Wcf encryption/decrpytion using both server and client certificates

Question

0.00/5 (No votes)

See more:

, +

Hi,

I have created a service where there would be a private cert on the server where i am hosting the service and the client will have public key of it. 
And the client would have a different private key where they will encrypt the message which they send to the endpoint i create and i have the public key for it which i will use to decrypt the message. 
What i have so far in the server config file.

So this one takes care of the main private cert where the service will be hosted. I am not sure where/how to put the public key of the cert where client has/uses the private key to encrypt the message.

What I have tried:

<pre><?xml version="1.0"?>
    <configuration>
      <appSettings>
      </appSettings>
      <system.web>
        <httpRuntime maxRequestLength="2147483647"/>
        <compilation debug="false" strict="false" explicit="true" targetFramework="4.5.2"/>
        <pages controlRenderingCompatibilityVersion="4.0"/>
        <customErrors mode="Off"/>
      </system.web>
      <system.serviceModel>
        <bindings>
          <basicHttpBinding>
            <binding name="basicHttpEndPointBinding">
              <security mode="Message">
                <message clientCredentialType="Certificate"/>
              </security>
            </binding>
          </basicHttpBinding>
        </bindings>
        <services>
          <service behaviorConfiguration="wcfJNet.ServiceBehavior" name="wcfJNetService">
            <endpoint address="" binding="basicHttpBinding" 
              bindingConfiguration="basicHttpEndPointBinding"
              contract="IJNetService">
              <identity>
                <dns value="xxxxxx" />
              </identity>
            </endpoint>
          </service>
        </services>
        <behaviors>
          <serviceBehaviors>
            <behavior name="wcfJNet.ServiceBehavior">
              <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
              <serviceDebug includeExceptionDetailInFaults="true"/>
              <serviceCredentials>
                <serviceCertificate findValue="0000xx000" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySerialNumber"/>
                <clientCertificate>
                  <authentication certificateValidationMode="PeerOrChainTrust"/>
                </clientCertificate>
              </serviceCredentials>
            </behavior>
          </serviceBehaviors>
        </behaviors>
        <protocolMapping>
          <add binding="basicHttpsBinding" scheme="https"/>
        </protocolMapping>
        <serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
      </system.serviceModel>
      <system.webServer>
        <modules runAllManagedModulesForAllRequests="true"/>
        <!--
            To browse web app root directory during debugging, set the value below to true.
            Set to false before deployment to avoid disclosing web app folder information.
          -->
        <directoryBrowse enabled="true"/>
      </system.webServer>
    </configuration>

Posted 7-Jan-20 10:57am

Member 4581741

Updated 7-Jan-20 11:42am

Add a Solution

Comments

phil.o 7-Jan-20 17:39pm

The public key is used to encrypt a message, not the private one. The private key is used to decrypt an encrypted message.
Shortly:

private key is used:
- to sign messages
- to decrypt messages encrypted with public key
public key is used:
- to verify the signatures of messages signed with private key
- to encrypt messages

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

phil.o · Answer 1 · 2020-01-07T11:42:00

Solution 1

Use https. You just have to create a valid certificate for the server, once done you will have nothing else to worry about.

Posted 7-Jan-20 11:42am

phil.o