.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Certificates in WCF

Posted By:      Posted Date: September 06, 2010    Points: 0   Category :WCF
I have to set up some services in WCF based on certificates authentication. I create a service (MyService1) with self signed certificate for service and client. What i want to know is "whether i should create a service per service or use the same service and client certificate for all my services". I understanding is that if I use the same certificate then all my client can use the same service to access all services data. Is this right? Should I create a service and client certificate per service I host? Thanks in advance.  

View Complete Post

More Related Resource Links

Secure Sockets Layer: Protect Your E-Commerce Web Site with SSL and Digital Certificates


Security is one of the most important factors in the future growth of e-businesses. Making sure that communications remain secure between customers and the Web server is a critical issue. Secure Sockets Layer (SSL) is the standard that secure Web sites are built upon today. This article presents an overview of SSL-based Web security, explaining such fundamental concepts as digital certificates and their distribution, encryption, and the proper configuration of Microsoft Internet Information Services (IIS). Acquiring a certificate, installing it, and configuring IIS for SSL are outlined in a step-by-step process.

John Papa

MSDN Magazine April 2001

SQL Server 2008 R2 Express + Wildcard Certificates

Note: Cross-posted from my question at ServerFault: http://serverfault.com/questions/176595/sql-server-2008-r2-express-wildcard-ssl-certificate (Not trying to be a jerk, just think I might get a better response here.) --- Wildcard certificates (for example, *.example.com) simply did not work in SQL Server 2008 or lower. But Encrypting Connections to SQL Server on MSDN states, plain as day, that SQL Server 2008 R2 supports wildcards certificates. Excellent. So I set up SQL Server 2008 R2 Express on a machine, and I configure the HKLM\SOFTWARE\Microsoft\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQLServer\SuperSocketNetLib\Certificate entry to the thumbprint of my wildcard SSL certificate (because in five years of dealing with SQL server, I have never gotten that #$@# dialog in Sql Server Configuration to display any certificates). The SQL Server log then tells me that this went over quite well: 2010-08-31 11:46:04.04 Server The certificate [Cert Hash(sha1) "5DDD9E51B30E0CA6CE3656AE54EC6D0B8B75904A"] was successfully loaded for encryption. Unfortunately, if I attempt to use Microsoft SQL Server Management Studio (the 2008 R2 version) or the Sql* classes provided in the .NET Framework 4.0, I always receive the following exception: A connection was successfully established with the server, but then an error occurred during the pre-login handshake. (provider: SSL

Using ONLY User Certificates for SharePoint 2010 Authentication/Authorization

  Hello, I am relatively new to SharePoint, and was wondering how I can accomplish using only user certificates to authenticate (and eventually authorize) access to the SharePoint 2010 Server (not just IIS). My Environment currently looks like this:  - SharePoint is SSL-enabled - User Browser Certificates (generated using OpenSSL) successfully authenticate to the IIS Server - SharePoint uses Basic Authentication (user/password based on AD credentials) I need to: - Authenticate the user to SharePoint using the User Certificate from my browser (in other words, no password authentication to access the SharePoint website, but use the certificate that was used by iis to be able to log into SharePoint) I am assuming I must use some sort of claims-based authentication.  Ideally, I would like to use ONLY the certification itself as a source of Authorized Repository for authentication. However, I am also open to having the user certificate be linked to Active Directory users as well.  I have done some research on this but am still lost as to how to approach this problem. Is there anyone that has done this or can assist me in getting this to work? Any help would be greatly appreciated. Thanks!  

WCF Message Security using Certificates

I am new to wfc programming and trying to understand security aspects ('message' using certificates). I am using windows 7 and visual studio 2010. I have a few questions about how I have implemented wfc. I have a win forms app that will talk over the web to a wfc service. I need to make sure the message is encrypted enroute. This is an admin application and will be used only by me. I created certificates on my Dev machine and edited the web.config and app.config. This works. The problem is when I right click the service reference and select update service refernce, the app.config is overwritten. The identity element is removed and behior ref is removed  and now the app will not connect to the service any more. I am including my web.config and app.config (before and after updating svc ref) below. Please advice me on what I am doing wrong. Also please let me know if this is the right way to do it. While creating the certificates I wasnt prompted for any passwords, not sure why. Can I use this type of certificate eventually when I go live ? what are the risk if this is not advisable ? Thanks in advance for you help. certificate creation and installation //server makecert.exe -sr CurrentUser -ss My -a sha1 -n CN=TradeService -sky exchange -pe certmgr.exe -add -r CurrentUser -s My -c -n TradeService -r CurrentUser -s TrustedPeople    //client makecert.exe -sr Cu

SSL Certificates and Naming

Hello, I have a server that I will call machine01 (specified in -> my computer | properties | name tab).  I refer to this machine as machine01.mydomain.com using a DNS service externally and internally.  I use this full name machine01.mydomain.com to connect to SQL Server.  I wanted to setup an SSL connection and purchased a certificate with the common name = machine01.mydomain.com and have been trying to get it to work for several days.  For everything I try, I can't get the certificate to show up in the drop down in SQL Server Configuration Manager | Protocols for MSSQLSERVER | Properties | Certificate Tab | Certificate.  Is my issue that I should have used machine01 as my common name in my SSL request?  If it is, can I get a certificate assigned to just machine01 and it will work with remote SQL Server connections to machine01.mydomain.com?  Is there a way to make a machine01.mydomain.com certificate work?  Hopefully someone out there has dealt with this before and can give me some much needed advice.  I have read some posts online that kind of talk about this issue, but I haven't seen a real definitive answer or solution that has worked for me.  Thank you very much in advance, George

How can a C# client app list the authorized CA certificates sent by a web server over an SSL connect

Hello, I am currently writting a C# client application that must access a web page over SSL authentication, having the Client authentication required. I know that the SSL protocol defines that the web server sends the list of authorized Certification Authority that the web server can trust for the SLL session to be successful. My client application has to filter a X509Certificate collection in order to popup a Certificate Selection dialog box to the user. I fould like to only display certificates that the web server would accept. I already have filtered the certificates according to the "Client Authentication" Enhanced Key Usage and other stuf. I know how to set the client certificate to be used for SLL conection, but I just would like to access the CA cert list provided by the server.   Could someone help me ? Thanks a lot !

Using Impersonation or Certificates Across Linked Servers

We are trying to isolate the custom reporting stored procedures from our third-party SQL Server database ("SourceData" database) by placing all of those procedures in a separate database ("MyReporting" database) on a separate server. In addition, and most critically, I am trying to prevent all ad-hoc reporting (MS Access, Excel, developers) against the third-party database. To accomplish this, I grant permission to a specific user to execute a stored proc in the reporting database and then the stored proc accesses the data in the third-party database either by impersonation using EXECUTE AS or by certificates (following the model described in this MSDN article: http://msdn.microsoft.com/en-us/library/ms188304(SQL.90).aspx). However, as soon as I try to implement this model across multiple servers using Linked Servers, I am unsuccessful (with one unsatisfactory exception). As far as I can tell, I've tried every combination of option in the Linked Server setup. The unsatisfactory option it to map the reporting user to the "SourceDataID" user in the SourceData database. That works, however, that simply opens up the ability to perform ad-hoc reporting if a user connects to the reporting database since the Linked Server exposes all of the tables that the SourceDataID has access to.Below are diagrams describing how these models are setup:In this Imperso

WCF and certificates : "The client certificate is not provided."

Hi,I'm having a hard time to get certificates working with my WCF application and I keep getting the error: "The client certificate is not provided. Specify a client certificate in ClientCredentials."I am using a free trial certificate by Verisign and I have done the following things on a local XP Pro machine:VeriSign Trial Secure Server CA - G2 certificate is installed in the Personal => CerficatesVeriSign Trial Secure Server Root CA - G2 certificate is installed in the Trusted Root Certification Authorities => CertificatesI am using the following kind of binding configuration settings: *** Client web.config ******<binding name="CertificateBinding" maxReceivedMessageSize="4194304">          <security mode="Message">            <message clientCredentialType="Certificate" />          </security>        </binding><endpoint address="http://localhost/MyWcfApplication/Service1.svc"        binding="wsHttpBinding" bindingConfiguration="CertificateBinding"        contract="ServiceReference1.IService1" name=&qu

Installing .NET Framework 3.5 without checking certificates - Registry Key ?

Hallo, could you tell me, how to install .NET Framework 3.5 without checking certificates? For each check there should be access to the internet. But during installation I don't have access to the internet. We want to install automatically and in a very quick manner! EAMuecke  

Communicating with webservices using client certificates

We are facing an issue with our .NET (2.0) application consuming a Java web service that requires client certificates. Context     Java web service running on JBoss              requires a client certificate signed by internal CA (child of internal Root CA)              has a server certificate signed by the same internal CA for authenticating itself to a consumer       .NET 2.0 Windows Application (running on an XP workstation) consuming the above Java web service               XP workstation has a client certificate (signed by internal CA) is installed in the local machine personal store             XP workstation has the internal CA and internal Root CA installed in the local machine, trusted root certification authorities hive             Visual Studio 2005 debugger shows that the client certificate is successfully retrieved from the personal store and being attached to the web service proxy             however, exception is thrown at the point of invoking the web service method             exception is: The request was aborted: Could not create SSL/TLS secure channel.                  Appears from the trace log that the initial retrieval of client certificate from the local machine personal store is successful - ---------------------------------------------------------- System.Net Information: 0 : [7480] SecureChannel#16263241 - Attempting to restart the session using th

Custom UserNamePasswordValidator in Cassini without certificates and without HTTPS

Given the following requirements can't change: Services hosted in Cassini (when developing of course)- Cassini being the "ASP.NET Development Server" Only HTTP not HTTPS No certificates How can I get the service to use a custom UserNamePasswordValidator? I've tried all sorts of combinations of message and transport security, basic and ws HTTP bindings. I don't get any errors. The Validate() method of my UserNamePasswordValidator just never gets called. I just want something extremely simple that works with Cassini and doesn't require installing certificates or tweaking it to use HTTPS. Here are just some of the links I've already gone to and tried to fit into my requirements without success: http://msdn.microsoft.com/en-us/library/aa702565.aspx http://nayyeri.net/custom-username-and-password-authentication-in-wcf-3-5 Please do not reply with just a list of hyperlinks. Ideally, I'd like a working example.  

X509Certificate2 and PKCS12 certificates

I have a pkcs12 file that contains two certificates. I'm using X509Certificate2 class like this:X509Certificate2 cert = new X509Certificate2();cert.Import(fileBytes, pwd, X509KeyStorageFlags.DefaultKeySet);file is in byte array fileBytes.The problem is that I can't define which one of the two certs to import.Is there any way to import a specific certificate from the file?Thanks in advance.

How to sign a message using 2 client's X509 certificates?

Hi,   We have a requirement to sign each WCF message using two X509 certficiates: - company certificate - user certificate I have found out that I could achieve this using Supporting Credentials, but I am not sure how to set the certificates on the client's side. All examples that I found were using different types of credentials and were using these properties: - proxy.ClientCredentials.ClientCertificate - proxy.ClientCredentials.UserName.UserName   Any insight would be greatly appreciated.

Fighting with certificates: Access was not successfully obtained for the private key


HI all,

i work in company with many servers and Pcs for developers. Servers are win2003, PC developers Windows XP.

In a server Win2003 named preiis01, in preproduction environment, other people in company install a client certificate using any other user (unknown user for me) for logging in server preiis01.

I use my user "domainCompany\myuser" for log in server preiis01 (using Terminal Server, Remote Desktop for Windows XP).

in preiis01,

I execute mmc -> Snap in -> Certificates for Local Machine. In node -> Personal -> Certificates, I have seen the client certificate:

Issued To

Issued By
FNMT Clase 2 CA

In properties of certificate, I have seen thumbprint: "93 bc a4 ad 58 c9 3c af 8b eb 0b 2f 86 c7 9d 81 70 a6 c4 13"

Now, I execute this commands:


and I get this error:

FindPrivateKey failed for the following reason:
No certificates with key 'CN=ENTIDAD COMPANY SEGUROS GENERALES SA - CIF A93 - NOMBRE SURNAME1 NAME1' found in the store.

2.) FindPrivateKey My LocalMachine -t "93 bc a4 ad 58 c9 3c af 8b eb 0b 2f 86 c7

WCF service with multiple client certificates




How can I specify multiple client certificates for my service? I have a service with nettcpbinding hosted in IIS, which  will be consumed by multiple clients. Each client will be having its own certificate. I want that service should have a list of certificates of clients which are allowed to call it, for others it should fail. 


Service behavior configuration only allows one client certificate value, how can I specify multiple client certificates. My present service web.config is



wcf client authentication with certificates



For client authentication do i need to install the client certificate on server? Or on server i can just keep the thumprit string and and in my custom X509CertificateValidator, i can just check if the incoming certificate thumbprint is same as configured on server.


ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend