I have a custom implementation of ClientCredentials in WCF. Two of the base properties of ClientCredentials are the ClientCertificate and ServiceCertificate, as seen here (MSDN).
In my configuration, I have my custom ClientCredentials set, and both certificates defined:
<endpointBehaviors>
<behavior name="MyCustomEndpointBehavior">
<clientCredentials type="MyApp.Security.CentralAuthClientCredentials, MyApp">
<clientCertificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" />
<serviceCertificate>
<defaultCertificate findValue="localhost" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" />
<authentication certificateValidationMode="None" revocationMode="NoCheck" />
</serviceCertificate>
</clientCredentials>
</behavior>
</endpointBehaviors>
This configuration was completely 100% working with UserName authentication. It used the certs to encrypt the username and password for the Message. Then I changed to my custom ClientCredentials.
At runtime, here are the properties that are set on my CentralAuthClientCredentials:
this.ClientCertificate = System.ServiceModel.Security.X509CertificateInitiatorClientCredential
this.ClientCertificate.Certificate = null
this.ServiceCertificate = System.ServiceModel.Security.X509CertificateRecipientClientCredential
this.ServiceCertificate.DefaultCertificate = null
So, why are the client and service default certificate that are defined in configuration not set on the actual instantiated object? It looks as if WCF ignored the XML tags completely!
Is there some code I can use, maybe in the constructor of the credentials, to get those certificates from the configuration manually?
Thanks for any help!
Update
I'm an idiot. I figured it out. WCF was actually creating my instance correctly with the certificates set, but in my wcf client, I had the following remove/add series, that I think I copied from the MSDN example:
this.ChannelFactory.Endpoint.Behaviors.Remove<ClientCredentials>();
this.ChannelFactory.Endpoint.Behaviors.Add(new CentralAuthClientCredentials());
return base.Channel.MyServiceMethod();
To remove the old credentials and add my own custom ones. However this was making a new instance that didnt have the certificates set! oops!
-
So that I can mark this as answered, I'm adding my own solution, which was to remove this code from the client that makes a new credential:
this.ChannelFactory.Endpoint.Behaviors.Remove<ClientCredentials>(); this.ChannelFactory.Endpoint.Behaviors.Add(new CentralAuthClientCredentials());
and use the one already set by WCF, instead of calling Remove() on it.
0 comments:
Post a Comment