Consider the following scenario. You have a Windows Communication Foundation (WCF) service using Microsoft .NET Framework 4.0, hosted in a Microsoft Internet Information Services (IIS) web server. Under the SSL settings for the web application, you have enabled "Require SSL" as well as requiring client certificates. You then apply one of or more of the following hotfixes for WCF on .NET Framework 4:
In this configuration, when you try to browse to or make a method call to the WCF service that is using client certificate authentication, you may receive an error message and stack trace similar to the one below. You may receive this error even if you have not changed any other setting in the WCF configuration or IIS SSL configuration:
Update 4.0.3 for Microsoft .NET Framework 4 – Runtime Update
SecurityNegotiationException exception when a .NET Framework 4-based WCF client connects to a WCF service through a proxy server
FIX: Slow performance when many large requests are received by a .NET Framework 4-based WCF service
Hotfix rollup package 2532942 is available for Windows Communication Foundation for the .NET Framework 4
SecurityNegotiationException exception when a .NET Framework 4-based WCF client connects to a WCF service through a proxy server
FIX: Slow performance when many large requests are received by a .NET Framework 4-based WCF service
Hotfix rollup package 2532942 is available for Windows Communication Foundation for the .NET Framework 4
In this configuration, when you try to browse to or make a method call to the WCF service that is using client certificate authentication, you may receive an error message and stack trace similar to the one below. You may receive this error even if you have not changed any other setting in the WCF configuration or IIS SSL configuration:
System.NotSupportedException: The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'.
Stack Trace:
[NotSupportedException: The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'.]
System.ServiceModel.Activation.HostedAspNetEnvironment.ValidateHttpsSettings(String virtualPath, Nullable`1& requireClientCertificate) +186762
System.ServiceModel.Channels.HttpsChannelListener.ApplyHostedContext(String virtualPath, Boolean isMetadataListener) +176
System.ServiceModel.Channels.HttpsTransportBindingElement.BuildChannelListener(BindingContext context) +123
System.ServiceModel.Channels.Binding.BuildChannelListener(Uri listenUriBaseAddress, String listenUriRelativeAddress, ListenUriMode listenUriMode, BindingParameterCollection parameters) +177
System.ServiceModel.Description.ServiceMetadataExtension.CreateGetDispatcher(Uri listenUri, Binding binding) +189
System.ServiceModel.Description.ServiceMetadataExtension.EnsureGetDispatcher(Uri listenUri, Boolean isServiceDebugBehavior) +229
System.ServiceModel.Description.ServiceMetadataBehavior.EnsureGetDispatcher(ServiceHostBase host, ServiceMetadataExtension mex, Uri url, String scheme) +195
System.ServiceModel.Description.DispatcherBuilder.InitializeServiceHost(ServiceDescription description, ServiceHostBase serviceHost) +3565
System.ServiceModel.ServiceHostBase.InitializeRuntime() +82
System.ServiceModel.ServiceHostBase.OnOpen(TimeSpan timeout) +64
System.ServiceModel.Channels.CommunicationObject.Open(TimeSpan timeout) +789
System.ServiceModel.HostingManager.ActivateService(String normalizedVirtualPath) +255
System.ServiceModel.HostingManager.EnsureServiceAvailable(String normalizedVirtualPath) +1132
[ServiceActivationException: The service '/WCFService/Service1.svc' cannot be activated due to an exception during compilation. The exception message is: The SSL settings for the service 'None' does not match those of the IIS 'Ssl, SslNegotiateCert, SslRequireCert'..]
System.Runtime.AsyncResult.End(IAsyncResult result) +890624
System.ServiceModel.Activation.HostedHttpRequestAsyncResult.End(IAsyncResult result) +181790
System.Web.AsyncEventExecutionStep.OnAsyncEventCompletion(IAsyncResult ar) +107