How to secure WCF with Third party certificates?

Question

I am hosting a secured WCF service (transport level security) which needs to authenticate users with third party client certificates. To accept those client certificates, I have binded my IIS7 with third party Server Certificate. Theoretically speaking this should work perfectly. But it is not, It continues to give error as The HTTP request was forbidden with client authentication scheme 'Anonymous'.

Does anyone having idea on how to make it possible in this case?

Answer 1

Check out the WCF Security Guidance on Codeplex - they have tons of How-To's and extensive coverage and step-by-step explanations for all things WCF security related.

The one How-To most interesting to you would probably be:

How To – Use Certificate Authentication and Message Security in WCF