Hello,
I have a problem with custom authentication over https. What I need is a secure channel and authenitcation on message level. I got it working quite well, but my custom validator never gets called.
When in IIS7 i use Authentication -> Basic Authentication, I get the following error
"The authentication schemes configured on the host ('Basic') do not allow those configured on the binding 'WSHttpBinding' ('Anonymous'). Please ensure that the SecurityMode is set to Transport or TransportCredentialOnly. Additionally, this may be resolved by changing the authentication schemes for this application through the IIS management tool, through the ServiceHost.Authentication.AuthenticationSchemes property, in the application configuration file at the <serviceAuthenticationManager> element, by updating the ClientCredentialType property on the binding, or by adjusting the AuthenticationScheme property on the HttpTransportBindingElement. "
When in IIS7 i use Authentication -> Anonymuse Authentication, my custom validator never gets called.
Here's my config:
system.web>
compilation debug="true" targetFramework="4.5"/>
customErrors mode="Off"/>
pages controlRenderingCompatibilityVersion="4.0"/>
/system.web>
system.serviceModel>
protocolMapping>
add scheme="https" binding="wsHttpBinding" />
/protocolMapping>
diagnostics performanceCounters="Default">
messageLogging logEntireMessage="true" logMalformedMessages="true"
logMessagesAtServiceLevel="false" logMessagesAtTransportLevel="true" />
/diagnostics>
services>
service behaviorConfiguration="VASServiceBehavior" name="nsVASSERVICE.WCFVASSERVICE">
endpoint address="mex" binding="mexHttpsBinding" bindingConfiguration="mexHttpsBinding"
name="mexHttpsBindingEndpoint" contract="IMetadataExchange" />
endpoint address="ws" binding="wsHttpBinding" bindingConfiguration="wsHttpBinding"
name="wsHttpBindingEndpoint" contract="nsVASSERVICE.IWCFPBSERVICE" />
/service>
/services>
bindings>
wsHttpBinding>
binding name="wsHttpBinding">
security mode="Message">
transport clientCredentialType="None" />
message clientCredentialType="UserName" negotiateServiceCredential="true" />
/security>
/binding>
/wsHttpBinding>
mexHttpsBinding>
binding name="mexHttpsBinding" />
/mexHttpsBinding>
/bindings>
client>
endpoint address="https://mymachine/WCFVASSERVICE.svc/mex" binding="wsHttpBinding"
bindingConfiguration="wsHttpBinding" contract="nsVASSERVICE.IWCFPBSERVICE"
name="mexHttpsBindingEndpoint1" />
/client>
behaviors>
endpointBehaviors>
behavior name="VASServiceEndpointBehavior">
clientCredentials>
clientCertificate findValue="PayBox" storeLocation="LocalMachine"
x509FindType="FindBySubjectName" />
serviceCertificate>
authentication certificateValidationMode="Custom" revocationMode="Online" />
/serviceCertificate>
/clientCredentials>
soapProcessing processMessages="true" />
/behavior>
/endpointBehaviors>
serviceBehaviors>
behavior name="VASServiceBehavior">
serviceMetadata httpGetEnabled="false" httpsGetEnabled="true" />
serviceCredentials useIdentityConfiguration="true">
serviceCertificate findValue="PayBox" x509FindType="FindBySubjectName" />
userNameAuthentication userNamePasswordValidationMode="Custom"
includeWindowsGroups="false" customUserNamePasswordValidatorType="nsVASSERVICE.CustomUserNamePasswordValidator, VASSERVICE" />
windowsAuthentication includeWindowsGroups="false" />
/serviceCredentials>
serviceDebug httpHelpPageEnabled="false" includeExceptionDetailInFaults="true" />
/behavior>
/serviceBehaviors>
/behaviors>
serviceHostingEnvironment aspNetCompatibilityEnabled="false"
multipleSiteBindingsEnabled="true" />
/system.serviceModel>
How can I configure IIS and web.config for custom usernamepasswordvalidator ?
Submit an article or tip