Geek asks and answers

Using a Wcf SSl certificate over Tcp without a client certificate (server-side only)

Is it possible to use WCF SSL with NetTcpBinding, for which it is not required to install a client certificate on a client machine? (SSL V2, if I'm not mistaken).

we want the server certificate to be in a trusted client store for authentication and encryption of its message with the server’s public key, which means that only the server machine will store the private key certificate.

we use NetTcpBinding, not customBinding on both sides. If it can be done, what is the correct configuration for it? (in client and server configurations)

Thanks in advance.

here are my wcf configs.

SERVER CONFIG:



    <configuration>
      <system.serviceModel>
        <bindings>
         <netTcpBinding>
            <binding name="TcpSecureBinding">
            <security mode="Transport">
              <transport clientCredentialType="Certificate"/>            
            </security>
       </binding>
         </netTcpBinding>
       </bindings>
       <behaviors>
         <serviceBehaviors>
           <behavior name="ServiceCredentialsBehavior">          
             <serviceDebug includeExceptionDetailInFaults="True" />
             <serviceMetadata httpGetEnabled="true" />
             <serviceAuthorization 
                 principalPermissionMode="UseWindowsGroups">
             </serviceAuthorization>
          <serviceCredentials>
               <windowsAuthentication includeWindowsGruops="true"            
                                      allowAnonymousLogons="false"/>
               <clientCertificate>
                     <authentication certificateValidationMode="none"/>
               </clientCertificate>
               <serverCertificate
                   findValue="thumbprint"
                   storelocation="LocalMachine"
                   x509FindType="FindMyThumbprint"
                   storeName="My"/>
           </serviceCredentials>
        </behavior>
       </serviceBehaviors>
      </behaviors>
    <services>
        <service behaviorConfiguration="ServiceCredentialsBehavior"
               name="ServiceModel.Calculator">
          <endpoint address="net.tcp://localhost:8040/Calculator"
                  binding="netTcpBinding"
                  bindingConfiguration="TcpSecureBinding"
                  contract="ServiceModel.ICalculator" >
           <identity>
               <dns value="localhost"/>
           </identity>
         </endpoint>
        </service>
     </services>
    </system.serviceModel>
    </configuration>

CLIENT CONFIG:



    <configuration>
      <system.serviceModel>
        <client>
         <endpoint address="net.tcp://localhost:8040/Calculator"
                behaviorConfiguration="endpointCredentialBehavior"
                binding="netTcpBinding" 
                bindingConfiguration="Binding1" 
                contract="ServiceModel.ICalculator">
          <identity>
               <dns value="localhost"/>
          </identity>
          </endpoint>
        </client>
      <behaviors>
        <endpointBehaviors>
          <behavior name="endpointCredentialBehavior">
          </behavior>
         </endpointBehaviors>
       </behaviors>
       <bindings>
         <netTcpBinding>
          <binding name="Binding1">
            <security mode="Transport">
              <transport clientCredentialType="Windows" />
             </security>
          </binding>
          </netTcpBinding>
        </bindings>
     </system.serviceModel>
    </configuration>

im adding my current server and client configurations. other questions:

  • , ( , trustedPeople), ?

  • ?

  • NTLM (clientCredentialType = Windows) ? NTLM.

  • : " " net.tcp://servername: 8040/ ** ". (, , )". , - , Windows Security om, , : " ". , .

  • , :

    
    <identity>
      <certificate encodedValue="encoded certificate"/>
    </identity>

, , , (trustedPeople). ? ?

, , .

+5
1

netTcpBiding , 3 , , , , . 1, cert .

C →
I →
A → ( )

1- (C + I), . TCP- TCP ( HTPS SSL) C I,

<!--//Below are the configuration for both the service and the client-->
<netTcpBinding>
    <binding name="TcpSecureBinding">
      <security mode="Transport">
        <transport clientCredentialType="None"></transport>
      </security>
    </binding>
  </netTcpBinding>

, TCP SSL , , , , ( LocalMachine/Trusted Root Certification), ,

<serviceBehaviors>
    <behavior>
      <serviceCredentials>
        <serviceCertificate findValue="localhost"
                            x509FindType="FindByIssuerName" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>

2- two (A + [C + I]), C protectionLevel. auth auth ( , Windows Stream Security A, C I)

<!--//Below are the configuration for both the service and the client-->
<netTcpBinding>
    <binding name="TcpSecureBinding">
      <security mode="Transport">
        <transport clientCredentialType="Windows" protectionLevel="EncryptAndSign"></transport>
      </security>
    </binding>
  </netTcpBinding>

3 3 (A + C + I), C , ( ) A, C TCP SSL ( HTPS SSL).

<!--//Below are the configuration for both the service and the client-->
<binding name="TcpSecureBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate"></transport>
      </security>
    </binding>

, TCP SSL , , , , ( LocalMachine/Trusted Root Certification), ,

<serviceBehaviors>
    <behavior>
      <serviceCredentials>
        <serviceCertificate findValue="localhost"
                            x509FindType="FindByIssuerName" />
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
+11

More articles:


All Articles