0

When implementing an SSL secured web service with WCF, does the WCF Service require a certificate? Also need to know if the client need to pass the certificate for authentication in order to call an HTTPS enabled WCF service.

I am looking for guidance on designing a secure WCF service where all data will be passed between service and wcf client in a very secure encrypted way, with or without using ssl & certificate. Please advise regarding the available mechanisms to secure the communicate between service & client. discuss all the possibilities. thanks

Seymour
  • 7,043
  • 12
  • 44
  • 51
Thomas
  • 33,544
  • 126
  • 357
  • 626

1 Answers1

0

WCF Services that expose https (SSL) bindings need to have a Service certificate.

Web Service clients do not need certificates unless you are attempting to use mutual authentication.

The following link provides a step by step overview of configuring an IIS-hosted WCF service with SSL:
http://msdn.microsoft.com/en-us/library/hh556232(v=vs.110).aspx

In the event that you do not want to use certificates, the following may help:
WCF message security without certificate and windows auth

Community
  • 1
  • 1
Seymour
  • 7,043
  • 12
  • 44
  • 51
  • i heard that when we use certificate with wcf service then client also need to install certificate which i do not want. i want my wcf service will use https and certificate but the whoever client will consume our service they will not require to install & pass certificate. so guide me how to do it. thanks – Thomas Apr 02 '14 at 06:58
  • what is mutual authentication in wcf ? – Thomas Apr 02 '14 at 07:17
  • The following seems to provide the information you need: http://stackoverflow.com/questions/10870677/using-wcf-ssl-certificate-over-tcp-without-client-certificate-server-side-only – Seymour Apr 02 '14 at 10:55