Configuring Security Certifactes
After you have a certificate, you can use it to authenticate yourself to the service. To set the service up to handle the certificate, configure the endpoint in web.config
This probably looks familiarand it should, because it's almost identical to the way that you set up the configuration for Windows authentication earlier. All you have to do is change the message client credential type to 'Certificate'.
To recapeach service is configured with a service description in web.config
that specifies the endpoint and the behavior. The endpoint specifies the binding. The binding specifies the security type. The knee bone is connected to the thigh bone, etc.
Finally, you need to set up the binding behavior to inform the service of the certificate and how to handle it. To do that, you configure the behavior (pointed to by the service configuration) to recognize the certificate. You would do it something like this:
As you can see, the preceding behavior is set up with service credentials configured to use a service certificate.
On the server side, pulling information out of the security context is a little different. Because this is certificate-based, you don't use the Windows Principal objectyou use the ServiceSecurityContext object instead (found in the System.ServiceModel namespace, the core of WCF) like this:
String strName = ServiceSecurityContext.Current.
Setting up your client to pass certificates to the server is also pretty straightforward. You simply generate the proxy using the svcutil
tool (see the WCF primer
article for more details) and consume the proxy within your client code.
Security is at the heart of the Windows Communication Foundation, which has been designed carefully to allow you to build security into your applications as unobtrusively as possible. As demonstrated in this article, you were able to build a service/client pair for Windows-based and Certificate-based WSSecurity without changing your code in any great waythe changes were all configuration driven. This is the heart of WCF; it lets you concentrate on building business logic, and then empower it for secure, reliable, and transactable connectivity in as easy a way as possible.
At this point, getting WCS up and running with a development environment is difficult, but that will improve over time. By carefully following the installation procedures and sequences described in this article, you should be able to get up and running quickly (it took me several days to set up my first system, but after working out the kinks and following the installation procedures, I got it down to a couple of hours). The best resource to work from (other than this article!) is to unzip the Allsamples.zip
file that gets installed with the WinFX SDK. I recommend that you use those samples as a reference for configuring security in your WCF applications, as there are many examples, each having a configuration for each type of security methodology. Above all, have fun!