Hi!
We faced the problem during creating the web service with security settings.
Certificate was received from the CA just for test purposes.
After this we did following:
1) enabling port used by the service using the httpcfg set ssl -i 0.0.0.0:777 -h
2) httpcfg set urlacl -u https://:777/TlsService/ServiceSecure -a D:(A;;GA;;;AN)
3)httpcfg set iplisten-i 0.0.0.0:777
The WebService code is following:
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Message.ClientCredentialType = MessageCredentialType.None;
ServiceHost host = new ServiceHost(typeof(DeviceObservationConsumer_hostPCDData), new Uri("https://<domainname>:777/TlsService/ServiceSecure"));
host.Credentials.ServiceCertificate.SetCertificate(StoreLocation.CurrentUser, StoreName.My, X509FindType.FindByThumbprint, (string)"bd 35 ec c0 e6 b3 9a ac 74 09 09 c5 84 b8 fd 58 51 44 87 7d");
host.AddServiceEndpoint(typeof(IDeviceObservationConsumer_Binding_Soap12), binding, "");
ServiceMetadataBehavior smb = host.Description.Behaviors.Find<servicemetadatabehavior>();
if (smb == null)
smb = new ServiceMetadataBehavior();
smb.HttpsGetEnabled = true;
host.Description.Behaviors.Add(smb);
host.AddServiceEndpoint(ServiceMetadataBehavior.MexContractName, MetadataExchangeBindings.CreateMexHttpsBinding(), "mex");
host.Open();
Client code:
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Message.ClientCredentialType = MessageCredentialType.None;
EndpointAddress addr = new EndpointAddress("https://<domainname>:777/TlsService/ServiceSecure");
ChannelFactory<deviceobservationconsumer_porttype> myChannelFactory = new ChannelFactory<deviceobservationconsumer_porttype>(binding, addr);
DeviceObservationConsumer_PortType client = myChannelFactory.CreateChannel();
CommunicatePCDDataRequest req = new CommunicatePCDDataRequest("ciao mamma guarda come mi diverto!");
CommunicatePCDDataResponse resp = client.CommunicatePCDData(req);
myChannelFactory.Close();
We can't access the "https://<domainname>:777/TlsService/ServiceSecure" via browser and the client get the exception : An error occurred while making the HTTP request to https://<PCname>:777/TlsService/ServiceSecure. This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server.
What we r doing wrong?
We do not using configuration file, everything is done inside the code.
And the
httpcfg query ssl
give as the response the following:
IP : 0.0.0.0:777
Hash : bd35ecc0e6b39aac74 9 9c584b8fd585144877d
Guid : {00000000-0000-0000-0000-000000000000}
CertStoreName : MY
CertCheckMode : 0
RevocationFreshnessTime : 0
UrlRetrievalTimeout : 0
SslCtlIdentifier : (null)
SslCtlStoreName : (null)
Flags : 0
I was wondering .. the Hash is differ a bit from the one we put... the spaces presented on the response was the "0"... for some reason they were replaced... could it be the reason for the problem?
Any suggestion is appreciated!
Thanks
Liudmila