How to configure a WCF service to only accept a single client identified by a x509 certificate

Question

I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify t

Answer 1

Check out the WCF Security Guidance page on Codeplex - excellent and very useful stuff!

In particular, check out the How-To's and even more specifically the

How To – Use Certificate Authentication and Message Security in WCF calling from Windows Forms

It explains in great detail how to set up a WCF service which requires its clients to present a valid certificate, and how to check that. If you want to allow only a single client, deploy that certificate only specifically to that one single client.

Hope this helps!

Answer 2

There doesn't appear to be a way to do what I want using web.config.

I ended up adding a behavior with this tag:

<clientCertificate>
  <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="CurrentUser" revocationMode="NoCheck"/>
</clientCertificate>

And then add the client's certificate to the "trusted people" certificate store of the user that the server runs as.