WCF Client Certificate Authentication

Question

We have a typical client-server WCF service and I would like the following:

• Client passes a certificate to the Server through the ClientCredentials property
• Server looks at the certificate and see's that it has been issued by our trusted certificate authority
• The client is rejected if they use a certificate that is not issued by our CA.

The client has a clientAuthentication certificate installed, along with our trusted CA. The server has our trusted CA certificate installed. I dont want to install any other certificates.

I am flexible on the binding, however it does need to work in a web scenerio.

I thought about using BasicHttpBinding with TransportCredentialOnly, however it doesnt support certificates :(.

Ive tried using wsHttpBinding in Message mode, however that requires a ServerCertificate to perform server authentication and message encryption... which I dont want!

Is there any built-in way to achieve this?

Answer 1

All build in bindings allow using client certificates only when server certificate is used - mutal certificate authentication and security. To support your scenario you will have to handle it completely yourselves. If you want to inject your authentication mechanism to WCF you will have to do custom token and custom credentials.