I don't know if this is a question more suited for Serverfault.com, really depends on the answer, but I have followed this tutorial in .NET C# to setup a WCF service under 'wsHttpBinding' (Transport Security & Certificate Authentication), I have created a test development certificate using the methods described here and I have also configured my HTTPS 443 port in Bindings for IIS.
Everything has been working pretty good each step, however I am receiving an error in the the Example "Hello World" service I created (again, all followed via the MSDN tutorial link I first stated) when hitting https://vd1/WcfWsHttpBindingTest/Service.svc
(VD1 being my local computer name):
HTTP Error 403.7 - Forbidden
The page you are attempting to access requires your browser to have a Secure Sockets Layer (SSL) client certificate that the Web server recognizes.
I have followed both tutorials as stated to install my server certificate and the client certificate and it has been configured in IIS; Also if I negate the 'https' and just use 'http' I receive a 403.4 Forbidden stating I am trying to access a page which has been secured with SSL, so I'm pretty sure that side of it is working.
Any ideas folks?
I haven't deviated from the tutorials, I am running IIS 7.0 and Vista Business.
It would even help if somebody could start me from a clean slate by giving me better tutorial links for configuring a service with wsHttpBinding.
** If anyone had seen my initial post, you will notice I closed my answer as it has evolved to the problem above **
-
Sounds like the client credentials aren't getting set or there is a problem with the config files. Can you post the config files so we can see the ClientCredentials configuration, which configures in a tag like: < clientCertificate > .
Alternately, a cert can be configured in code, so if you have the source code that configures the cert on the proxy, post that.
A final check would be Vista Specific. You should run VS (and possibly related processes for certificate generation) as admininstrator: Some Info on Vista Admin
If none of that helps, try CodePlex for some guidance, I found that the checklists for security configuration helped me no end.
-
Thanks for your help Tanner.
After two hours of scratching my head and tinkering, with help from a colleague we narrowed it down to one step which was not done correctly. The Certificate was being added to "Local User" not "Local Computer".
Thanks again.
0 comments:
Post a Comment