Home Dashboard Directory Help

Service Identity: DNS Identity requirements by Egelke


 as Fixed Help for as Fixed

Sign in
to vote
Type: Bug
ID: 310324
Opened: 11/15/2007 1:01:50 AM
Access Restriction: Public
User(s) can reproduce this bug


The DNS identity type of client endpoints (part of the the server endpoint address) is intended to verify the identity of a server via the common name inside the subject name of the certificate of the server.

This setup fails when connecting to an web service that does not have NTLM or Negociate authentication. Eventhough according to the documentation (http://msdn2.microsoft.com/en-us/library/ms733130.aspx) only the server certificate is used.
Sign in to post a comment.
Posted by Jeltz on 8/16/2008 at 9:24 AM
If I have a partial trust XBAP as a WCF Client, What binding do I need to get a https (SSL transport) connection to a WCF service?. I have no need for client/server authentication. I just want to ensure the WCF messages cannot be read if intercepted between client and server.
Posted by Microsoft on 12/4/2007 at 10:54 PM

The reason your sample is not working is because your configuration specifies a DNS endpoint identity while specifying the binding to be "basicHttpBinding".

The basicHttpBinding by default does not do message security, like the "wsHttpBinding" as specified in the URL link http://msdn2.microsoft.com/en-us/library/ms733130.aspx as provided above.

You have two options:
1) Change your binding to wsHttpBinding
2) Enable message security (clientCredentialType = Windows) while still using basicHttpBinding.

Please let me know if you have any questions.

Sidd [MSFT]
Sign in to post a workaround.