.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
Gaurav Pal
Post New Web Links

How to setup WCF with wsHttpBinding, Transport Security with x509 certificate behind a load balancer

Posted By:      Posted Date: October 06, 2010    Points: 0   Category :WCF

I'm having a difficult time setting up this WCF Service with wsHttpBinding, Transport Security, x509 and, the key part, the Load Balancer (F5). This all works without a problem in our Dev environment but as soon as I put it behind the F5 it fails giving me this message:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'servicechannelcert'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Is there any additional setup I need to do in IIS or the Load Balancer to handle these requests?

configuration files:

<binding name="wsHttpTransport">
 <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647" maxArrayLength="2147483647"
  maxBytesPerRead="2147483647" maxNameTableCharCount="2147483647" />
 <security mode="Transport&

View Complete Post

More Related Resource Links

AJAX call is not working on F5 load balancer web farm setup

I have the following web farm setup in production server.Browser --> HTTPS --> Load Balancer --> HTTP --> webserver nodeF5 Load balancer handles off box SSL termination. It implies that SSL resides on F5 load balancer. Problem Statement: Ajax calls do not go through unless "Access data sources across domains" option is enabled in IE security settings. I have the similar setup in staging server except F5 Load balancer. The ASP.Net application makes perfect AJAX calls on both HTTP and HTTPS.However, the staging server web farm use windows NLB and SSL resides on individual web server nodes

WCF with wsHttpBinding and x509 Certificate - can I use VB/C# to connect with PHP?

We connect to a web service hosted by another company.  We send a customer's basic info to the service, and replies with rates/prices for that customer. I am a PHP guy -- started out playing with basic HTML, then delved into PHP about 8 years ago, and my entire web app is PHP with javascrtipt/ajax mixed in as needed.  I'm a learn-as-I-go guy. For the last two years, the service has been an aspx web service, which was easy -- just connect with PHP's SoapClient.  Now, the company hosting the service has changed it to WCF, and the binding is wsHttpBinding, and authentication is done via x509 certification. I've determined that PHP's SoapClient can't handle wsHttpBinding.  So my first roadblack - how the heck do I connect to this service?  I went as far as to install MS Visual Web Developer 2010 Express, and then I used svcutil.exe to create .config and .cs files for the service.  But understand, I've never written anything in C# or VB.  I've done a few little VBScripts in the past, and I can handle javascript... but I'm looking at these .config and .cs files and thinking, now what the heck do I do with these?? Basically, I just want to connect to this service using PHP and javascript.  But since it seems that's impossible (correct?), is there a way I can invoke a VB/C# operation from within my PHP script?  For ins

Web service security using X509 certificate


Dear All,

Am facing problem while consuming a java web service using WCF. below is the web.config and aspx.cs file details


Service request and response will be encrypted with certificate. when i run this below code am getting the error "The private key is not present in the X.509 certificate."

        <behavior name="TestClientCertificate">
            <clientCertificate storeLocation="CurrentUser" storeName="My"
                findValue="certificatename" x509FindType="FindByIssuerName"/>

Defining both transport and message security on a wsHttpBinding client



My customers requirement was to find a way of performing mutual authentication with ISA 2006 using WCF 3.5 and client certificates. I achieved this easily enough using a security mode of transport and defining a client certificate in the endpointbehavior. I had to jump through some hoops on the ISA as well.

The customer also has a requirement for message security at the service which is behind the ISA server.

I therefore need my service to only require message security but for the client to navigate both transport (for ISA) and message (for the service) security.

After a little reading I am not sure this is possible using out of the box bindings, particularly wsHttpBinding. Could someone confirm this?

Additionally, I have read that IF both transport and message security are defined using certificates, that it must be the same certificate. My question here would be, what bindings are there that allow both transport and message security and why must the same certificate be used for both?

Many thanks for any help you can give.


RSACryptoServiceProvider + smart card with X509 certificate = Bad Key.

Hello! I'm trying the interop with Java. The task: create  SHA1withRSA signature of the document hash with .NET CLR. The singer key is an X509 certificate from external CA, and this signer certificate is on the smart card. 1. First solution: the .NET CLR SignedCms class passes the document hash to the Windows CryptoApi (and to the smart card), and the result is a PKCS#7 message with the signature. This solution works well with smart card, but the requirement is only the "SHA1withRSA" signature of document hash, the PKCS#7  message will be created at Java side. 2. Second attempt, create only "SHA1withRSA" signature:             // choosing certificate from smart card             X509Certificate2 card = GetCertificate();             // this fails when certificate is on the smart card:             RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)card.PrivateKey;             // only the signed hash needed             byte[] signedHashValue1 = rsa.SignData(documentHash, new SHA1Managed()); The problem: the car

WPF Security + Certificate HELP - xbap

Hello everyone,   I got a problem with my current XBAP application. Everyone had no problem running my application until on person had the following error: <!-- [if gte mso 10]> <mce:style> * An exception occurred while determining trust. Following failure messages were detected:                         + User has refused to grant required permissions to the application.   Then I researched and found out I needed to set up a certificate and have them put it IE. However now the people that once had no problem need to install the certificate.   I was wondering how to revert the project so EVERYONE can run my application WithOut a certificate.   *This application requires full trust.   Can anyone please help me?  

Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtec

I have a windows service that runs on client machines and connects to a WCF service on a server.  This windows service seems to work fine on Windows XP, Vista and 7  machines, but when I try and run it on a Server 2008 R2 machine I get the following error: System.Configuration.ConfigurationErrorsException: An error occurred creating the configuration section handler for system.serviceModel/bindings: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'. (C:\Program Files (x86)\MyFolder\MyApp\MyAppWinSVC.exe.Config line 4) ---> System.TypeLoadException: Could not load type 'System.Security.Authentication.ExtendedProtection.Configuration.ExtendedProtectionPolicyElement' from assembly 'System, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089'.    at System.ServiceModel.Configuration.HttpTransportSecurityElement.get_Properties() I have the 3.5 sp1 feature installed. The only thing I have found online that is remotely similar is this MS hotfix: http://support.microsoft.com/kb/2262911 But when I try and apply it, it says that it isn't for my computer. Does anyone have any ideas how to resolve this issue?

Trying to setup the security

Because my new provider doesn't have SQL server, I have to connect to a MySql database. My connectiostring in the web.config =<connectionStrings> <add name="WAPMySQLConnStr" connectionString="Driver={MySQL ODBC 5.1 Driver};Server=MyServer;Database=MyDB;User=MyUser;Password=Myww;port=9999;" providerName="MySQL.Data.MySqlClient"/> </connectionStrings>When I go to ASP.net webconfigurationpage and go to security I get the following message: An exception occurred.I have really no idea what I'm doing wrong. Where do I have to search for?Thnx

Problem using Transport with certificate

Hi First I created a web service according to How to: Use Username Authentication with Transport Security in WCF Calling from Windows Formshttp://msdn.microsoft.com/en-us/library/ff649647.aspx Works fineThen I created a web service that uses client certificate authentication according toHow to: Use Certificate Authentication and Message Security in WCF Calling from Windows Formshttp://msdn.microsoft.com/en-us/library/cc948997.aspx But the later uses HTTP and not HTTPS so I wanted to change and I changed by binding (from the example above) to<bindings>      <wsHttpBinding>        <binding name="wsHttpEndpointBinding">          <security  mode="Transport">            <transport clientCredentialType="Certificate" />          </security>        </binding>      </wsHttpBinding></bindings>But now I get the errorThe SSL settings for the service 'SslRequireCert' does not match those of the IIS 'None'.I haved googled this but havn't found an answer.Is there a MSDN article on what I have to get http://msdn.microsoft

Transport level security with netTcpBinding

Does service and client need to be part of domain with netTcpBinding endpoint configured to used Transport security mode with Certificate based client credential type and protect level set to EncryptAndSign <bindings> <netTcpBinding> <binding name="CertificateWithTransport" maxBufferPoolSize="100000000" maxBufferSize="100000000" maxReceivedMessageSize="100000000" portSharingEnabled="true"> <readerQuotas maxDepth="100000000" maxStringContentLength="100000000" maxArrayLength="100000000" maxBytesPerRead="100000000" maxNameTableCharCount="100000000" /> <security mode="Transport"> <transport clientCredentialType="Certificate" protectionLevel="EncryptAndSign"/> </security> </binding> </netTcpBinding> </bindings> Thanks      -= JL =-

x509 - Client Certificate infrastructure for Asp.Net question

I dont have a lot of background with SSL and X509 configuration and support with my Asp.Net application, so I was wondering if someone can explain or point me in the right direction to MSDN or any other article or posting explaining if it's possible to do what I am looking to support in my environment.I have IIS 6.0 with SSL (Verisign cert) as well as "Require client certificates" working against a local installation of Microsoft Certificate Services, https://<domain>/certsrv, where users can request and install client certs (both xp clients for basic mode, and Vista/7 for advance mode).Here's what I am up against:I have a segment of users coming from a virtualized server environment where this environment does not store personal settings for more than 48 hours. It's not an internet cafe, but rather an actual business where their IT staff uses server images to reimage each virtual server in the farm every 48hrs. Thus losing all users data in the "Current Users" Certificate Stores.The IT staff give users a network folder share to store any personal items (docs, spreadsheets, links, etc.). The servers consist of Windows Server 2003, and will be migrating to Windows Server 2008 in the next 6-9 months.These users have rights in Internet Explorer to navigate to my certsrv site and use activex to to request and install certificates then clode and

Setup Error - Failed to load resources from resource file

I tried to install The Lord of the Rings Online, but it always gives me the message (translated in english) that i need to install Net Framwork v1.1.4322. "ok, that's no problem" i thought, but every time i try to install Net Framework (any version) there are errors when trying to install it. With the 1.1 setup, it tells me "Setup Error - Failed to load resources from resource file", the 2.0 setup tells me that it is already installed (o.O?) but i can't see it in the "uninstall programs" list and the 3.0 and 3.5 just won't start. Nothing happens. I tried to install Net framework 4.0 beta which works fine but LotRO keeps telling me the same error message (i think because version 1.1 isn't included in higher versions)I'm running Windows 7 32 bit Ultimate: 2GB Ram, Intel Core duo e6750, GeForce 8800 gts (512 mb)Please help me :)

System.TypeLoadException: Could not load type 'Microsoft.Office.Server.Security.LdapMembershipProvi

So this is odd, I am attempting to setup FBA with Sharepoint Foundation 2010 and i get the following Error: (from ULS log viewer): System.TypeLoadException: Could not load type 'Microsoft.Office.Server.Security.LdapMembershipProvider' from assembly 'Microsoft.Office.Server, Version=, Culture=neutral, PublicKeyToken=71e9bce111e9429c'. at System.RuntimeTypeHandle._GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark, Boolean loadTypeFromPartialName) at System.RuntimeTypeHandle.GetTypeByName(String name, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) at System.RuntimeType.PrivateGetType(String typeName, Boolean throwOnError, Boolean ignoreCase, Boolean reflectionOnly, StackCrawlMark& stackMark) at System.Type.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) at System.Web.Compilation.BuildManager.GetType(String typeName, Boolean throwOnError, Boolean ignoreCase) at System.Web.Configuration.ConfigUtil.GetType(String typeName, String propertyName, ConfigurationElement configElement, XmlNode node, Boolean checkAptcaBit, Boolean ignoreCase) and in IIS Logs: Exception information:     Exception type: ConfigurationErrorsException     Exception message: Could not load type 'Microsoft.Off

Is BasicHttpBinding/WSHttpBinding + Windows Authentication + Message Security possible without serve


Hi Folks,

I need to deploy a WCF service hosted in IIS 7.5 which has the following constrains:

1) Using Windows Authentication
2) No server or client certificate is needed
3) Using either BasicHttpBinding or WSHttpBinding
4) Using Message Security, so that it is not possible to monitor the communication maliciously. (I think Transport Security is not possible without server certificate)

Is it possible to fullfil the above requirements simultaneously? Thanks for the reply in advance. I'll appreciate it:)


Subscription email using Load Balancer IP address instead of host name



     How to configure reporting services instance to use load balancer IP address as part of the URL generation before sending subscription emails?

Example: We have 4 resporting service instances routed through a load balancer. When an email subscription is triggered, the reporting server generating reporting URL is using host name as part of the report server URL. Instead, we would like to use load balancer IP so that when a user click the URL received in an email, will be routed through load balancer instead of hitting directly the reporting server URL.

 Any pointers on this?




WCF with WSHttpBinding on NetScalar - Security negotiation Issue.


Hi Gurus,


We have a WCF Service with *wsHttpBinding* and consumed by our windows application. This application consumes other services (asmx) too.


In Production we deployed this WCF Service on 3 machines. Service is working perfectly when under software NLB for load balancing.


Recently, our production environment has changed the Load balancing technique with *Citrix NetScalar* for VMs.

wsHttpBinding with Windows Authentication and Message Security



I want to accomplish wsHttpBinding with Windows Authentication and Message Security. I've created a test service and deployed on Windows Server 2008 and IIS 7.5.

The virtual directory has been assigned a application pool running under custom account domain\username. Only
Windows Authentication is enabled on the virtual directory ( i DONT want anonymous access enabled).

I keep getting this error "Security settings for this service require 'Anonymous' Authentication but it is not enabled for the IIS application that hosts this service."

Below is my server config file. I've followed  instructions at http://msdn.microsoft.com/en-us/library/ff650619.aspx

        <binding name="NewBinding0">
          <security mode="Message">
            <transport clientCredentialType="Windows"></transport>

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend