Reputation: 2783
Authenticate user with certificate to WCF service
I was reading an article about authenticating User with certificate to WCF service. Please correct me if I'm wrong. As per my understanding each user need a certificate to authenticate. How feasible is this in real world where, there are multiple clients? Is it good option to adopt?
Upvotes: 0
Views: 504
Answers (1)
Reputation: 364389
Yes each user should have his own certificate. Certificate is used for encryption and signing (asymmetric security) and it can be used also for authentication. Authentication can be also provided by another supporting token but that is not supported by default WCF bindings (you must create your own).
To support such scenario you usually need your own certificate authority (CA) which will issue certificates to clients. It can be either use in corporate network where computers usually trusts corporate CA or it can be used over interned but CA's certificate must be issued by well known and trusted certificate authority (like VeriSign).
It is of course feasible in some scenarios. For example banks using client certificates plus some supporting token for connection to internet banking (that is usually web application scenario and not services but it is good B2C example). It is also sometimes used for communication among business partners (E2E / B2B).
Upvotes: 1
Related Questions
- WCF service with certificate authentication: "The caller was not authenticated by the service"
- Certificate based authentication in WCF
- WCF authentication without certificate
- WCF service certificate authentication
- WCF Client Using Certificate and Username/Password credentials?
- Secure WCF Service communication by creating certificate
- SSL Cert for WCF auth
- WCF - Service Certificate with User Name Validation
- Help needed to secure my WCF service using Certificate
- WCF, Security and Certificates