I created a self hosted WCF REST server (w/o IIS). When I enable SSL support, I am keep asked for a Client Certification when I test the site in Chrome.
Below is my app.config of which I believe I disabled the client authentication. Is there anything that I am missing here?
photo : Chrome asking for client certificate
App.config code :
<system.serviceModel>
<services>
<service behaviorConfiguration="ADConnectorLibrary.Service1Behavior" name="ADConnectorLibrary.ADConnectorLibrary">
<endpoint address="" binding="webHttpBinding" bindingConfiguration="webHttpTransportSecurity" behaviorConfiguration="web" contract="ADConnectorLibrary.IADConnectorLibrary" >
</endpoint>
<endpoint address="mex" binding="mexHttpsBinding" contract="IMetadataExchange"/>
<host>
<baseAddresses>
<add baseAddress="https://ADDRESS:8888/ADConnectorLibrary/"/>
</baseAddresses>
</host>
</service>
</services>
<behaviors>
<serviceBehaviors>
<behavior name="ADConnectorLibrary.Service1Behavior">
<serviceMetadata httpGetEnabled="false" httpsGetEnabled="true"/>
<serviceDebug includeExceptionDetailInFaults="False"/>
**<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="None" />
</clientCertificate>
</serviceCredentials>**
</behavior>
</serviceBehaviors>
<endpointBehaviors>
<behavior name="web">
<webHttp/>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<webHttpBinding>
<binding name="webHttpTransportSecurity">
<security mode="Transport">
**<transport clientCredentialType="None" />**
</security>
</binding>
</webHttpBinding>
</bindings>
The only thing you need to do is disable the SSL setting when hosting the service in IIS.
On my side, I create a console application to host the service and bind the sslcert to the specified port with the following command. when the client calls it via browser, it does not pop up a dialog box and prompted me to select the client certificate.
netsh http add sslcert ipport=0.0.0.0:8000 certhash=0000000000003ed9cd0c315bbb6dc1c08da5e6 appid={00112233-4455-6677-8899-AABBCCDDEEFF}
Maybe we don't need to open the support client certificate,or disable it.
clientcertnegotiation=disable
Here is the official document, wish it is useful to you.
https://learn.microsoft.com/en-us/windows/desktop/http/add-sslcert
https://learn.microsoft.com/en-us/dotnet/framework/wcf/feature-details/how-to-configure-a-port-with-an-ssl-certificate
Feel free to let me know if there is anything I can help with.