Reputation: 383
Server certificate vs Client Certificate
I'm using a Winforms client to connect to a WCF service hosted in IIS. The Winforms application will be available to customers to download and install on their computers. The customers have to login to the application using their username/passwords. I want a secure HTTPS enabled communication between the client application and the WCF. What is the best practice to provide such a functionality? Should I use client certificates or just a server certificate? Any input is much appreciated. Thanks.
Upvotes: 0
Views: 906
Answers (2)
Reputation: 1377
As you already authenticate the user with password, client certificate authentication is not needed. To ensure the communication is secured use a self-signed server certificate. In case if the clients needs to verify that they are connecting to the correct server then you need to get a signed certificate from a third party CA like verisign which could cost you atleast 100$.
Upvotes: 0
Reputation: 6316
You have to have a server certificate.
If you want stronger authentication you can use client certificates. There is an administration of certificates overhead and potentially other costs to that though: Using certificates from a provider, generating them yourself, maintaining list of revocations and so on.
Upvotes: 1
Related Questions
- Using certificate only on server side
- SSL Server-side certificate on client computer?
- Wcf with certificate as ClientCredentials
- C# WCF communication with client certificate
- Client certificate authentication WCF
- WCF Service on Client Side - SSL Certificate
- Please explain the concept of Client Certificates in WCF
- WCF Client Certificate Authentication
- confusion about Certificates
- Client certificates in wcf