This project is read-only.

How to Create a Proxy for IIS Hosted Service with Certificate Authentication and Transport Security

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use the following steps to create a proxy to a service hosted in IIS that requires certificate authentication and transport security:
  1. Create a new wsHttpBinding endpoint that on the service that implements IMexdataExchange and uses a binding configuration with certificate authentication type
   <service behaviorConfiguration="returnFaults" name="MyService">
      <endpoint binding="wsHttpBinding" bindingConfiguration=""
        name="wsHttpEndpoint" contract="IService" />
*      <endpoint address="mex" binding="wsMexHttpBinding"* 
*        bindingConfiguration=""*
*        name="mexEndpoint" contract="IMetadataExchange" />*
  1. Create a svcutil.exe.config file on the client with configuration pointing to the certificate used to authenticate the service. The endpoint should have the contract with IMetadataExchange type and will point to a binding configuration with certificate authentication.
      <endpoint behaviorConfiguration="ClientCertificateBehavior" 
        bindingConfiguration="Binding1" contract="IMetadataExchange" 
	  name="https" />
        <binding name="Binding1">
          <security mode="Transport">
            <transport clientCredentialType="Certificate" />
        <behavior name="ClientCertificateBehavior">
            <clientCertificate *findValue="CN=clienttempcert"* 
*              storeName="My"* 
		x509FindType="FindBySubjectDistinguishedName" />
  1. Copy svcutil from C:\Program Files\Microsoft Visual Studio 8\Common7\IDE to the same location where svcutil.exe.config was created on the client and run the command svcutil serviceurl

Additional Resources

Last edited Jun 13, 2008 at 9:17 PM by prashantbansode, version 1


No comments yet.