Svcutil is wonderful tool and it comes handy when trying to
create WCF client applications. It makes use of the MEX endpoint and retrieves the config and proxy classes.
Where to look for svcutil.exe tool and its configuration in
your machine (WIN 7 64bit):
C:\Program Files
(x86)\Microsoft SDKs\Windows\v7.0A\Bin
[select the right version "v7.0A"]
This will generate the service endpoint information as
config and proxy as a .cs file.
This approach does not work for the WCF services
that demands client authentication certificate while receiving the actual or metadata-exchange request.
You may have kept the client authentication certificate in
your “localmachine” or “currentuser” certificate store (mostly in “personal”) [You
can do this either via MMC console or certification manager tool]
In such cases if you try to execute this tool you will be
receiving error as below
-------------------------------------------------------------------------
Svcutil https://MyTestService/Test.svc
WS-Metadata Exchange Error
URI: https://MyTestService/Test.svc
Metadata contains a reference that cannot be resolved:
'https://MyTestService/Test.svc'.
The HTTP request was forbidden with client authentication scheme
'Anonymous'
The remote server returned an error: (403) Forbidden.
-------------------------------------------------------------------------
This happens as the svcutil does not know where to look for
the certificate. There is an easy way to get this working
- Locate the svcutil.exe and svcutil.exe.config
- Copy it to any of your folder let’s say c:\temp\
- Now modify the svcutil.exe.config to have the corresponding certificate store information (mention specific endpoint details and client credentials)
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<system.serviceModel>
<client>
<endpoint behaviorConfiguration="wsHttpBehavior"
binding="wsHttpBinding" bindingConfiguration="wsHttpMex"
contract="IMetadataExchange" name="https"/>
</client>
<bindings>
<wsHttpBinding>
<binding name="wsHttpMex">
<security mode="Transport">
<transport
clientCredentialType="Certificate" />
</security>
</binding>
</wsHttpBinding>
</bindings>
<behaviors>
<endpointBehaviors>
<behavior
name="wsHttpBehavior">
<clientCredentials>
<clientCertificate
findValue="<clientcertificatesubject>"
storeLocation="LocalMachine"
storeName="My"
x509FindType="FindBySubjectName"
/>
</clientCredentials>
</behavior>
</endpointBehaviors>
</behaviors>
</system.serviceModel>
</configuration>
4. Now the following command will be working as the svcutil is now able to locate the certificate in LocalMachine\Personal certificate store.
c:\temp\Svcutil https://MyTestService/Test.svc