Saturday, July 19, 2008

WCF with SSL

As we are more close to the production date, and as usual security delayed till production rollout! We tried to simulate the production environment security for our solution.

We will have multiple sites that can be accessed from the internet or intranet and communicate with a backend web services built using the WCF technology. Now, we want to secure this dialog between the clients and the service. As most of us know there are a lot of options and scenarios when interacting with a WCF service. So, we opt out to use the WSHttpBinding binding, TransportWithMessageCredential security mode, with username/password to authenticate the client’s identity on the service, and an SSL certificate installed on the IIS hosting the service.

After initial setup of the environment we got the following exception:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'dev-srv-03'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

You can solve this by using the following code snippets:

This is actually may happen due to the use of a certificate that is trial or not self-signed – you can have some clues from the value of the error parameter provided for the server certificate validation callback. On production environment you should remove the above callback code, given that you will use a valid SSL certificate issued from a trusted CA.


Anonymous said...

Thanks for the post. It solved the problem I had in spades.

Anonymous said...

Thank You,

It saved my day.