Hi,I'm having great problems with using Net.TCP and Certificates. I have posted the problems in Technet but I hope that you could give me some advice how to proceed. I won't copy paste the thread here (though it doesnt matter to me if you answer here or in technet) , instead here is the link:
http://forums.microsoft.com/TechNet/ShowPost.aspx?PostID=3974771&SiteID=17
I hope you can help me!
I will put the problem description here also:
have created a BizTalk project, the receive port uses NetTcp, security mode is message and message client credentialtype is certificate.
Then I publish this receive port as WCF service with Biztalk WCF publishing wizard. In web.config I set the serviceSertificate to match with the certificate that I have given to receiveLocation in BizTalk.
When I do all this I get the service working, and I can get the reference to this service with svcutil. When I create a client with svcutil and I add the clientCertificate, I get an error:
The caller was not authenticated by the service.
So does anyone have an idea what I'm doing wrong?
Or could someone give me a step by step instructions how to do this right, I'm using Vista, IIS7 and BizTalk 2006 R2.
I think that this is a NetTcp issue, because this works fine if I use the same certificates with basicHttp.
These are my server side ans client side config:
Server
<?xml version="1.0" encoding="utf-8"?><!-- Note: As an alternative to hand editing this file you can use the web admin tool to configure settings for your application. Use the Website->Asp.Net Configuration option in Visual Studio. A full list of settings and comments can be found in machine.config.comments usually located in \Windows\Microsoft.Net\Framework\v2.x\Config --><configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"> <!-- The <configSections> section declares handlers for custom configuration sections. --> <configSections> <section name="bizTalkSettings" type="Microsoft.BizTalk.Adapter.Wcf.Runtime.BizTalkConfigurationSection, Microsoft.BizTalk.Adapter.Wcf.Runtime, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </configSections> <!-- The <bizTalkSettings> section specifies BizTalk specific configuration. --> <bizTalkSettings> <!-- mexServiceHostFactory debug: Set to "true" to launch debugger when MexServiceHostFactory.CreateServiceHost(...) is called by IIS. Used to debug from initial point of activation by IIS. Default value is "false" for normal operation. --> <mexServiceHostFactory debug="false"> <receiveLocationMappings> <!--add markupFileName="*.svc" receiveLocationName="?" publicBaseAddress="protocol://host[ort]" /--> <add markupFileName="Microsoft_Samples_BizTalk_WCFBasicHttpReceiveAdapter_BizTalkApp_DeliveryProcess_DeliveryRequestPort.svc" receiveLocationName="WcfService_Microsoft.Samples.BizTalk.WCFBasicHttpReceiveAdapter.BizTalkApp/Microsoft_Samples_BizTalk_WCFBasicHttpReceiveAdapter_BizTalkApp_DeliveryProcess_DeliveryRequestPort" publicBaseAddress="http://localhost/" /> </receiveLocationMappings> </mexServiceHostFactory> <!-- webServiceHostFactory debug: Set to "true" to launch debugger when WebServiceHostFactory.CreateServiceHost(...) is called by IIS. Used to debug from initial point of activation by IIS. Default value is "false" for normal operation. --> <webServiceHostFactory debug="false" /> <!-- isolatedReceiver disable: Set to "true" to skip IBTTransportProxy.RegisterIsolatedReceiver(...) and IBTTransportProxy.TerminateIsolatedReceiver(...) calls. Used for testing metadata exchange without having to setup receive location. Default value is "false" for normal operation. --> <isolatedReceiver disable="false" /> <!-- btsWsdlExporter disable: Set to "true" to skip adding BtsWsdlExporter behavior extension to service endpoint. Used for testing or comparing strongly-typed WSDL customization versus weakly-typed WSDL of generic WCF service. Default value is "false" for normal operation. --> <btsWsdlExporter disable="false" /> </bizTalkSettings> <appSettings /> <connectionStrings /> <system.web> <!-- Set compilation debug="true" to insert debugging symbols into the compiled page. Because this affects performance, set this value to true only during development. --> <compilation defaultLanguage="c#" debug="false"> <assemblies> <add assembly="mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089" /> <add assembly="Microsoft.BizTalk.Adapter.Wcf.Common, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> <add assembly="Microsoft.BizTalk.Adapter.Wcf.Runtime, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </assemblies> </compilation> <!-- The <authentication> section enables configuration of the security authentication mode used by ASP.NET to identify an incoming user. --> <authentication mode="Windows" /> <!-- The <customErrors> section enables configuration of what to do if/when an unhandled error occurs during the execution of a request. Specifically, it enables developers to configure html error pages to be displayed in place of a error stack trace. --> <!-- <customErrors mode="RemoteOnly" defaultRedirect="GenericErrorPage.htm"> <error statusCode="403" redirect="NoAccess.htm" /> <error statusCode="404" redirect="FileNotFound.htm" /> </customErrors> --> </system.web> <!-- The <system.serviceModel> section specifies Windows Communication Foundation (WCF) configuration. --> <system.serviceModel> <behaviors> <serviceBehaviors> <behavior name="ServiceBehaviorConfiguration"> <serviceDebug httpHelpPageEnabled="true" httpsHelpPageEnabled="false" includeExceptionDetailInFaults="false" /> <serviceMetadata httpGetEnabled="true" httpsGetEnabled="false" /> <serviceCredentials> <serviceCertificate findValue="41A1ED6BD18A4B3FDF37949D9A30537B732283AB" storeLocation="CurrentUser" storeName="My" x509FindType="FindByThumbprint" /> </serviceCredentials> </behavior> </serviceBehaviors> </behaviors> <services> <!-- Note: the service name must match the configuration name for the service implementation. --> <service name="Microsoft.BizTalk.Adapter.Wcf.Runtime.BizTalkServiceInstance" behaviorConfiguration="ServiceBehaviorConfiguration"> <endpoint name="HttpMexEndpoint" address="mex" binding="mexHttpBinding" bindingConfiguration="" contract="IMetadataExchange" /> <!--<endpoint name="HttpsMexEndpoint" address="mex" binding="mexHttpsBinding" bindingConfiguration="" contract="IMetadataExchange" />--> </service> </services> </system.serviceModel></configuration>
Client
<?xml version="1.0" encoding="utf-8"?><configuration> <system.serviceModel> <behaviors> <endpointBehaviors> <behavior name="NewBehavior"> <clientCredentials> <clientCertificate findValue="B2A988CC3B571C1B0E114C418BEDFA12D49F6E36" x509FindType="FindByThumbprint" /> </clientCredentials> </behavior> </endpointBehaviors> </behaviors> <bindings> <netTcpBinding> <binding name="NetTcpBinding_ITwoWayAsync" closeTimeout="00:01:00" openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00" transactionFlow="false" transferMode="Buffered" transactionProtocol="OleTransactions" hostNameComparisonMode="StrongWildcard" listenBacklog="10" maxBufferPoolSize="524288" maxBufferSize="65536" maxConnections="10" maxReceivedMessageSize="65536"> <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384" maxBytesPerRead="4096" maxNameTableCharCount="16384" /> <reliableSession ordered="true" inactivityTimeout="00:10:00" enabled="false" /> <security mode="Message"> <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign" /> <message clientCredentialType="Certificate" /> </security> </binding> </netTcpBinding> </bindings> <client> <endpoint address="net.tcp://ikvistapuntavil/WcfBasic" behaviorConfiguration="NewBehavior" binding="netTcpBinding" bindingConfiguration="NetTcpBinding_ITwoWayAsync" contract="Microsoft_Samples_BizTalk_WCFBasicHttpReceiveAdapter_BizTalkApp_DeliveryProcess_DeliveryRequestPort" name="NetTcpBinding_ITwoWayAsync"> <identity> <certificate encodedValue="AwAAAAEAAAAUAAAAQaHta9GKSz/fN5SdmjBTe3Mig6sgAAAAAQAAAIwEAAAwggSIMIIDcKADAgECAgoZ8/0IAAAAAAANMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAMTKUluZGlzcHV0YWJsZUtleVJvb3RDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MB4XDTA4MTAwMzA3NTMxMFoXDTA5MTAwMzA4MDMxMFowGjEYMBYGA1UEAxMPSUtWaXN0YVB1bnRhdmlsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvAIpOIlGF/5Yql2iOsDyW4dYwh5bTL/JZvk8O1RXsuDs8nqXprXK684ZK97TUJ1QqRmzX5DOXAVHqRX2T9NHHpjITWi7HU67nHTRI1hxhkn4NxSy3CLdmEwxxl05/rUPVmwUCFg6WS5OsP1oXks+Eat9q/ccJA4DWHoLi5LdZgQIDAQABo4ICODCCAjQwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSmKicrwRtRvXbiYHGKkQ1sMQq0BTAfBgNVHSMEGDAWgBRv76rsmaOZIB5FRUTAWL8mPKoq8TCBxAYDVR0fBIG8MIG5MIG2oIGzoIGwhlVodHRwOi8vdnc5OTk5MDIuZXUudGlldG8uY29tL0NlcnRFbnJvbGwvSW5kaXNwdXRhYmxlS2V5Um9vdENlcnRpZmljYXRpb25BdXRob3JpdHkuY3JshldmaWxlOi8vXFxWVzk5OTkwMi5ldS50aWV0by5jb21cQ2VydEVucm9sbFxJbmRpc3B1dGFibGVLZXlSb290Q2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwggEEBggrBgEFBQcBAQSB9zCB9DB3BggrBgEFBQcwAoZraHR0cDovL3Z3OTk5OTAyLmV1LnRpZXRvLmNvbS9DZXJ0RW5yb2xsL1ZXOTk5OTAyLmV1LnRpZXRvLmNvbV9JbmRpc3B1dGFibGVLZXlSb290Q2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcnQweQYIKwYBBQUHMAKGbWZpbGU6Ly9cXFZXOTk5OTAyLmV1LnRpZXRvLmNvbVxDZXJ0RW5yb2xsXFZXOTk5OTAyLmV1LnRpZXRvLmNvbV9JbmRpc3B1dGFibGVLZXlSb290Q2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAD5dfODg6dWjFkTAxK+DP5nuaHTi7MPtOiBGhbDGG0zgEMWXHEGJfaaWkx7tWF05CFaFWne5T+rRr2Ur0YR6GeT30ocvpmntVGlT5Ox5xMRG+vEQ5SMIJrKAk80hu08VunPF42u6thpor6XDjBFZ5gVzxtqee9RdK6VCTIELnW2+w0MO/ti3gqrUt6wn9UP1jSnCaOAyWB9kAPOsYN11eWJGdXNJMPFtYgyxNcqmCgRxk8dL0w62/S1CJU6RXE23wFdqscCYGAeKbwE3UBBD6KYTuprSerTkruQugAFcbzY3P9pO2ie3uYMghA7xyHoWdEcBqO9FCW79s+RT0yEhw3g=" /> </identity> </endpoint> </client> </system.serviceModel></configuration>
I'm out of ideas, so I hope someone can help me.
I have the similar problem on IIS7. However, your code should work on self hosting WCF.