Search code examples
wcfsoapsslhttpswcf-security

WCF - Consuming SOAP Service Over HTTPS - Request Timeout

I have a WPF application, and I'm using WCF to consume a php webservice over Https, I've created a self-singed certificate on the server to test it and configured the client to use this certificate, but an exception appeared and tell me that I need to pass the client certificate also.

Actually I just want to secure the transmitted message, I don't need to authenticate the client, so how could I disable the client authentication.

I'm using security model "Transport" with clientCredentialType "Certificate" and .Net 3.5.

thanks in advance for opinions..

UPDATE

As I've mentioned, I don't need the service to verify the identity of the client so I have used Transport Security with an Anonymous Client instead of Transport Security With Certificate Authentication, the following is the client configurations:

<system.serviceModel>
<bindings>
  <wsHttpBinding>
    <binding name="bindingName" closeTimeout="00:0:04"
       openTimeout="00:00:04" receiveTimeout="00:00:04" sendTimeout="00:00:04"
       allowCookies="false" bypassProxyOnLocal="false" hostNameComparisonMode="StrongWildcard"
       messageEncoding="Text" textEncoding="utf-8"
       useDefaultWebProxy="true">
      <readerQuotas maxDepth="2147483647" maxStringContentLength="2147483647"> 
      <security mode="Transport">
        <transport clientCredentialType="None" proxyCredentialType="None" realm="" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>
<client>
  <endpoint address="https://myServer/myApp/myWebService"
    binding="wsHttpBinding" bindingConfiguration="bindingName"
    contract="xx.yy" name="zz">
  </endpoint>
</client>

Now the issue is: when I called the service a timeout error appears "The HTTP request to {My Service URL} has exceeded the allotted timeout".

Additional Info: The service worked fine over HTTP, the issues appear only when I moved to the HTTPS, and I can see the service WSDL if I open it through the internet browser, but the browse told me that there are insecure resources and I should enforce it to show me all resources in order to see the WSDL.

Solution

  • Probably your issue is:

    // Create the endpoint address. Note that the machine name
    // must match the subject or DNS field of the X.509 certificate
    // used to authenticate the service.

    So review your client config, and check certificate section findValue attribute to match you certificate's one.

    Like

    <clientCertificate findValue="contoso.com"
   storeLocation="CurrentUser"
   storeName="My"
   x509FindType="FindBySubjectName" />

    See more about Transport Security with Certificate Authentication.