Saturday, January 2, 2010

Cryptic WCF error messages (part 7 of N)

Yet another post in the ongoing series.

This one happens when you use 2-way ssl (e.g. client authenticates with an X.509 certificate in the HTTP level). You may get this error message:


The HTTP request was forbidden with client authentication scheme 'Anonymous'.


This simply means the client certificate failed validation on the server. So check you use the correct certificate and that it is valid on the server.

What's next? get this blog rss updates or register for mail updates!
Posted by Yaron Naveh (MVP) at 8:57 PM
Labels: , , ,

4 comments:

David said...

and how do you check it is configured correctly

say it cn=ClientSide
and it was made by makecert so obviously not sgined by a truxted CA
if I put it under the TrustedPeople on the Local Computer
Isn't it enough?
What am I missing?

Is there a tool which can figure it out?

June 9, 2010 11:25 PM
Yaron Naveh said...

Try to put it in the trusted root auth too

June 10, 2010 12:15 AM
David said...

nope. Didn't work...

This is what I have in the server configuration:

_host.Credentials.ClientCertificate.Authentication.CertificateValidationMode = System.ServiceModel.Security.X509CertificateValidationMode.PeerOrChainTrust;
_host.Credentials.ClientCertificate.Authentication.RevocationMode = X509RevocationMode.NoCheck;
_host.Credentials.ClientCertificate.Authentication.TrustedStoreLocation = StoreLocation.LocalMachine;

June 10, 2010 12:19 PM
David said...

Sorry I missed that.
The trick was to make the certificate self signed and then as you said put it in the Trusted CAs

June 10, 2010 1:28 PM

Post a Comment

Subscribe to: Post Comments (Atom)