I have two windows application servers (server 1 and 2) hosting wcf services. Server 1 consumes services from Server 2.
Server 2 is within the network domain and this hosts TCP based endpoints as standalone services. (not hosted in IIS).
Server1 is outside of the domain (hosting server) and it hosts HTTP based wcf services. (hosted in IIS). This communicates with the wcf services hosted in server 2 using nettcpbinding. (currently with 'security mode = none')
I want to secure the communication between Server 1 and 2. I thought the solution could be to implement message level security to encrypt the communication. But I don't know if this is possible since I cannot used windows credentials on the client services (Serve 1 services) which are not part of the domain or is there a way we could do this ?
What other options do I have to achieve message level security in the communication between server 1 and 2 ?
WCF Services can use X.509 certificates to provide client authentication and message security.
WCF Message security can use the WS-Security “Message Security X.509 Certificate Token” specification to secure messages. The specification describes enhancements to Simple Object Access Protocol (SOAP) messaging to ensure confidentiality, integrity, and authentication at the SOAP message level.
WCF Message Security X.509 Certificate Token example binding:
<wsHttpBinding>
<binding name="MyBinding">
<security mode="Message>
<message
clientCredentialType="Certificate"/>
</security>
</binding>
</wsHttpBinding>
The following links provide good reference information:
http://msdn.microsoft.com/en-us/library/ms733102(v=vs.110).aspx
http://msdn.microsoft.com/en-us/library/ff648360.aspx
How can I configure WCF to use x509 certificates over the internet?