I have created the WCF service with Certificate Authentication and it works well on the Client side, We have an strange query from client side they requested for extra certificates with no limits I am not sure why they have asked, Any guess for this query
would be really appreciated.
As you said that certification authentication is used, do you mean the transport layer authentication(using certificate for client authentication over HTTPS/SSL) or message layer security authentication?
Also, for the extra certificate requested, would you provide some more explanation on it? Is your WCF service client asking for adding more than one certificate in the service operation call as authentication credentials or require the service side to provide
more certificates for the identity of the WCF service?
for message layer security, WCF does provide means for client to add multiple security tokens for authentication purpose. This is done by the "Supporting Token" feature:
Thanks Steve for your detail response, Security authentication is on Message Layer and client have ask for extra ceritificate with no limit so that they can install on the different servers, I hope this makes sense to you.
shabbir_215
Member
427 Points
420 Posts
WCF Extra certificates required
Feb 28, 2012 02:28 PM|LINK
HI All,
I have created the WCF service with Certificate Authentication and it works well on the Client side, We have an strange query from client side they requested for extra certificates with no limits I am not sure why they have asked, Any guess for this query would be really appreciated.
Thanks in Advance,
Shabbir
Steven Cheng...
Contributor
4219 Points
548 Posts
Microsoft
Moderator
Re: WCF Extra certificates required
Mar 02, 2012 05:43 AM|LINK
Hi shabbir,
As you said that certification authentication is used, do you mean the transport layer authentication(using certificate for client authentication over HTTPS/SSL) or message layer security authentication?
Also, for the extra certificate requested, would you provide some more explanation on it? Is your WCF service client asking for adding more than one certificate in the service operation call as authentication credentials or require the service side to provide more certificates for the identity of the WCF service?
for message layer security, WCF does provide means for client to add multiple security tokens for authentication purpose. This is done by the "Supporting Token" feature:
#WCF Supporting Tokens
http://blogs.msdn.com/b/appsec/archive/2007/03/04/wcf-supporting-tokens.aspx
#Authenticating users with Supporting Tokens in WCF
http://weblogs.asp.net/cibrax/archive/2008/01/22/authenticating-users-with-supporting-tokens-in-wcf.aspx
Not sure if this is what they expect.
Feedback to us
Microsoft One Code Framework
shabbir_215
Member
427 Points
420 Posts
Re: WCF Extra certificates required
Mar 02, 2012 08:06 AM|LINK
Thanks Steve for your detail response, Security authentication is on Message Layer and client have ask for extra ceritificate with no limit so that they can install on the different servers, I hope this makes sense to you.
Best Regards,
Shabbir