How to configure a WCF service to only accept a single client identified by a x509 certificate

后端 未结 2 1352
不知归路
不知归路 2021-02-10 17:32

I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify t

相关标签:
2条回答
  • 2021-02-10 18:13

    There doesn't appear to be a way to do what I want using web.config.

    I ended up adding a behavior with this tag:

    <clientCertificate>
      <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" revocationMode="NoCheck"/>
    </clientCertificate>
    

    And then add the client's certificate to the "trusted people" certificate store of the user that the server runs as.

    0 讨论(0)
  • 2021-02-10 18:17

    Check out the WCF Security Guidance page on Codeplex - excellent and very useful stuff!

    In particular, check out the How-To's and even more specifically the

    How To – Use Certificate Authentication and Message Security in WCF calling from Windows Forms

    It explains in great detail how to set up a WCF service which requires its clients to present a valid certificate, and how to check that. If you want to allow only a single client, deploy that certificate only specifically to that one single client.

    Hope this helps!

    0 讨论(0)
提交回复
热议问题