AVEVA Global WCF Configuration Guide
WCF Configuration Files : Configure Security : Transport Level Security with SSL Certificate based Authentication
Transport Level Security with SSL Certificate based Authentication
Certificate based authentication can be used when Global daemons are communicating through an unsecured network or different trust boundaries.
The following XML is used to configure the binding to use Certificate based authentication.
Note:
The following setting must be consistent within the GlobalWCFClient.config and AdmindWCF.exe.config files.
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
Note:
The user must make sure that a certificate has been pre-installed and configured. Refer to the section Certificate Based Authentication.
The user must specify information about the certificate to enable network level security with certificate authentication.
The following block is specified in the Service behaviour and must be modified in the AdmindWCF.exe.config file.
<serviceBehaviors>
<behavior name="GlobalWcfServiceBehavior">
<serviceMetadata httpGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="true" />
<serviceCredentials>
<clientCertificate>
<authentication trustedStoreLocation="LocalMachine" certificateValidationMode="None">
</authentication>
</clientCertificate>
<serviceCertificate findValue="tempCert" x509FindType="FindBySubjectName" storeLocation="LocalMachine" />
</serviceCredentials>
</behavior>
</serviceBehaviors>
The user must specify:
httpsGetEnabled
Must be set to true
trustedStoreLocation
The location of the trusted store for the certificate
findValue
Certificate identifier within the trusted store Refer to Certificate Based Authentication
x509FindType
The type of find value for the search
storeLocation
Certificate Store: localMachine/Currentuser (determined by the certificate).
The GlobalWCFClient.config file has an equivalent <endpointBehaviors> element that must be modified to match the configuration changes made in the Service Behaviours of the AdmindWCF.exe.config file.
To view an example of configuration files with Certificate based authentication, extract the contents of the GlobalWCF_SampleConfigFiles folder file and navigate to the sub folder TransportSecurityCertificateAuthentication.
1974 to current year. AVEVA Solutions Limited and its subsidiaries. All rights reserved.
AVEVA Logo