Sachin Chitran

I am trying to use WsHttp binding with security mode as Transport and ClientCredentialType as Certificate. In the service behavior I have Https enabled. IIS is configured to use the certificate.

When I try to browse the service from IIS with anonymous access enabled, I am able to browse. If I turn off the anonymous access (which is what i want), then I am getting this error

Could not establish trust relationship for the SSL/TLS secure channel with authority 'localhost'.

To use certificates with Transport/Message security mode, should I have the anonymous access How do i prevent using anonymous access with Certificate

Any help is appreciated.

Thanks

Sachin



Re: Windows Communication Foundation (Indigo) Anonymous Access

Hongmei Ge - MSFT

Hi Sachin,

Thanks for your question!

There are modes in WCF security: Transport, Message, and TransportWithMessageCredential

It sounds like from your email that you need the TransportWithMessageCredential. Can you try that instead of the Transport from your web service's configuration

Hope it helps!

hongmei





Re: Windows Communication Foundation (Indigo) Anonymous Access

Sachin Chitran

Hi,

I tried with TransportWithMessageCredential also. It doesnt work.

Sachin





Re: Windows Communication Foundation (Indigo) Anonymous Access

Regis Baccaro

Hi,

have you checked your certificate and the validation path, is it all right (no exclamation marks on the icon)

Regards

Regis Baccaro





Re: Windows Communication Foundation (Indigo) Anonymous Access

Sachin Chitran

I checked the certificate and the path (no exclamation marks on the icon). Any other configurations

Also, in IIS I cannot enable "Integrated Windows" or "Basic" if I am using certificate. So should I leave the anonymous access checked





Re: Windows Communication Foundation (Indigo) Anonymous Access

Kurt De Kempeneer

Hi,

Yes, Anonymous access should always be allowed in order to WCF to function properly. The idea is that the WCF Service should be as much decoupled from its host as possible.

Regards,

Kurt.





Re: Windows Communication Foundation (Indigo) Anonymous Access

Anandan

Kurt,

If i am hosting my service in IIS and using certificates for authentication with anonymous access checked, then will the access be restricted

For the clients who don't pass the right certificate will be access be restricted or since anonymous is checked, will all the clients be able to access my web service

Also, if i self host my service, will this make any difference with certificate authentication

Thanks

Anandan





Re: Windows Communication Foundation (Indigo) Anonymous Access

Kurt De Kempeneer

Hi Anandan,

The access will be restricted to users who target your webservices with the right certificate, however I believe you should try this out. I suppose it won't be to hard to do so-> you want to be sure about this issue.

I didn't really tested this with certificates, but with Clientcredentialtype 'UserName'

Normally, self-hosting your service shouldn't make any difference, however you should simply try it out to.

Regards,

Kurt.