How to Authenticate Users with Certificates

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Client certificates can authenticate a client service account or multiple users to a WCF service. If you use a client certificate for each user, you can map each certificate to a Windows account.

Use the following steps to authenticate users using a client-side certificate:
  1. Install the service certificate on the WCF service machine.
    • If you are using message security, configure service credentials to set the name and location of the service certificate.
    • If you are using transport security with wsHttpBinding, install the service certificate on IIS and configure the virtual directory to require SSL and client certificate.
  2. Configure the service to use certificates for client credentials type as show in the following example:
      <wsHttpBinding>
        <binding name="WSHttpBinding_ICalculator">
          <security mode="Message">
*            <message clientCredentialType="Certificate" />*
          </security>
        </binding>
      </wsHttpBinding>
  1. Install the service certificate on the client machine.
  2. Configure the endpoint behavior to set the name and location of the client certificate.

Note: Make sure the root CA certificate is in the Trusted Root Certification Authorities location on both the server and client machines.

Additional Resources

Last edited Jun 13, 2008 at 5:49 PM by prashantbansode, version 1

Comments

No comments yet.