-
-
Last week I did a Live Learning event of Hosting and Calling WCF Services (should be posted soon). Towards the end, someone asked a question about implementing PKI security with WCF. I misunderstood the question, so wasn't quite sure what to say. After the session, I realized what was being asked and would like to anser the question here.
PKI is Public Key Infrastructure. This enables you to authenticate users by using certificates. You can specify what credential type you want to use to secure a WCF service. One of the options is Certificate. If you specifiy Credential as the type, then the client passes a certifcate to the service in order to be identified and authenticated.
In the WCF course, I have a chapter on security and there are several examples of using certificates to authenticate users. One of the scenarios in the chapter covers the following situation: Users on the network communicate with the service over TCP. Because they have already logged onto the network, the service can easily authenticate them and know who they are. Users can also access the service over the company wireless network. But guests can also access the wireless network, so you want a way to control access to the service. So you host the WCF service on the intranet and then use Basic Authentication to authenticate users. To do this, you use a server certificate. The application presents a login screen to the users, who supply their network id and password. The client passes these to the WCF service.
So the answer to the question is that WCF has full support for PKI and using certificates to authenticate clients that call services.
Robert