Connection failure using X.509 certificate in WCF

I get the following error if I try to connect to my WCF service: The service certificate is not provided for target 'http://localhost:8081/OEGNOSControlService/ws'. Specify a service certificate in ClientCredentials.

But I already specified the service certificate!

App.config of the service:

<system.serviceModel> 
 <behaviors>
  <serviceBehaviors>  
  <behavior name="ServiceCredentialsBehavior">
   <serviceMetadata httpGetEnabled="true" />
   <serviceDebug includeExceptionDetailInFaults="true" />
   <serviceCredentials>
   <serviceCertificate findValue="localhost"
        storeLocation="LocalMachine"
        storeName="My"
        x509FindType="FindBySubjectName" />
   </serviceCredentials>
  </behavior>
  </serviceBehaviors>
 </behaviors> 
 <bindings>
  <wsHttpBinding>
  <binding name="MessageAndUserName">
   <security mode="Message">
   <message clientCredentialType="UserName" negotiateServiceCredential="false"
    algorithmSuite="Default" establishSecurityContext="true" />
   </security>
  </binding>
  </wsHttpBinding>
 </bindings>
 <services>
  <se开发者_JAVA技巧rvice behaviorConfiguration="ServiceCredentialsBehavior"
    name="OEGNOS.ControlServiceLibrary.ControlService">
  <clear/>
  <endpoint
   name="WSHttpBinding_IControlService"
   address="ws"
     binding="wsHttpBinding"
     bindingConfiguration="MessageAndUserName"
     contract="OEGNOS.ControlServiceLibrary.IControlService" />
  <endpoint address="mex" binding="mexHttpBinding" contract="IMetadataExchange" />
  <host>
   <baseAddresses>
   <add baseAddress="http://localhost:8081/OEGNOSControlService/" />
   </baseAddresses>
  </host>
  </service>
 </services>
 </system.serviceModel>

app.config of the client:

<system.serviceModel>
  <behaviors>
   <endpointBehaviors>
    <behavior name="ClientCredentialsBehavior">
     <clientCredentials>
      <serviceCertificate>
       <authentication certificateValidationMode="PeerOrChainTrust" />
      </serviceCertificate>
     </clientCredentials>
    </behavior>
   </endpointBehaviors>
  </behaviors>
  <bindings>
   <wsHttpBinding>
    <binding name="WSHttpBinding_IControlService" closeTimeout="00:01:00"
     openTimeout="00:01:00" receiveTimeout="00:10:00" sendTimeout="00:01:00"
     bypassProxyOnLocal="false" transactionFlow="false" hostNameComparisonMode="StrongWildcard"
     maxBufferPoolSize="524288" maxReceivedMessageSize="65536" messageEncoding="Text"
     textEncoding="utf-8" useDefaultWebProxy="true" allowCookies="false">
     <readerQuotas maxDepth="32" maxStringContentLength="8192" maxArrayLength="16384"
      maxBytesPerRead="4096" maxNameTableCharCount="16384" />
     <reliableSession ordered="true" inactivityTimeout="00:10:00"
      enabled="false" />
     <security mode="Message">
      <message clientCredentialType="UserName" negotiateServiceCredential="false"
       algorithmSuite="Default" establishSecurityContext="true" />
     </security>
    </binding>    
   </wsHttpBinding>
  </bindings>
  <client>
   <endpoint address="http://localhost:8081/OEGNOSControlService/ws"
    binding="wsHttpBinding" bindingConfiguration="WSHttpBinding_IControlService"
    contract="ServiceReference.IControlService" name="WSHttpBinding_IControlService">
    <identity>
     <certificate encodedValue="AwAAAAEAAAAUAAAA76QJWw679+g8dC71G0FPkVBqP84gAAAAAQAAALUBAAAwggGxMIIBX6ADAgECAhC+qdh0bQjNsUbkHmHD4dv1MAkGBSsOAwIdBQAwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3kwHhcNMTEwODI0MDcxNzIzWhcNMzkxMjMxMjM1OTU5WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALhYR3qBO1xZlHJux2pTPWnwltvXzhtIyQJJXJwaNoyJz1rAr6LsTOxXbjXXRB4TV74TjgTzVtY8z/bkJhjexBmrq/79myw1y1RZegOSF64p4oYlQX2+uw/AlGgP+VBDgHWamVK6Fdansn/9kQRHRHbfK/DJLdBCzWWHj3tR+jiVAgMBAAGjSzBJMEcGA1UdAQRAMD6AEBLkCS0GHR1PAI1hIdwWZGOhGDAWMRQwEgYDVQQDEwtSb290IEFnZW5jeYIQBjdsAKoAZIoRz7jUqlw19DAJBgUrDgMCHQUAA0EAITzB2uIn2MuJ11s1uXwNtPOESTrfKlVIfrccGzkuggUJgAiHEQkj/1PwQN+Q47wD5aWYzjUN5CCVMefD9djBYA==" />
    </identity>
   </endpoint>   
  </client>
 </system.serviceModel>

Try to install certificate on the client and update client config with

<behavior name="ClientCredentialsBehavior">
     <clientCredentials>
      <serviceCertificate>
         <!-- path for client certificate-->
        <defaultCertificate findValue="localhost"
            storeLocation="LocalMachine"
            storeName="My"
            x509FindType="FindBySubjectName"/>
       <authentication certificateValidationMode="None" />
      </serviceCertificate>
     </clientCredentials>
</behavior>

If you do it right there will not be exception. Pay attention to storeLocation value, by default after importing it is CurrentUser (not LocalMachine). You can see it using 'cmd -> mmc -> certificates'.

Actually you don't have to install certificate and can just send to the client certificate encodedValue. To do this do not use svcutil.exe (you use it by clicking Add service reference in Visual Studio).

Instead,

1. Find you certificate in the certificate store using mmc util.
2. Right click on certificate -> Export.
3. Choose 'do not export private key' and base-64 encoding.
4. After saving open the file with text editor and you get the encoded value.
5. Place found encoded value in the client config identity section.