I'm working on a service based project and I'm trying to implement a level of security on my service (I.E. Authentication). My service is implemented using WCF technology.
I'm using WSHttpBinding and Message Security Mode like this:
Code:
<wsHttpBinding>
<binding name="wsHttpEndpointBinding">
<security mode="Message">
<message clientCredentialType="UserName" />
</security>
</binding>
</wsHttpBinding>
I would like to use "Membership Provider" for authentication like this:
Code:
<membership defaultProvider="MySqlMembershipProvider">
<providers>
<clear/>
<add name="MySqlMembershipProvider"
connectionStringName="MyLocalSQLServer"
applicationName="IspUtil"
type="System.Web.Security.SqlMembershipProvider"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed" />
</providers>
</membership>
The service Behavior configuration is set like the following:
Code:
<serviceCredentials>
<serviceCertificate findValue="CN=RezaCert" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectDistinguishedName" />
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="MySqlMembershipProvider" />
</serviceCredentials>
I created my certificate under common name of "RezeCert". Everything is fine as far as the client and server is on the same machine. But when I try to deploy it on separate client and server machines, the following exception raises:
An unsecured or incorrectly secured fault was received from the other party. See the inner FaultException for the fault code and detail.
Inner Exception is
An error occurred when verifying security for the message.
Any reply to the following questions will be appreciated:
1. Why do I get the exception above?
2. Is it possible to run it in real environment without obtaining a valid certificate (using my test certificate)?
3. Should I set any specific configuration in IIS --> Security tab?
Reply With Quote
Bookmarks