Thursday, November 13, 2008

Cryptic WCF error messages (part 3 of N)


When you use X.509 certificates you might get the following exception on the client:

Identity check failed for outgoing message. The expected DNS identity of the remote endpoint was 'localhost' but the remote endpoint provided DNS claim 'WSE2QuickStartServer'. If this is a legitimate remote endpoint, you can fix the problem by explicitly specifying DNS identity 'WSE2QuickStartServer' as the Identity property of EndpointAddress when creating channel proxy.

The error happens while client tries to authenticate the server. It does so by comparing the server identity as appears in its X.509 to the server identity you configured to expect. If you haven't configured it than it assumes the service url domain name is the expected identity (for example "localhost" is expected for "http://localhost/MyService.svc").

The solution is to do exactly as the error tells us: Define the expected identity in the configuration. In app.config it can look something like this:

<endpoint address="http://localhost:13037/WCFService54/Service.svc"
<dns value="localhost" />


and in the configuration editor as bellow:


What's next? get this blog rss updates or register for mail updates!


Yasaman said...

Thank you!