Hi,
I have a WCF service hosted as Windows Service with Https. with a self-signed certificate.
I have a client(Windows Application), where-in I am trying to communicate with above service. I have mechanism in my client to verify the availability of the service and every call with 2 second delta period, will invoke the Service API in background thread.
While doing a very specific operation, the same service API(as mentioned above) will get invoked in main thread as well.
We have implemented a delegate to verify server certificate by hooking to ServicePointManager.ServerCertificateValidationCallback which works fine in all machines(Mostly our internal domain machines) except a workgroup machine. All these machines are running in Windows 10.
Problem Statement: In workgroup machine, for a very first call to my service, I am getting:
SecurityNegotiationException occurred: Could not establish trust relationship for the SSL/TLS secure channel with authority 'desktop-#####:5001'. The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.*
On subsequent calls, everything works fine. The moment I close my client application and starts again(which will make first call to service), same issue happens again.
Some analysis inputs: The moment I remove the call to service from background thread, everything works fine. The moment I bring a call from background thread to service, invocation of delegate happens for background thread but not for main thread(I found this based on custom logging).
Questions:
1. Why my delegate is not invoked to validate server certificate from main thread ?
2. Why WCF framework handling certificate error, even though we have our own Certificate Handler(delegate)
3. When I comment-out a call from background thread, delegate is invoked to validate server certificate. and succeeds.
4. Why this issue is happening only in workgroup machine?
Note:
1. This problem is same when I always tried returning true from delegate(which is against a security rule)
2. Service is running in the same workgroup machine where client runs.