Post
Ask Question

WCF Message Security With Certificates

Sometimes, in a production environment, we need this kind of hosting due to some security reasons. To host a service through a program, we have to follow certain rules which make the process very easy.
 
I am not going to explain over here how to create certificates and import certificates. If you want to learn it, then refer to my earlier article.
 
Now, we are directly jumping to the problem statement. 
 
I am going to use these two certificates.
  1. Service Certificate
  2. Client Certificate
Note
Don't keep any service bindings in app.config.
 
Service Side Code 
  1. ServiceHost svcHost = new ServiceHost(typeof(SampleWCFServiceLibrary.Service1));  
  2.   
  3.                 NetTcpBinding binding = new NetTcpBinding();  
  4.                 binding.Security.Mode = SecurityMode.Message;  
  5.   
  6.                 binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;  
  7.                 svcHost.AddServiceEndpoint(typeof(SampleWCFServiceLibrary.IService1), binding, "net.tcp://127.0.0.1:8798/Service1");  
  8.   
  9.                 svcHost.Credentials.ServiceCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ServiceCert");  
  10.   
  11.                 svcHost.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ClientCert");  
  12.                 svcHost.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;  
  13.                 svcHost.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;  
  14.                 svcHost.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;  
  15.                 svcHost.Credentials.ClientCertificate.Authentication.MapClientCertificateToWindowsAccount = false;  
  16.   
  17.                 svcHost.Open();  
  18.                 Console.WriteLine("Service Hosted Sucessfully");  
Client Code
  1. NetTcpBinding binding = new NetTcpBinding();  
  2.                 binding.Security.Mode = SecurityMode.Message;  
  3.                 binding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate;  
  4.                 EndpointAddress _endpoint = new EndpointAddress(new Uri("net.tcp://127.0.0.1:8798/Service1"), EndpointIdentity.CreateDnsIdentity("ServiceCert"));  
  5.   
  6.   
  7.                 ServiceReference1.Service1Client svcClient = new ServiceReference1.Service1Client(binding, _endpoint);  
  8.                 // Specify a certificate to use for authenticating the client.  
  9.                 svcClient.ClientCredentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindBySubjectName, "ClientCert");  
  10.   
  11.                 // Specify a default certificate for the service.  
  12.                 svcClient.ClientCredentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.TrustedPeople, X509FindType.FindBySubjectName, "ServiceCert");  
  13.                 svcClient.ClientCredentials.ServiceCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.None;  
  14.   
  15.                 svcClient.Open();  
  16.   
  17.                 Console.WriteLine("Service is opened for me");  
  18.   
  19.                 string fromService = svcClient.GetData(143);  
  20.                 Console.WriteLine(fromService);  
Next Recommended Reading Difference Between Transport and Message Level Security