Service Identity: DNS Identity requirements - by Egelke

Status : 

  Fixed<br /><br />
		This item has been fixed in the current or upcoming version of this product.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.


1
0
Sign in
to vote
ID 310324 Comments
Status Closed Workarounds
Type Bug Repros 0
Opened 11/15/2007 1:01:50 AM
Access Restriction Public

Description

The DNS identity type of client endpoints (part of the the server endpoint address) is intended to verify the identity of a server via the common name inside the subject name of the certificate of the server.

This setup fails when connecting to an web service that does not have NTLM or Negociate authentication.  Eventhough according to the documentation (http://msdn2.microsoft.com/en-us/library/ms733130.aspx) only the server certificate is used.
Sign in to post a comment.
Posted by Jeltz on 8/16/2008 at 9:24 AM
If I have a partial trust XBAP as a WCF Client, What binding do I need to get a https (SSL transport) connection to a WCF service?. I have no need for client/server authentication. I just want to ensure the WCF messages cannot be read if intercepted between client and server.
Posted by Microsoft on 12/4/2007 at 10:54 PM
Hi,

The reason your sample is not working is because your configuration specifies a DNS endpoint identity while specifying the binding to be "basicHttpBinding".

The basicHttpBinding by default does not do message security, like the "wsHttpBinding" as specified in the URL link http://msdn2.microsoft.com/en-us/library/ms733130.aspx as provided above.

You have two options:
1) Change your binding to wsHttpBinding
2) Enable message security (clientCredentialType = Windows) while still using basicHttpBinding.

Please let me know if you have any questions.

Thanks,
Sidd [MSFT]