Quantcast
Channel: Security
Viewing all articles
Browse latest Browse all 1881

Unable to setup client certificate authentication between two IIS applications

$
0
0

Hello,

I have two WCF applications that are deployed to IIS 8 on different machines. I am trying to setup client certificate authentication to authenticate the first application when invoking the rest services of the second application. I have followed many step-by-step guides online to do the setup for both applications. I have resolved many errors during setup but now I am stuck with a new issue anbd I can't seem to a find a solution for the problem anywhere online. 

The error is:

[HttpException (0x80004005): The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was ''.]

Step-by-step guide:

https://blogs.msdn.microsoft.com/asiatech/2014/02/12/how-to-configure-iis-client-certificate-mapping-authentication-for-iis7/

http://blogs.iis.net/rlucero/iis-7-walkthrough-one-to-one-client-certificate-mapping-configuration

Client Web Config

<webHttpBinding>

        <binding name="WebHttpBinding_Meniga" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="52428800" maxReceivedMessageSize="65536000" maxBufferSize="65536000" useDefaultWebProxy="true" allowCookies="false" transferMode="StreamedRequest">

          <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="4096" maxNameTableCharCount="16384000" />

           <security mode="Transport">

<transport clientCredentialType="Certificate" />

     </security>

        </binding>

      </webHttpBinding>

<behaviors>

      <endpointBehaviors>

        <behavior name="LoggingBehaviourConfiguration">

          <parameterLogger />

 <clientCredentials>

<clientCertificate findValue="datapower.rest.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </clientCredentials>

        </behavior>

        <behavior name="NoLoggingBehaviourConfiguration">

          <parameterLogger />

 <clientCredentials>

<clientCertificate findValue="datapower.rest.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </clientCredentials>

        </behavior>

        <behavior name="LoggingBehaviourRestConfiguration">

          <menigaWebHttp />

          <parameterLogger />

 <clientCredentials>

<clientCertificate findValue="datapower.rest.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </clientCredentials>

        </behavior>

        <behavior name="NoLoggingBehaviourRestConfiguration">

          <menigaWebHttp />

          <parameterLogger />

 <clientCredentials>

<clientCertificate findValue="datapower.rest.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </clientCredentials>

        </behavior>

Server Web Config

<webHttpBinding>

        <binding name="WebHttpBinding_Meniga" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard" maxBufferPoolSize="52428800" maxReceivedMessageSize="65536000" useDefaultWebProxy="true" allowCookies="false" transferMode="StreamedRequest">

         <readerQuotas maxDepth="32" maxStringContentLength="81920000" maxArrayLength="16384000" maxBytesPerRead="4096" maxNameTableCharCount="16384000" />

          <security mode="Transport">

<transport clientCredentialType="Certificate" />

 </security>

        </binding>

      </webHttpBinding>

<serviceBehaviors>

        <behavior name="MenigaServices.DefaultBehavior">

          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="true" />

          <errorHandler />

          <auditErrorHandler />

 <serviceCredentials>

<clientCertificate>

<authentication certificateValidationMode="PeerTrust" />

</clientCertificate>

<serviceCertificate findValue="stcdevmng51.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </serviceCredentials>

        </behavior>

        <behavior name="Meniga.Runtime.RuntimeServiceBehavior">

          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="true" />

          <errorHandler />

 <serviceCredentials>

<clientCertificate>

<authentication certificateValidationMode="PeerTrust" />

</clientCertificate>

<serviceCertificate findValue="stcdevmng51.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </serviceCredentials>

        </behavior>

        <behavior name="">

          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true" />

          <serviceDebug includeExceptionDetailInFaults="false" />

 <serviceCredentials>

<clientCertificate>

<authentication certificateValidationMode="PeerTrust" />

</clientCertificate>

<serviceCertificate findValue="stcdevmng51.dev.can" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" />

 </serviceCredentials>

        </behavior>

      </serviceBehaviors>

[HttpException (0x80004005): The HTTP request is unauthorized with client authentication scheme 'Anonymous'. The authentication header received from the server was ''.]


Viewing all articles
Browse latest Browse all 1881

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>