This project is read-only.

How to Create a Proxy for IIS Hosted Service with Certificate Authentication and Transport Security

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Use the following steps to create a proxy to a service hosted in IIS that requires certificate authentication and transport security:
  1. Create a new wsHttpBinding endpoint that on the service that implements IMexdataExchange and uses a binding configuration with certificate authentication type
<services>
   <service behaviorConfiguration="returnFaults" name="MyService">
      <endpoint binding="wsHttpBinding" bindingConfiguration=""
        name="wsHttpEndpoint" contract="IService" />
*      <endpoint address="mex" binding="wsMexHttpBinding"* 
*        bindingConfiguration=""*
*        name="mexEndpoint" contract="IMetadataExchange" />*
    </service>
</services>…
  1. Create a svcutil.exe.config file on the client with configuration pointing to the certificate used to authenticate the service. The endpoint should have the contract with IMetadataExchange type and will point to a binding configuration with certificate authentication.
<configuration>
  <system.serviceModel>
    <client>
      <endpoint behaviorConfiguration="ClientCertificateBehavior" 
	binding="wsHttpBinding"
        bindingConfiguration="Binding1" contract="IMetadataExchange" 
	  name="https" />
    </client>
    <bindings>
      <wsHttpBinding>
        <binding name="Binding1">
          <security mode="Transport">
            <transport clientCredentialType="Certificate" />
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>
    <behaviors>
      <endpointBehaviors>
        <behavior name="ClientCertificateBehavior">
          <clientCredentials>
            <clientCertificate *findValue="CN=clienttempcert"* 
		*storeLocation="CurrentUser"*
*              storeName="My"* 
		x509FindType="FindBySubjectDistinguishedName" />
          </clientCredentials>
        </behavior>
      </endpointBehaviors>
    </behaviors>
  </system.serviceModel>
</configuration>
  1. Copy svcutil from C:\Program Files\Microsoft Visual Studio 8\Common7\IDE to the same location where svcutil.exe.config was created on the client and run the command svcutil serviceurl

Additional Resources

Last edited Jun 13, 2008 at 9:17 PM by prashantbansode, version 1

Comments

No comments yet.