[ACCEPTED]-Why does WCF complain over identity check failure?-identity

Accepted answer
Score: 32

The answer to this question is in the error 8 message itself. On the client you can do:

EndpointIdentity identity = EndpointIdentity.CreateDnsIdentity("Server");
EndpointAddress address = new EndpointAddress(new Uri("net.tcp://"), identity);

Replace 7 "Server", by whatever is expected. Typically 6 this would be the common name (CN) of your 5 self-signed certificate. Doing so will not 4 ruin security, provided you take all responsibility 3 for making sure, that the presented certificate 2 is valid, that is create your custom certificate 1 validator and make relevant checks there.

Score: 11

The check is done always - and should be. Basically, WCF 15 will check that the certificate is issued 14 to the domain name (yourcompany.com) or 13 machine name where your service resides. This 12 is a security check which I'd never disable! Otherwise, anyone 11 spoofing your service could use any certificate 10 made out to an arbitrary domain / machine 9 name and get your traffic - not what you 8 want!

So what you need to make sure is that 7 your real certificate on the production 6 server is indeed issued to that domain name 5 that the production server will be part 4 of, e.g. if your production server is going 3 to be in "production.yourcompany.com", the 2 certificate needs to be made out to that 1 domain.


Score: 4

certificateValidationMode should be set 1 to "None", not "false"...

More Related questions