Message Security using Certificate Client Credential in WCF

Written By:- Isha Malhotra

In this article I am explaining how to achieve message security using certificate client credential. In my last article I described the message security using user name client credential.

Following are the implementation of message security using Certificate Client Credential:-

Go to the IIS Server by typing inetmgr in run

Click on server certificate

message security in wcf

After opening the server certificate on right panel select the create self-signed certificate

server certificate

Now certificate creation window will be opened. Give a proper name to the certificate and click ok. 

		self signed server certificate
		
		Figure 3

Now create a WCF service. Go to visual studio->New->Website->Wcf Service

Make changes in your web configuration file. Add following binding tag in system.sevicemodel tag. In binding tag add message security and client credential as certificate 

		
		<bindings>
      <wsHttpBinding>
        <binding>
          <security mode="Message">
            <message clientCredentialType="Certificate"></message>
          </security>
        </binding>
      </wsHttpBinding>
    </bindings>

now add behaviour tag inside the service behaviour tag and the certificate detail in it which you have created on IIS in the beginning. 

		
		<behaviors>
      <serviceBehaviors>
        <behavior>
          <serviceCredentials>
            <serviceCertificate storeLocation="LocalMachine" findValue="isha" storeName="My" x509FindType="FindByIssuerName"/>
          </serviceCredentials>
          <!-- To avoid disclosing metadata information, set the values below to false before deployment -->
          <serviceMetadata httpGetEnabled="true" httpsGetEnabled="true"/>
          <!-- To receive exception details in faults for debugging purposes, set the value below to true.  Set to false before deployment to avoid disclosing exception information -->
          <serviceDebug includeExceptionDetailInFaults="false"/>
        </behavior>
      </serviceBehaviors>
    </behaviors> 
Now add service tag 
<services>
      <service name="Service">
        <endpoint address="" binding="wsHttpBinding" contract="IService"/>
      </service>
    </services>

Now execute the program

Now create the client and add service reference and pass client credential with all the detail of certificate. 

		
	using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {
        


ServiceReference1.ServiceClient svc = new ServiceReference1.ServiceClient();
      
     svc.ClientCredentials.ClientCertificate.SetCertificate(System.Security.Cryptography.X509Certificates.StoreLocation.LocalMachine, System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.X509FindType.FindByIssuerName, "isha");

        Response.Write(svc.GetData());
    }
}

Now execute the code