Last post Nov 10, 2015 03:30 AM by Li Wang
Nov 01, 2015 03:20 AM|nima61|LINK
I have configured my web site to use SSL with a server certificate and also to require client certificates
and on iis i do below steps:
1- create a website
2- in server certificate create a self-sing certificate and called myCert
3-in service click on bindings and create port 443 and https and chose my Certificate name ( myCert)
4-Double Click on SSL Setting and chose Required SSL and Required radio button and click apply
also i export the cert file form iis and install on my client pc in personal
but when i want to add the service on visual studio and when click add service reference and enter the url
i get below error :
There was an error downloading 'https://localhost:4439/Service.svc/_vti_bin/ListData.svc/$metadata'.
The request failed with HTTP status 403: Forbidden.
Metadata contains a reference that cannot be resolved: 'https://localhost:4439/Service.svc'.
The HTTP request was forbidden with client authentication scheme 'Anonymous'.
The remote server returned an error: (403) Forbidden.
If the service is defined in the current solution, try building the solution and adding the service reference again.
please help me for solve it , if that need to more details please tell me
Nov 01, 2015 06:52 AM|PatriceSc|LINK
Try perhaps https://support.microsoft.com/en-us/kb/315588 For now it seems you have taken care about the server side certificate but what have you done the client side certificate? Installing the
sefver side certificate clien side is just to bypass certificate checkning which wouldn't work with a self signed certificate.
Never tried client cert myself...
Nov 02, 2015 12:52 AM|ramana123|LINK
Check few things like..
first of all, you may need to install your certificate in your local machine trusted people store as I believe IIS would be looking here for the same
next thing, ensure you have given the permissions of the certificate given to AppPool user or NETWORKSERVICE account.
also check this
Nov 02, 2015 01:33 AM|nima61|LINK
thanks for your answer
i installed the certificate into personal and Trusted Root and Trusted People and Trusted Published
but i meet the last error again
please help me
Nov 02, 2015 02:14 AM|ramana123|LINK
try browing the iurl using IE/chrome and see if any meaning full error
and also, check you config file [server] if httpsgetenabled= true or not.
Nov 02, 2015 07:59 AM|PatriceSc|LINK
Which one? Here you have two certificates AFAIK. So for now my understanding is that you have taken care of the server certificate but done nothing regarding the client side certificate (installing a self signed server side certificate client side doesn't
make it a client side certificate but serves another purpose). And so for now the 403 error would be to tell that you are trying to access a site that requires a client side certificate without any client side certificate.
Nov 10, 2015 03:30 AM|Li Wang|LINK
Did you install IIS Client Certificate Mapping Authentication according Turn Windows features on or off and turn on the Client certificates on SSL Setting page? Below article give the detail steps to do it. Link below is for your reference.