We are a .Net shop that has standardized on WCF Services. We are in the processs of developing an iPhone application that needs to make secure web services calls to obtain data for the app. To ensure secure communiations we have enabled SSL on our web servers. But this does not ensure the service can only be consumed by authorized apps. We have configured our services to support x509 certificate authentication. Is it even possible to call a secure WCF service with certifcate authentication from an IPhone app?
I have spent many hours searching the internet for examples but to no avail. I HAVE been able to successfuly call an un-secure WCF service with no issues. I have also done a lot of research on the WS-Security and WS-Trust communications standards. I believe I understand how this should work. I am just having trouble piecing together the steps/objects within the iPhone frameworks I need to make this work.
Any thoughts and ideas on the subject would be greatly appreciated.
Also, any thoughts on any of the following:
- How best to deploy the P12 certifcate file with the iPhone application
- How best to secure the password for the P12 file within the app
- Is deploying the P12 file with the app a best practice
- Are there facilties within the iPhone frameworks to support this kind of secure communication? If not, what would be an alternative recommendation.