Search code examples
.netwcfweb-servicescertificatewshttpbinding

help setting up wsHttpBinding WCF service on .net

I'm trying to host a WCF service with wsHttpBinding. I created a certificate using makecert and put some lines in web.config.

This is the error that I'm getting:

System.ArgumentException: The certificate 'CN=WCfServer' must have a private key that is capable of key exchange. The process must have access rights for the private key.

On googling up it seems to be some issue with access rights on the certificate file. I used cacls to give read permission to NETWORK SERVICE and also my username but it didn't change anything.

I also went to security settings in the properties of the certificate file and gave full control to NETWORK SERVICE and my username. Again to no avail.

Can you guide me as to what the problem is and what exactly I need to do? I'm really flaky with these certificate things.

Here's my web.config:

<system.serviceModel>

<services>
        <service name="Abc.Service" behaviorConfiguration="Abc.ServiceBehavior">
            <endpoint address="" binding="wsHttpBinding" bindingConfiguration="Abc.BindConfig" contract="Abc.IService">
                <identity>
                    <dns value="localhost"/>
                </identity>
            </endpoint>
            <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange"/>
        </service>
    </services>

<behaviors>
    <serviceBehaviors>
        <behavior name="Abc.ServiceBehavior">
            <serviceMetadata httpGetEnabled="true"/>
            <serviceDebug includeExceptionDetailInFaults="false"/>

            <serviceCredentials>
                <clientCertificate>
                  <authentication certificateValidationMode="PeerTrust"/>
                </clientCertificate>
                <serviceCertificate findValue="WCfServer" storeLocation="CurrentUser" storeName="My" x509FindType="FindBySubjectName" />
            </serviceCredentials>

        </behavior>
    </serviceBehaviors>
</behaviors>

<bindings>
  <wsHttpBinding>
    <binding name="Abc.BindConfig">
      <security mode="Message">
        <message clientCredentialType="Certificate" />
      </security>
    </binding>
  </wsHttpBinding>
</bindings>

</system.serviceModel>
Solution

  • Ok.. I figured out what the problem was. When using makecert to create the certificate, the -pe option must be used which makes the generated private exportable so that it can be used in the certificate. The problem was the makecert bundled with vs2008 is version 5.131 which does not have a -pe option. I found version 6.0 in microsoft sdk 6 which has the option.

    This is the biggest problem I find as a beginner in .net. There are so many non-compatible versions of the same thing and when you look up stuff on the internet you don't know which version someone's talking about.