I spent entirely too much time getting this to work. I read article after article trying to understand everything. All the articles had some good info, but it seemed none were complete. I'll try to get some time to write up a complete post about this, but for now I'm going to put my notes here.
1. Creating the certificate for development using the makecert tool.
A) Make the CA certificate:
makecert -sr LocalMachine -ss My -n CN=Fanzoo -cy authority -r
B) Make the service certificate
makecert -sr LocalMachine -ss My -n CN=FanzooService -ir LocalMachine -is My -in Fanzoo -sky exchange -pe
C) Move the CA certificate into the trusted root certification authorities using the local machine certificate snap-in for MMC
D) Move the main certificate into the trusted people using the local machine certificate snap-in
E) Use the Certificate Tool (download WSE 3.0) to find your certificates and grant read access to the ASPNET account.
2.) Setup the service config
Here's an example service/web.config. NOTE: This uses MTOM for encoding. You probably don't want this unless you are going to transfer big binary data like I am.
<connectionStrings>
<clear />
<add name="server" connectionString="server=local);database=ServiceRoleProvider;user=user;password=blah;" />
connectionStrings>
<system.web>
<membership defaultProvider="DefaultMembershipProvider" userIsOnlineTimeWindow="15">
<providers>
<clear/>
<add name="DefaultMembershipProvider"
type="System.Web.Security.SqlMembershipProvider"
connectionStringName="server"
applicationName="testService"
minRequiredPasswordLength="5"
minRequiredNonalphanumericCharacters="0"
enablePasswordRetrieval="false"
enablePasswordReset="false"
requiresQuestionAndAnswer="false"
requiresUniqueEmail="true"
passwordFormat="Hashed"/>
providers>
membership>
<roleManager defaultProvider="DefaultRoleProvider" enabled="true">
<providers>
<clear />
<add
name="DefaultRoleProvider"
type="System.Web.Security.SqlRoleProvider"
applicationName="testService"
connectionStringName="server" />
providers>
roleManager>
system.web>
<system.serviceModel>
<services>
<service behaviorConfiguration="DefaultBehavior" name="ServiceWithMembership.HelloWorldService">
<endpoint binding="wsHttpBinding" bindingConfiguration="MyBinding"
contract="ServiceWithMembership.IHelloWorldService" />
<host>
<baseAddresses>
<add baseAddress="http://localhost/ServiceWithMembership/HelloWorld.svc" />
baseAddresses>
host>
service>
services>
<bindings>
<wsHttpBinding>
<binding name="MyBinding" messageEncoding="Mtom" maxReceivedMessageSize="104857600">
<readerQuotas maxArrayLength="2147483647" />
<security mode="Message">
<message clientCredentialType="UserName"/>
security>
binding>
wsHttpBinding>
bindings>
<behaviors>
<serviceBehaviors>
<behavior name="DefaultBehavior">
<serviceMetadata httpGetEnabled="true"/>
<serviceCredentials>
<userNameAuthentication userNamePasswordValidationMode="MembershipProvider" membershipProviderName="DefaultMembershipProvider"/>
<serviceCertificate findValue="FanzooService" storeLocation="LocalMachine" storeName="TrustedPeople" x509FindType="FindBySubjectName"/>
serviceCredentials>
<serviceAuthorization principalPermissionMode="UseAspNetRoles" roleProviderName="DefaultRoleProvider"/>
behavior>
serviceBehaviors>
behaviors>
system.serviceModel>
3) Setup the client config
Here's an example:
<system.serviceModel>
<bindings>
<wsHttpBinding>
<binding name="WSHttpBinding_IHelloWorldService" closeTimeout="00:01:00"
openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
maxBufferPoolSize="524288" maxReceivedMessageSize="65536"
messageEncoding="Mtom" textEncoding="utf-8" useDefaultWebProxy="true"
allowCookies="false">
<readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
maxBytesPerRead="4096" maxNameTableCharCount="16384" />
<reliableSession ordered="true" inactivityTimeout="00:10:00"
enabled="false" />
<security mode="Message">
<transport clientCredentialType="Windows" proxyCredentialType="None"
realm="" />
<message clientCredentialType="UserName" negotiateServiceCredential="true"
algorithmSuite="Default" establishSecurityContext="true" />
security>
binding>
wsHttpBinding>
bindings>
<client>
<endpoint address=http://localhost/ServiceWithMembership/HelloWorld.svc
binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IHelloWorldService"
contract="IHelloWorldService" name="WSHttpBinding_IHelloWorldService" behaviorConfiguration="ClientBehavior">
<identity>
<dns value="FanzooService"/>
identity>
endpoint>
client>
<behaviors>
<endpointBehaviors>
<behavior name="ClientBehavior">
<clientCredentials>
<serviceCertificate>
<authentication certificateValidationMode="PeerOrChainTrust" />
serviceCertificate>
clientCredentials>
behavior>
endpointBehaviors>
behaviors>
system.serviceModel>
4) Passing Credentials in the Client
HelloWorldServiceClient serviceClient = new HelloWorldServiceClient();
serviceClient.ClientCredentials.UserName.UserName = "JeffF";
serviceClient.ClientCredentials.UserName.Password = "Test123!";
try
{
Console.WriteLine(serviceClient.HelloWorld());
}
catch(Exception ex)
{
Console.WriteLine(ex);
}
Console.ReadKey();
5) Accessing the credentials in the service
posted on Tuesday, August 14, 2007 3:27 PM