Custom certificate validation in WCF service

Question

I want to check client certificates in my WCF service.

My goal is to allow only clients with certificates with specific thumbprints to be able to communicate with my

Answer 1

I do NOT think there is anyway to have 'Custom Certificate Validation' with 'Transport Security'. It only works with 'Message Security'.

Answer 2

You can create a class derived from X509CertificateValidator and use it to do custom validation of the incoming certificate. Throw an SecurityTokenValidationException if you want to fail validation for some reason.

Set the certificateValidationMode to Custom and specify your validator in the clientCertificate service behavior section of the config file.

How to: Create a Service that Employs a Custom Certificate Validator

Answer 3

YES, you can use basicHttpBinding with security set to Transport and you need to hook to the ServiceHost creation in IIS - see Custom Service Host. You should be able to validate thumbprint values, certificates or any other data if you create custom config section to define list of validation criteria.

Sample code for the implementation of all of the above is available in the code download from this CodeProject artticle.