Hi Everyone:
We have a WCF Remote service running on a separate server computer and we are using certificates. I am calling that service from my local computer. So the service is running on a remote server and I am calling it from my local client computer.
We get the following error:
Secure channel cannot be opened because security negotiation with the remote endpoint has failed. This may be due to absent or incorrectly specified EndpointIdentity in the EndpointAddress used to create the channel. Please verify the EndpointIdentity specified or implied by the EndpointAddress correctly identifies the remote endpoint.
NOTE: On the remote server I used makecert to create 2 certificates: WCfServer and WcfClient. They are in the LocalMachine in the Personal My area and they are also in the TrustedPeople area if you do an MMC and show LocalMachine. This is on the server. I also exported them to my local client computer as well using MMC.
Where should these certificates be? On the server only? On both server and local machine?
Here is the config file on the remote server machine:
*******************************************************
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
<section name="log4net" type="log4net.Config.Log4NetConfigurationSectionHandler, log4net" />
</configSections>
<appSettings>
<!-- Start Do not change -->
<add key="ContextProvider" value="RemoteWindowService.ContextProvider, RemoteWindowService" />
<!-- End Do Not Change-->
<!--App Specific-->
<add key="WorkingDirectory" value="c:\app\v6.05" />
<add key="ResultFileNameDirectory" value="c:\app\v6.05\XMLoutput" />
<add key="ProWin32Location" value="c:\dlc91\bin\mbpro.bat" />
<add key="TempDirectoryPath" value="c:\temp" />
<add key="DatabaseRelativePath" value="..\pf\app0.pf" />
<add key="ProgramRelativePath" value=".\bin\web_Connect.p" />
<add key="IniAbsolutePath" value=".\bin\web.ini" />
<!-- App Specfic End-->
</appSettings>
<log4net debug="true">
<appender name="tnet" type="log4net.Appender.TelnetAppender">
<port value="29"/>
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%-5p [%t]: %m%n"/>
</layout>
</appender>
<appender name="RollingFile" type="log4net.Appender.RollingFileAppender">
<file value="today.log" />
<appendToFile value="true" />
<rollingStyle value="Date" />
<datePattern value="yyyyMMdd" />
<maxSizeRollBackups value="7" />
<layout type="log4net.Layout.PatternLayout">
<conversionPattern value="%d{MM/dd/yyyy HH:mm:ss}: %p %t %c{1} - %m%n" />
</layout>
</appender>
<root>
<level value="debug" />
<appender-ref ref="tnet" />
<appender-ref ref="RollingFile" />
</root>
</log4net>
<system.serviceModel>
<services>
<!-- Network Specific Information -->
<service name="RemoteService.App.RemoteServiceWCF" behaviorConfiguration="behavior">
<endpoint bindingConfiguration="Binding1" contract="RemoteService.App.IAppRemoteService" binding="netTcpBinding"/>
<host>
<baseAddresses>
<add baseAddress="net.tcp://localhost:1081/BApp"/>
</baseAddresses>
</host>
</service>
<!-- End Network Specific Information -->
</services>
<behaviors>
<serviceBehaviors>
<behavior name="behavior">
<serviceMetadata />
<serviceDebug includeExceptionDetailInFaults="True"/>
<dataContractSerializer maxItemsInObjectGraph="10000000" />
<serviceThrottling
maxConcurrentCalls = "25"
maxConcurrentSessions = "1000" />
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust"/>
</clientCertificate>
<serviceCertificate findValue="WCfServer"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="LargeEndpointBehavior">
<dataContractSerializer maxItemsInObjectGraph="10000000"/>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name="Binding1" closeTimeout="00:5:00"
openTimeout="00:5:00" receiveTimeout="00:5:00" sendTimeout="00:5:00"
maxConnections="100" maxReceivedMessageSize="2147483647">
<security mode="Message">
<message clientCredentialType="Certificate" />
</security>
</binding>
</netTcpBinding>
</bindings>
</system.serviceModel>
</configuration>
********************************************
I do the client configuration in my C# code.
The code is as follows:
**********************************************
myBinding.Name = "netTcpBinding";
myBinding.Security.Mode = SecurityMode.Message;
myBinding.Security.Transport.ClientCredentialType = TcpClientCredentialType.Certificate;
if (serverEndPoint == null)
serverEndPoint = organization.ServiceEndPoint;
if (serverEndPointPort == -1)
serverEndPointPort = organization.ServiceEndPointPort;
//EndpointIdentity.CreateDnsIdentity("WCfServer") below refers to the server certificate WCfServer.
var myEndpoint = new EndpointAddress(new Uri("net.tcp://" + serverEndPoint + ":" + serverEndPointPort + "/RemoteApp"), EndpointIdentity.CreateDnsIdentity("WCfServer"), new AddressHeaderCollection());
if (cf == null)
{
cf = new ChannelFactory<IAppRemoteService>(myBinding, myEndpoint);
cf.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine,
StoreName.My, X509FindType.FindBySubjectName, "WcfClient");
cf.Credentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerTrust;
}
foreach (OperationDescription op in cf.Endpoint.Contract.Operations)
{
DataContractSerializerOperationBehavior dataContractBehavior = op.Behaviors.Find<DataContractSerializerOperationBehavior>() as DataContractSerializerOperationBehavior;
if (dataContractBehavior != null)
{
dataContractBehavior.MaxItemsInObjectGraph = 2147483647;
}
}
BoomerangContext.ContextFactory.GetContextProvider().GetLogger().Debug("Getting Open Channel");
BoomerangContext.ContextFactory.GetContextProvider().GetLogger().Debug("WCF Connection Opening ");
cf.Open();
remoteService = cf.CreateChannel();
**************************************************************************************
Thanks and Best Regards,
Alan