I'm been struggling with WCF for a while now and I can't seem to figure it out. I have a self-hosted WCF service with SSL enabled (using a signed certificate from a self-signed root CA), so far so good. The service is for business-to-business communication so certificates seemed to be the best solution.
(I'm using the WS binding at the moment but that's just for development purposes since all binding methods support (as far as I know) transport level security with client certificates.)
Some relevant configuration bits for the service:
<bindings>
<wsHttpBinding>
<binding name="wsHttpBinding">
<security mode="Transport">
<transport clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
</bindings>
<!-- snip -->
<serviceCredentials>
<clientCertificate>
<authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" />
</clientCertificate>
</serviceCredentials>
When I have the client use a self-signed certificate which is in the "trusted people" store of the user running the WCF service it fails. When I use a certificate signed by my own root CA it works even if it's not in the "trusted people" store.
I was expecting that I would be able to use self-signed certificates, store them in the "trusted people" store and things would just work. But there seems to be some extra validation going on, it there something I'm missing? Is there a better way?