WCF Transport Authentication With x509 Certificate

Sudhakarj21
Posted by in WCF category on for Intermediate level | Views : 13220 red flag

WCF Security is very import when exposed to outside world. To enable Business to Business service it is always better to go with certificate authentication.
Introduction

Security is one of the key in WCF service configuration. WCF supports two modes of security modes

1. Transport
2. Message

Transport security secures the entire communication channel. Mainly used for point to point communication scenarios. There will be not intermediate handler in this scenario. So the entire communication channel is secured by using SSL.

Transport security offers many modes for authenticating client through Windows, HTTP NTLM and x509 Certificate. But for B2B scenarios Certificate Authentication is the industry standard.

Configuring this scenario requires knowledge on
1. WCF Security Settings
2. IIS / SSL
3. X509 Certificate Validation Process

We will go through wsHttpBindning because that is the default binding used in Internet Scenario

WCF Security Settings


· All bindings are supported in this mode except wsDualHttpBinding
· SSL Request mode will be enabled and Server Certificate details are used to validate the request

IIS / SSL
. Server Certificate is binded in IIS. Subject name should be the same as server name to avoid issues

. Set Require SSL setting in IIS to allow users having proper certificate



X509 Certificate Validation Process

. Client is validate with a x509 Certificate

. Root Certificate Authority(CA) of the client certificate should be part of trusted Authority in server trusted store

. Chain Validation is the default validation process. Certificate is validated based on CA

. In WCF Code all Auhentication details are stored in Claims collection which can be used to validate certificates agains custom data or for authrization purpose
.... More update coming soon.....

Conclusion

x509 certificate enhances the service security model in B2B scenarios.

Page copy protected against web site content infringement by Copyscape

About the Author

Sudhakarj21
Full Name: Sudhakar Kottapalli
Member Level: Bronze
Member Status: Member
Member Since: 10/5/2009 7:05:50 AM
Country:



Login to vote for this post.

Comments or Responses

Login to post response

Comment using Facebook(Author doesn't get notification)