1

I have two windows application servers (server 1 and 2) hosting wcf services. Server 1 consumes services from Server 2.

Server 2 is within the network domain and this hosts TCP based endpoints as standalone services. (not hosted in IIS).

Server1 is outside of the domain (hosting server) and it hosts HTTP based wcf services. (hosted in IIS). This communicates with the wcf services hosted in server 2 using nettcpbinding. (currently with 'security mode = none')

I want to secure the communication between Server 1 and 2. I thought the solution could be to implement message level security to encrypt the communication. But I don't know if this is possible since I cannot used windows credentials on the client services (Serve 1 services) which are not part of the domain or is there a way we could do this ?

What other options do I have to achieve message level security in the communication between server 1 and 2 ?

Seymour
  • 7,043
  • 12
  • 44
  • 51
Everything Matters
  • 2,672
  • 4
  • 25
  • 42

1 Answers1

2

WCF Services can use X.509 certificates to provide client authentication and message security.
WCF Message security can use the WS-Security “Message Security X.509 Certificate Token” specification to secure messages. The specification describes enhancements to Simple Object Access Protocol (SOAP) messaging to ensure confidentiality, integrity, and authentication at the SOAP message level.

WCF Message Security X.509 Certificate Token example binding: 

<wsHttpBinding>
  <binding name="MyBinding">
    <security mode="Message>
      <message   
       clientCredentialType="Certificate"/>
    </security>
  </binding>
</wsHttpBinding>

The following links provide good reference information:
http://msdn.microsoft.com/en-us/library/ms733102(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/ff648360.aspx
How can I configure WCF to use x509 certificates over the internet?

Community
  • 1
  • 1
Seymour
  • 7,043
  • 12
  • 44
  • 51
  • Thanks. I am hoping I can use X.509 with my net.tcp endpoints. Is that right ? – Everything Matters Mar 21 '14 at 16:12
  • Certificate authentication with netTcpBinding. You will have to configure the binding to use message security and configure the client credentials to use the certificate. To provide message protection at the message level, you will have to configure a service certificate as the service credentials. The certificate will negotiate a session key and service public key during the handshake, which will allow you to encrypt the content with the service certificate public key and sign the content with the private session key. – Seymour Mar 23 '14 at 20:19