What is meant by mutual Authentication in WCF?

Question

I am learning WCF from Wrox Professional WCF with .NET Book and while reading the chapter on WCF security I came across the term Mutual Authentication but no explanation is provided.

What is meant by Mutual Authentication in the WCF Context?

PS: There are already some questions on How to implement mutual authentication in the SO site but no question which deals with that it really means and why we use it.

Answer 1

First let me answer the "Why we use mutual authentication" question first:

Often when using some kind of service you want to know for sure who you are talking to, for example when you do online banking you use certificates and SSL to verify you are on the real banks website. This is called server authentication.

Some times when you are performing a really important action the service wants to know for sure the person connecting to it is who they say they are too. Something that goes above and beyond just knowing a username and password. This also can be done with certificates, just like your SSL connection to a website, it just goes in the opposite direction. This is called client authentication

When both of the above are performed it is called mutual authentication.

For your question of "What is meant by Mutual Authentication in the WCF Context?" There is nothing special about WCF's mutual authentication that would make it any different from any other mutual authentication situation other than the implementation details of how you turn it on and set it up.

Answer 2

WCF supports mutual authentication, which identifies both the client and the service in tandem, to help in preventing man-in-the-middle attacks.

check it out. I found the answer in here

Answer 3

In short terms: client authenticates to the service, that he is the actual client (not someone else) and the service authenticates itself to the client, that it is the actual service (not some scamming, password stealing service).

In long terms...