The certificate specified in the X509Certificate EndpointIdentity can never be deserialized on the client side. #5838
Description
EndpointIdentity in the server configuration:
<identity>
<certificateReference x509FindType="FindByThumbprint" findValue="key" />
</identity>
Fragment of response with client side:
<Identity xmlns="http://schemas.xmlsoap.org/ws/2006/02/addressingidentity">
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<X509Data>
<X509Certificate>content</X509Certificate>
</X509Data>
</KeyInfo>
</Identity>
Deserialization code:
https://github.com/dotnet/wcf/blob/main/src/System.ServiceModel.Primitives/src/System/ServiceModel/X509CertificateEndpointIdentity.cs#L62-L65
while (reader.IsStartElement(XD.XmlSignatureDictionary.X509Certificate, XD.XmlSignatureDictionary.Namespace))
{
reader.MoveToContent();
X509Certificate2 certificate = new X509Certificate2(Convert.FromBase64String(reader.ReadContentAsString()));
reader.MoveToContent does not go to X509Certificate content, ReadContentAsString will always return null
This leads to System.Security.Cryptography.CryptographicException: "m_safeCertContext is an invalid handle."