I will put the problem description here also:
have created a BizTalk project, the receive port uses NetTcp, security mode is message and message client credentialtype is certificate.
Then I publish this receive port as WCF service with Biztalk WCF publishing wizard. In web.config I set the serviceSertificate to match with the certificate that I have given to receiveLocation in BizTalk.
When I do all this I get the service working, and I can get the reference to this service with svcutil. When I create a client with svcutil and I add the clientCertificate, I get an error:
The caller was not authenticated by the service.
So does anyone have an idea what I’m doing wrong?
Or could someone give me a step by step instructions how to do this right, I’m using Vista, IIS7 and BizTalk 2006 R2.
I think that this is a NetTcp issue, because this works fine if I use the same certificates with basicHttp.
These are my server side ans client side config:
Server
<?xml version=”1.0″ encoding=”utf-8″?>
<!–
Note: As an alternative to hand editing this file you can use the
web admin tool to configure settings for your application. Use
the Website->Asp.Net Configuration option in Visual Studio.
A full list of settings and comments can be found in
machine.config.comments usually located in
\Windows\Microsoft.Net\Framework\v2.x\Config
–>
<configuration xmlns=”http://schemas.microsoft.com/.NetConfiguration/v2.0“>
<!–
The <configSections> section declares handlers for custom configuration sections.
–>
<configSections>
<section name=”bizTalkSettings” type=”Microsoft.BizTalk.Adapter.Wcf.Runtime.BizTalkConfigurationSection, Microsoft.BizTalk.Adapter.Wcf.Runtime, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
</configSections>
<!–
The <bizTalkSettings> section specifies BizTalk specific configuration.
–>
<bizTalkSettings>
<!–
mexServiceHostFactory debug:
Set to “true” to launch debugger when MexServiceHostFactory.CreateServiceHost(…) is called by IIS.
Used to debug from initial point of activation by IIS.
Default value is “false” for normal operation.
–>
<mexServiceHostFactory debug=”false”>
<receiveLocationMappings>
<!–add markupFileName=”*.svc” receiveLocationName=”?” publicBaseAddress=”protocol://host[
ort]” /–>
<add markupFileName=”Microsoft_Samples_BizTalk_WCFBasicHttpReceiveAdapter_BizTalkApp_DeliveryProcess_DeliveryRequestPort.svc” receiveLocationName=”WcfService_Microsoft.Samples.BizTalk.WCFBasicHttpReceiveAdapter.BizTalkApp/Microsoft_Samples_BizTalk_WCFBasicHttpReceiveAdapter_BizTalkApp_DeliveryProcess_DeliveryRequestPort” publicBaseAddress=”http://localhost/” />
</receiveLocationMappings>
</mexServiceHostFactory>
<!–
webServiceHostFactory debug:
Set to “true” to launch debugger when WebServiceHostFactory.CreateServiceHost(…) is called by IIS.
Used to debug from initial point of activation by IIS.
Default value is “false” for normal operation.
–>
<webServiceHostFactory debug=”false” />
<!–
isolatedReceiver disable:
Set to “true” to skip IBTTransportProxy.RegisterIsolatedReceiver(…) and IBTTransportProxy.TerminateIsolatedReceiver(…) calls.
Used for testing metadata exchange without having to setup receive location.
Default value is “false” for normal operation.
–>
<isolatedReceiver disable=”false” />
<!–
btsWsdlExporter disable:
Set to “true” to skip adding BtsWsdlExporter behavior extension to service endpoint.
Used for testing or comparing strongly-typed WSDL customization versus weakly-typed WSDL of generic WCF service.
Default value is “false” for normal operation.
–>
<btsWsdlExporter disable=”false” />
</bizTalkSettings>
<appSettings />
<connectionStrings />
<system.web>
<!–
Set compilation debug=”true” to insert debugging symbols into the compiled page.
Because this affects performance, set this value to true only during development.
–>
<compilation defaultLanguage=”c#” debug=”false”>
<assemblies>
<add assembly=”mscorlib, version=2.0.0.0, culture=neutral, publickeytoken=b77a5c561934e089″ />
<add assembly=”Microsoft.BizTalk.Adapter.Wcf.Common, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
<add assembly=”Microsoft.BizTalk.Adapter.Wcf.Runtime, Version=3.0.1.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />
</assemblies>
</compilation>
<!–
The <authentication> section enables configuration of the security authentication mode
used by ASP.NET to identify an incoming user.
–>
<authentication mode=”Windows” />
<!–
The <customErrors> section enables configuration of what to do if/when an unhandled error
occurs during the execution of a request. Specifically, it enables developers to configure
html error pages to be displayed in place of a error stack trace.
–>
<!–
<customErrors mode=”RemoteOnly” defaultRedirect=”GenericErrorPage.htm”>
<error statusCode=”403″ redirect=”NoAccess.htm” />
<error statusCode=”404″ redirect=”FileNotFound.htm” />
</customErrors>
–>
</system.web>
<!–
The <system.serviceModel> section specifies Windows Communication Foundation (WCF) configuration.
–>
<system.serviceModel>
<behaviors>
<serviceBehaviors>
<behavior name=”ServiceBehaviorConfiguration”>
<serviceDebug httpHelpPageEnabled=”true” httpsHelpPageEnabled=”false” includeExceptionDetailInFaults=”false” />
<serviceMetadata httpGetEnabled=”true” httpsGetEnabled=”false” />
<serviceCredentials>
<serviceCertificate findValue=”41A1ED6BD18A4B3FDF37949D9A30537B732283AB”
storeLocation=”CurrentUser”
storeName=”My”
x509FindType=”FindByThumbprint” />
</serviceCredentials>
</behavior>
</serviceBehaviors>
</behaviors>
<services>
<!– Note: the service name must match the configuration name for the service implementation. –>
<service name=”Microsoft.BizTalk.Adapter.Wcf.Runtime.BizTalkServiceInstance” behaviorConfiguration=”ServiceBehaviorConfiguration”>
<endpoint name=”HttpMexEndpoint” address=”mex” binding=”mexHttpBinding” bindingConfiguration=”” contract=”IMetadataExchange” />
<!–<endpoint name=”HttpsMexEndpoint” address=”mex” binding=”mexHttpsBinding” bindingConfiguration=”” contract=”IMetadataExchange” />–>
</service>
</services>
</system.serviceModel>
</configuration>
Client
<?xml version=”1.0″ encoding=”utf-8″?>
<configuration>
<system.serviceModel>
<behaviors>
<endpointBehaviors>
<behavior name=”NewBehavior”>
<clientCredentials>
<clientCertificate findValue=”B2A988CC3B571C1B0E114C418BEDFA12D49F6E36″
x509FindType=”FindByThumbprint” />
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
<bindings>
<netTcpBinding>
<binding name=”NetTcpBinding_ITwoWayAsync” closeTimeout=”00:01:00″
openTimeout=”00:01:00″ receiveTimeout=”00:10:00″ sendTimeout=”00:01:00″
transactionFlow=”false” transferMode=”Buffered” transactionProtocol=”OleTransactions”
hostNameComparisonMode=”StrongWildcard” listenBacklog=”10″
maxBufferPoolSize=”524288″ maxBufferSize=”65536″ maxConnections=”10″
maxReceivedMessageSize=”65536″>
<readerQuotas maxDepth=”32″ maxStringContentLength=”8192″ maxArrayLength=”16384″
maxBytesPerRead=”4096″ maxNameTableCharCount=”16384″ />
<reliableSession ordered=”true” inactivityTimeout=”00:10:00″
enabled=”false” />
<security mode=”Message”>
<transport clientCredentialType=”Windows” protectionLevel=”EncryptAndSign” />
<message clientCredentialType=”Certificate” />
</security>
</binding>
</netTcpBinding>
</bindings>
<client>
<endpoint address=”net.tcp://ikvistapuntavil/WcfBasic” behaviorConfiguration=”NewBehavior”
binding=”netTcpBinding” bindingConfiguration=”NetTcpBinding_ITwoWayAsync”
contract=”Microsoft_Samples_BizTalk_WCFBasicHttpReceiveAdapter_BizTalkApp_DeliveryProcess_DeliveryRequestPort”
name=”NetTcpBinding_ITwoWayAsync”>
<identity>
<certificate encodedValue=”AwAAAAEAAAAUAAAAQaHta9GKSz/fN5SdmjBTe3Mig6sgAAAAAQAAAIwEAAAwggSIMIIDcKADAgECAgoZ8/0IAAAAAAANMA0GCSqGSIb3DQEBBQUAMDQxMjAwBgNVBAMTKUluZGlzcHV0YWJsZUtleVJvb3RDZXJ0aWZpY2F0aW9uQXV0aG9yaXR5MB4XDTA4MTAwMzA3NTMxMFoXDTA5MTAwMzA4MDMxMFowGjEYMBYGA1UEAxMPSUtWaXN0YVB1bnRhdmlsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvAIpOIlGF/5Yql2iOsDyW4dYwh5bTL/JZvk8O1RXsuDs8nqXprXK684ZK97TUJ1QqRmzX5DOXAVHqRX2T9NHHpjITWi7HU67nHTRI1hxhkn4NxSy3CLdmEwxxl05/rUPVmwUCFg6WS5OsP1oXks+Eat9q/ccJA4DWHoLi5LdZgQIDAQABo4ICODCCAjQwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMB0GA1UdDgQWBBSmKicrwRtRvXbiYHGKkQ1sMQq0BTAfBgNVHSMEGDAWgBRv76rsmaOZIB5FRUTAWL8mPKoq8TCBxAYDVR0fBIG8MIG5MIG2oIGzoIGwhlVodHRwOi8vdnc5OTk5MDIuZXUudGlldG8uY29tL0NlcnRFbnJvbGwvSW5kaXNwdXRhYmxlS2V5Um9vdENlcnRpZmljYXRpb25BdXRob3JpdHkuY3JshldmaWxlOi8vXFxWVzk5OTkwMi5ldS50aWV0by5jb21cQ2VydEVucm9sbFxJbmRpc3B1dGFibGVLZXlSb290Q2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcmwwggEEBggrBgEFBQcBAQSB9zCB9DB3BggrBgEFBQcwAoZraHR0cDovL3Z3OTk5OTAyLmV1LnRpZXRvLmNvbS9DZXJ0RW5yb2xsL1ZXOTk5OTAyLmV1LnRpZXRvLmNvbV9JbmRpc3B1dGFibGVLZXlSb290Q2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcnQweQYIKwYBBQUHMAKGbWZpbGU6Ly9cXFZXOTk5OTAyLmV1LnRpZXRvLmNvbVxDZXJ0RW5yb2xsXFZXOTk5OTAyLmV1LnRpZXRvLmNvbV9JbmRpc3B1dGFibGVLZXlSb290Q2VydGlmaWNhdGlvbkF1dGhvcml0eS5jcnQwDQYJKoZIhvcNAQEFBQADggEBAD5dfODg6dWjFkTAxK+DP5nuaHTi7MPtOiBGhbDGG0zgEMWXHEGJfaaWkx7tWF05CFaFWne5T+rRr2Ur0YR6GeT30ocvpmntVGlT5Ox5xMRG+vEQ5SMIJrKAk80hu08VunPF42u6thpor6XDjBFZ5gVzxtqee9RdK6VCTIELnW2+w0MO/ti3gqrUt6wn9UP1jSnCaOAyWB9kAPOsYN11eWJGdXNJMPFtYgyxNcqmCgRxk8dL0w62/S1CJU6RXE23wFdqscCYGAeKbwE3UBBD6KYTuprSerTkruQugAFcbzY3P9pO2ie3uYMghA7xyHoWdEcBqO9FCW79s+RT0yEhw3g=” />
</identity>
</endpoint>
</client>
</system.serviceModel>
</configuration>
I’m out of ideas, so I hope someone can help me.