    </client>

The only thing I'm doing in the client code is executing a call to the getDoc method. The proxy class is auto-generated from a WSDL under WCF. I've verified that the certificate is installed in the Personal category in certmgr, is not expired, and is intended for all purposes. (I should note that this same cert worked just fine under WSE.) I've searched around and can't find anything that contradicts how it's currently configured.

Any ideas? If you need to see some more code let me know and I'll post it ASAP.

By : Ant


Answers
Well, after digging a bit deeper, I found out that I was using the wrong thumbprint . The one I was using belonged to a cert from the same issuer but for a different endpoint (not sure how I got them mixed up). Now that I have the right certificate being used, I can establish SSL.

Now I just have to figure out why this MTOM service is surprised at my MTOM request :P

By : Ant


This video can help you solving your question :)
By: admin