WCF X.509 Certificate verification

Create a certificate:

 
Makecert.exe-Sr currentuser-SS my-A sha1-N Cn = wcfserver-sky exchange-PE
 

1. server side:

System. servicemodel>
<Bindings>
<Wshttpbinding>
<Binding name = "mtombindingconfiguration" messageencoding = "MTOM" maxcompute edmessagesize = "1073741824" receivetimeout = "00:10:00">
<! -- <Security mode = "transport"> -->
<! -- <Transport clientcredentialtype = "certificate"> </Transport> -->
<Security>
<Message clientcredentialtype = "certificate"/>
</Security>
<Readerquotas maxarraylength = "1073741824" type = "regxph" text = "yourobjectname"/>
</Binding>
</Wshttpbinding>
</Bindings>
<Servicehostingenvironment aspnetcompatibilityenabled = "true"/>
<Services>
<Service behaviorconfiguration = "service. webservicebehavior" name = "service. WebService">
<Endpoint address = "" binding = "wshttpbinding" Contract = "iservice. iwebservice" bindingconfiguration = "mtombindingconfiguration">
<! -- <Endpoint address = "http: // localhost: 2397/WebService. SVC" binding = "wshttpbinding" Contract = "iservice. iwebservice" bindingconfiguration = "mtombindingconfiguration"> -->
</Endpoint>
</Service>
</Services>
<Behaviors>
<Servicebehaviors>
<Behavior name = "service. webservicebehavior">
<Servicemetadata httpgetenabled = "true"/>
<Servicedebug includeexceptiondetailinfaults = "true"/>
<Servicecredentials>
<Clientcertificate>
<Authentication certificatevalidationmode = "peertrust"/>
<! -- <Authentication customcertificatevalidatortype = "webservicehost. x509validation, webservicehost" certificatevalidationmode = "Custom"/> -->
</Clientcertificate>
<Servicecertificate findvalue = "dlrfidwebserviceserver" storename = "my" storelocation = "currentuser" x509findtype = "findbysubjectname"/>
</Servicecredentials>
</Behavior>
</Servicebehaviors>
</Behaviors>
</System. servicemodel>
<System. webserver>
<Modules runallmanagedmodulesforallrequests = "true"/>
</System. webserver>

Client:

 

<System. servicemodel>
<Bindings>
<Wshttpbinding>
<Binding name = "wshttpbinding_iwebservice" closetimeout = "00:01:00"
Opentimeout = "00:01:00" receivetimeout = "00:10:00" sendtimeout = "00:01:00"
Bypassproxyonlocal = "false" transactionflow = "false" hostnamecomparisonmode = "strongwildcard"
Maxbufferpoolsize = "524288" maxcompute edmessagesize = "65536" messageencoding = "MTOM"
Textencoding = "UTF-8" usedefawebwebproxy = "true" allowcookies = "false">
<Readerquotas maxdepth = "32" maxstringcontentlength = "8192" maxarraylength = "16384"
Maxbytesperread = "4096" maxnametablecharcount = "16384"/>
<Reliablesession ordered = "true" inactivitytimeout = "00:10:00"
Enabled = "false"/>
<Security mode = "message">
<Transport clientcredentialtype = "Windows" proxycredentialtype = "NONE"
Realm = ""/>
<Message clientcredentialtype = "certificate" negotiateservicecredential = "true"
Algorithmsuite = "default"/>
</Security>
</Binding>
</Wshttpbinding>
</Bindings>
<Client>
<Endpoint address = "http: // localhost: 2397/WebService. SVC" binding = "wshttpbinding"
Bindingconfiguration = "wshttpbinding_iwebservice" Contract = "WebService. iwebservice"
Name = "wshttpbinding_iwebservice" behaviorconfiguration = "custombehavior">
<Identity>
<Certificate encodedvalue = "Certificate + examples/9v6u1jzypakezvhur/Yla/xx9gk61r + lf4w/samples + sg241gtbc + samples/samples ="/>
</Identity>
</Endpoint>
</Client>
<Behaviors>
<Endpointbehaviors>
<Behavior name = "custombehavior">
<Clientcredentials>
<Clientcertificate findvalue = "dlrfidwebserviceserver" storename = "my" storelocation = "currentuser" x509findtype = "findbysubjectname"/>
<Servicecertificate>
<Authentication certificatevalidationmode = "peertrust"/>
</Servicecertificate>
</Clientcredentials>
</Behavior>
</Endpointbehaviors>
</Behaviors>

</System. servicemodel>

 

 Makecert-Sr localmachine-SS my-A sha1-N CN=Webabcd-sky exchange-PE
Certmgr-add-r localmachine-s my-C-N webabcd-s trustedpeople