I am running into an issue with my WCF service clocks between host and client are more than 5 min apart. I have seen where I can correct this by using the maxClockSkew in a custom binding. I am having issues converting my wsHttpBinding to a custom binding.
Any help is very appreciated. thanks.
this is what I currently have:
<message establishSecurityContext="false" clientCredentialType="Certificate"/>
I have got it working in VS now when I try to publish it I am getting Keyset Does not Exist. I was using an x509 cetrificate with no issues when I am using wsHttpBinding but with the customBinding I get the error. Any help is Appreciated.
this is my current Config file:
<security authenticationMode="MutualSslNegotiated" messageSecurityVersion="WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
<localClientSettings maxClockSkew="00:15:00" />
<localServiceSettings maxClockSkew="00:15:00" />
<localClientSettings maxClockSkew="00:30:00" />
<localServiceSettings maxClockSkew="00:30:00" />
Usually this means that IIS user doesn't have access to the private key of your certificate. You can read more about it
What I thought was strange was it works fine when I convert and use the wsHttpBinding but when I use the customBinding it get the error.
Unfortunatelly I was never in this situation before. I'll have to create a test project and see if I can replicate this behaviour and then inspect it.
If the issue is caused by timestamp difference between WCF client and service side, I think we have 3 options:
Sync the timestamp of the client side with the WCF service server side manually.
DISABLE the timestamp of WCF binding by using custom binding.
For more details, you can refer to below article:
Disabling Security Timestamps
Option 3: Set a Max Clock Skew to mitigate this possibility
How to: Set a Max Clock Skew
Time-critical functions can be derailed if the clock settings on two computers are different. To mitigate this possibility, you can set the
MaxClockSkew property to a