Search code examples
wcfsslhttpscertificate

WCF Self hosted REST server (https) keeps asking for client authentication

I created a self hosted WCF REST server (w/o IIS). When I enable SSL support, I am keep asked for a Client Certification when I test the site in Chrome.

Below is my app.config of which I believe I disabled the client authentication. Is there anything that I am missing here?

photo : Chrome asking for client certificate

App.config code :

 <system.serviceModel>
<services>
  <service behaviorConfiguration="ADConnectorLibrary.Service1Behavior" name="ADConnectorLibrary.ADConnectorLibrary">
    <endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttpTransportSecurity" behaviorConfiguration="web" contract="ADConnectorLibrary.IADConnectorLibrary" >
    </endpoint>
    <endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
    <host>
      <baseAddresses>
        <add baseAddress="https://ADDRESS:8888/ADConnectorLibrary/"/>
      </baseAddresses>
    </host>
  </service>
</services>
<behaviors>
  <serviceBehaviors>
    <behavior name="ADConnectorLibrary.Service1Behavior">
      <serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="False"/>
      **<serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="None" />
        </clientCertificate>
      </serviceCredentials>**
    </behavior>
  </serviceBehaviors>
  <endpointBehaviors>
    <behavior name="web">
      <webHttp/>
    </behavior>
  </endpointBehaviors>
</behaviors>
<bindings>
  <webHttpBinding>
    <binding name="webHttpTransportSecurity">
      <security mode="Transport">
        **<transport clientCredentialType="None" />**
      </security>
    </binding>
  </webHttpBinding>
</bindings>

Solution

  • The only thing you need to do is disable the SSL setting when hosting the service in IIS. enter image description here enter image description here

    On my side, I create a console application to host the service and bind the sslcert to the specified port with the following command. when the client calls it via browser, it does not pop up a dialog box and prompted me to select the client certificate.

    netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}

    Maybe we don't need to open the support client certificate,or disable it.

    clientcertnegotiation=disable

    Here is the official document, wish it is useful to you.
    https://learn.microsoft.com/en-us/windows/desktop/http/add-sslcert
    https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate

    Feel free to let me know if there is anything I can help with.