I'm new to WCF, and wanted to know if it is possible to do Message Security, where I use a x.509 certificate for the service only, and for client security do windows credentials, is this acceptable, does it work? Tried searching the web, but either no discuss on this approach exists, or I have put the wrong wording in my google search, any help is much appreciated, thank you all.
basically, I'd have this in my binding:
<wsHttpBinding>
<binding name="msgBinding">
<security mode="Message">
<message clientCredentialType="Windows" />
</security>
</binding>
</wsHttpBinding>
and on my behavior:
<behavior name="wsHttpCertificateBehavior">
...
<serviceCredentials>
<serviceCertificate findValue="MyCert" x509FindType="FindBySubjectName" storeLocation="CurrentUser" storeName="My" />
</serviceCredentials>
</behavior>
Why are you trying to do this? What are your security requirements?
Are you trying to use a Service Cert to secure the message transfer and then use windows security for the client for authentication and authorization?
Windows security only works if you are on the same domain or have some sort of federated security set up. If you are on the same domain just use windows security for both. If you are not on the same domain then you can't use windows credentials for the client because the server will have no way of validating them. You would either have to use a client certificate that was issued by the certificate authority on your service side or use custom credentials.
If however you are on the same domain but still require a service side cert then you have to specify the serviceCertificate in the service's config file and define an endpoint address with HTTPS, that is if you are hosting as a stand alone service. If you are hosting in IIS then you define the certifice in the IIS website's setup.
You may find this useful Application Deployment Scenarios