views:

13

answers:

1

Hi,

I'm looking into creating a WCF service that will connect to our Product Management system to provide/update product licensing information. It will be a self hosting service wrapped up in an NT service and I'm looking at ways to mutually authenticate both the service and the client. Clients will be desktop applications running on the same machine as the service so I'm thought netTCP binding with Transport security would be sufficient but having looked at the documentation I think I can only achieve Windows credential security which probably isn't going to be good enough for me. Principally I'm trying to prevent spoof applications invoking operations on our service and also trying to prevent spoof services masquerading as our own.

Can anyone give me any suggestions? I'm a little concerned that I might have to look into certificates :S

Cheers,

Chris.

A: 

You can use certificates (service / client) to do mutual authN. See http://msdn.microsoft.com/en-us/library/ms733102.aspx

larsw