WCF client certificate signing : how to?

Question

So I have a WCF service where I have various parts of the service contract with a ProtectionLevel of Sign. I set the credentials on the client side by choosing a certificate from the certificate store. This is fine.

However ....

1. Does this client certificate need to be in the 3rd party certificate store on the server for this to work?
2. If this is the case how can I configure a service which accepts any client certificate?
3. And finally how do I access the signing certificate within the implementation of the operations which require signed messages? Just the signing certificate subject name would do fine!

Thanks

Answer 1

Ah the joy of self answering.

So

1. "It depends". If you have ChainOrPeer validation then both the chain or the presence of the certificate in the trusted people store results in success. Only validating on chain obviously checks the chain, setting Peer validation uses the store, and None lets everything through.

2. Set the validation mode to none

3. The SecurityContext for the request contains an X509CertificateClaimSet which in turn exposes the certificate itself.