Nine Simple steps to enable the certificates on WCF

Table of Contents

• Introduction and Goal
• Beginner WCF FAQs
• Step 1:create client and server certificates
• Step 2:copy The certificates in trusted people certificates
• Step 3:specify the certification path and mode in the WCF service Web. config file
• Step 4:define Binding
• Step 5:tie up the bindings with the end point
• Step 6:make your Web application client for consuming the WCF service
• Step 7:define Certificates in WCF Client
• Step 8:tie up the behavior with the end point on the WCF client
• Step 9:enjoy your hard work
• Download Code

Introduction and Goal

In this article, we'll discuss how we can enable the certificates on a WCF service.  WCF has the modes by which it transfers data:transport and message. This tutorial would concentrate on how we can enable certificates on the message mode of data transfer.

Nowadays I am distributing my questions and Answers ebook which covers major. NET Related topics like WCF, WPF, WWF, A JAX, Core. NET, SQL Server, architecture, and a lot more.  I am sure you'll enjoy this ebook:http://www.questpond.com/sampledotnetinterviewquestionbook.zip. I have also been recording videos on. NET Technologies, and you can catch all of the action here.

Beginner WCF FAQs

Fresh to WCF, please refer the below the WCF FAQ articles:

• WCF FAQ Part 1:this are a question FAQ for beginners which explains the basic concepts of WCF like End Points, Contrac TS, and bindings. It also discusses the various hosting methodologies of WCF services. The article finally talks about bindings and one of the operations in WCF.
• WCF FAQ Part 2:this FAQs Covers questions which talks about concepts like duplex contracts, hosting WCF on different p Rotocols, MSMQ bindings, transaction isolation levels, and both. The article also talks about a queues:volatile and dead letter queue.

Step 1:create client and server certificates

Create the certificates, one for the server and the other for the client, using makecert.exe. You can get Makecert.exe from the "C:\Program Files\Microsoft Visual Studio 8\common7\tools\bin" folder . You can go to the DOS prompt and run the below command snippet:

Hide Copy Code

MAKECERT.EXE-SR currentuser-ss my-a sha1-n Cn=wcfserver-sky exchange-pemakecert.exe-sr currentuser-ss my-a SHA1- N Cn=wcfclient-sky Exchange-pe

Below is a detailed explanation of the various attributes specified in makecert.exe.

Attribute	Explanation
-sr	Specifies the Registry location of the certificate store. The SubjectCertStoreLocation argument must be either of the following: currentUser: Specifies the registry location HKEY_CURRENT_USER. localMachine: Specifies the registry location HKEY_LOCAL_MACHINE.
-ss	Specifies the name of the certificate store where the generated certificate is saved.
-A	Specifies the algorithm. Can be either MD5 or SHA1.
-N	Specifies a name for the certificate. This name is must conform to the X.500 standard. The simplest method is to use the "cn=myname" format. If the/n switch is not a specified, the default name of the certificate is "Joe ' s software Emporium".
-sky	Specifies the key type. Can be either Exchange or signature.
-pe	This makes the key exportable.

Note: Makecert.exe is a free tool provided by Microsoft which helps to create a/b certificates that AR E signed by a system test root key or by another specified key. This was a test certificate and not a real one and should not being used for production purposes. For production, buy proper certificates from Thawte, Verisign, GeoTrust, etc.

Currently, we have specified a, we want to create the client key with the WcfClient name and server key WCFServer . The certificates should is created for the current user and should is exportable.

Once you run the command and you should see the Succeeded message as shown in the below figure. The below figure shows keys created for both the server and client.

Step 2:copy The certificates in trusted people certificates

Go to Start Run and type MMC and press Enter. You'll be popped with the MMC console.  Click on File--Add/remove snap-in. You'll be popped to a add/remove snap-in, click on the Add button, select Certificates, and select ' My user Accoun T '.

You can see the certificates created for the client and server in the Personal Certificates folder. We need to copy those certificates in the Trusted people folder.

Step 3:specify the certification path and mode in the WCF Service Web. config file

Now, we have created both the certificates, we need to refer these certificates in our WCF project. We have created, Projects:one, the WCF service and the other a Web application which would consume the WCF serv Ice.

Let's open the Web. config file of the WCF service and enter the important things:

• Where The certificate is stored, location, and how the WCF application should find it. The defined using the tag as shown in the serviceCertificate below snippet.
• certificationvalidationmodeDefines how the client certificates would be authenticated.

Certification validation Mode	Description
Chain Trust	In this situation, the client certificate is validated against the root certificate.
Peer Trust	PeerTrust ensures that the public key portion of the certificate are in the Trusted People Certificate folder on the client ' s computer
Chainorpeertrust	This is just a OR condition for both chain and peer.

The above points is clubbed together and entered in the Web. config file of the WCF service.

Hide Copy Code

<ServiceCredentials><ClientCertificate><AuthenticationCertificatevalidationmode="PeerTrust "/></clientcertificate> Span class= "Code-keyword" ><servicecertificate  Findvalue= "wcfserver"  Storelocation= "currentuser"  Storename= "my" x509FindType< Span class= "Code-keyword" >= "findbysubjectname" /></ servicecredentials>       

Step 4:define Bindings

Now there we have defined our certificates and authentication type, we need to define that the authentication values would b  E sent through a message using certificates. You can see we had defined the with WsHttpBinding a message attribute specifying that the WCF client needs to send a certificate fo R validation.

Hide Copy Code

<Bindings><Wshttpbinding><BindingName="Wshttpendpointbinding "><Security> <message clientcredentialtype= "Certificate "/> < /security> </binding > </wshttpbinding></bindings>     

Step 5:tie up the bindings with the endpoint

Once done, we need to tie up this binding with the end point. This is do by using the bindingConfiguration tag as shown in the below code snippet.

Hide Copy Code

<Address= "binding="bindingconfiguration= "Contract= " Wcfservicecertificate.iservice1 ">         

Step 6:make your Web application client for consuming the WCF service

That's all we need from the WCF service perspective.  Compile the WCF service and reference it in the ASP. Web application using ' service reference '. Below is the code snippet where we have referenced the service and called the GetData function of the service.

Hide Copy Code

 using system; Using System.Collections.Generic; using system.linq; using system.web; using System.Web.UI; using System.Web.UI.WebControls; using Webconsumer.servicereference1; namespace webconsumer{public  Partial class _default:system.web.ui.page{protected void Page_Load (object sender, EventArgs e) {service1client obj = new service1client (); Response.Write (obj. GetData (12)); }}} 

Now if you try to run the client, i.e., the Web application, as it was, you should get an error as shown below. The error clearly indicates you can not use the WCF service until you provide the client certificate.

Step 7:define The certificates in the WCF client

Let's start the process of defining certificates in the WCF client. We have defined the authentication certification mode and the path of the the certificate, the same mode we need to de Fine it for the WCF client. You can see we had defined the authentication mode as and peertrust we have specified the client certificate name as WcfClient .

Hide Copy Code

<Behaviors><Endpointbehaviors><BehaviorName="Custombehavior "><ClientCredentials><ClientCertificateFindvalue="WCFClient "X509FindType="Findbysubjectname "Storelocation="CurrentUser "StoreName="My "/><Servicecertificate><AuthenticationCertificatevalidationmode= "peertrust" / > </ Servicecertificate> </< Span class= "Code-leadattribute" >clientcredentials> < /behavior> </endpointbehaviors></ Behaviors>           

Step 8:tie up the behavior with the end point on the WCF client

We need to tie up the above defined behavior and the end point.  You can see we had bound the behavior using the property behaviorConfiguration . We also need to specify that the DNS value would be WcfServer which is your server certificate name.

Hide Copy Code

<Client><EndpointAddress="Http://localhost:1387/Service1.svc "Binding="Wshttpbinding "Bindingconfiguration="Wshttpbinding_iservice1 "Contract="Servicereference1.iservice1 "Name="Wshttpbinding_iservice1 "Behaviorconfiguration="custombehavior "> <identity> <dns value=" wcfserver "/> </identity > </endpoint>< /client>   

Step 9:enjoy your hard work

Once We are do, you can run the ASP. NET Web app and you should see the below display.

Download Code

You can download both the server and client code from here.

Nine Simple steps to enable the certificates on WCF