[ACCEPTED]-Why does WCF complain over identity check failure?-identity
The answer to this question is in the error 8 message itself. On the client you can do:
EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("Server");
EndpointAddress address = new EndpointAddress(new Uri("net.tcp://1.2.3.4:12345/ServiceName"), identity);
Replace 7 "Server", by whatever is expected. Typically 6 this would be the common name (CN) of your 5 self-signed certificate. Doing so will not 4 ruin security, provided you take all responsibility 3 for making sure, that the presented certificate 2 is valid, that is create your custom certificate 1 validator and make relevant checks there.
The check is done always - and should be. Basically, WCF 15 will check that the certificate is issued 14 to the domain name (yourcompany.com) or 13 machine name where your service resides. This 12 is a security check which I'd never disable! Otherwise, anyone 11 spoofing your service could use any certificate 10 made out to an arbitrary domain / machine 9 name and get your traffic - not what you 8 want!
So what you need to make sure is that 7 your real certificate on the production 6 server is indeed issued to that domain name 5 that the production server will be part 4 of, e.g. if your production server is going 3 to be in "production.yourcompany.com", the 2 certificate needs to be made out to that 1 domain.
Marc
certificateValidationMode should be set 1 to "None", not "false"...
More Related questions
We use cookies to improve the performance of the site. By staying on our site, you agree to the terms of use of cookies.