Sign in to follow this  
Followers 0

WCF trying to bind to ssl in self host


5 posts in this topic

Posted

So I am pretty stuck here. I've always been able to host WCF apps with no problem over http. I can setup https WCF apps in IIS. But when I'm trying to use a self hosted https wcf app this has been nothing but a nightmare. I am running both the client and self hosted service on the same computer. Also, the service opens each time I run it with no errors. It's reported state is open. When I try to connect with the client (which is activating the service via channel factories) it crashes with the SSL/TLS error as described below. I've been at this for about 2 days now and can't get it to work :(

 

I have tried following several guides such as (but not limited to) the ones here: http://blogs.msdn.com/b/james_osbornes_blog/archive/2010/12/10/selfhosting-a-wcf-service-over-https.aspx as well as here: http://msdn.microsoft.com/en-us/library/ms733791.aspx. The first document I follow it to the letter and at the end when the author says "And that's it! now we can call the program and it will invoke the service" it doesn't. It gives me an error: "Could not establish trust relationship for the SSL/TLS secure channel".

 

So I tried a slightly different approach upon coming on to the second article. I tried to use an existing certification already listed for my server (which is stored under personal certifcations). I copied the thumbprint and registered it with the port creating my own app id. That didn't work so I thought well lets try to force the client certificate thumbprint on both the service and the client by specifying the client credentials and looking it up via thumbprint like so:

factory.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My,
                    System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "f80e16f75e805b951e6099979f6dcea56bce3273");
I still get the same results. What am I missing? Here is the code for both the service and the client.
 
Client:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ServiceModel;
using HttpsSelfHost;
 
namespace ConsoleApp4
{
    class Program
    {
        static void Main(string[] args)
        {
            string address = "https://localhost:8007/HelloWorldSvc";
            WSHttpBinding binding = new WSHttpBinding();
            binding.Security.Mode = SecurityMode.Transport;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
 
            try
            {
                ChannelFactory<IHelloWorldSvc> factory = new ChannelFactory<IHelloWorldSvc>(binding, address);
                factory.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My,
                    System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "f80e16f75e805b951e6099979f6dcea56bce3273");
                IHelloWorldSvc client = factory.CreateChannel();
                Console.WriteLine("Invoking service.");
                string str = client.HelloWorld();
                Console.WriteLine("Returned: {0}", str);
            }
            catch (Exception ex)
            {
                Console.WriteLine(ex.ToString());
            }
            Console.WriteLine("Press enter to quit.");
            Console.ReadLine();
        }
    }
}
Service:

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.ServiceModel;
 
namespace HttpsSelfHost
{
    class Program
    {
        static void Main(string[] args)
        {
            string address = "https://localhost:8007/HelloWorldSvc";
            WSHttpBinding binding = new WSHttpBinding();
            binding.Security.Mode = SecurityMode.Transport;
            binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Certificate;
            using (ServiceHost host = new ServiceHost(typeof(HelloWorldSvc)))
            {
                host.AddServiceEndpoint(typeof(IHelloWorldSvc), binding, address);
                host.Credentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My,
                    System.Security.Cryptography.X509Certificates.X509FindType.FindByThumbprint, "f80e16f75e805b951e6099979f6dcea56bce3273");
                host.Open();
 
                Console.WriteLine("Host is: {0}. Press enter to close.", host.State);
                Console.ReadLine();
                host.Close();
            }
        }
    }
}
 

Share this post


Link to post
Share on other sites

Posted

Good God today was the most embarrassing moment in my programming career. I finally figured out what the problem was. It was b/c the hash the server was using and my client hash was the same, just the client hash I put in was lower case, the server expected it to be upper case >< Good God can we please delete this thread?

Share this post


Link to post
Share on other sites

Posted

Nope; this'll be here to embarass you for life.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

On the plus side it means the code you posted here works and will be here for others.

 

We have all made those mistakes.  I've got some corkers.

1 person likes this

Share this post


Link to post
Share on other sites

Posted

As dumb as your mistake may be, someone is bound to run into the same problem some day and will be glad to find this information.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.