I have a WCF service that is exposed. In terms of security i need to authenticate it with both client certificates and username password.
Few clients are to be authenticated using client certificates and the others using username password.
When i configure the service to use client certificates the IIS --> SSL settings needs to be configured for SSL Require. Doing so the other clients who do not have a client certificate cannot access the service.
How do i go around on this problem?
I think i did find a solution to the above problem.
You just need to have the services in different folders under the virtual directory.
Once you have the services as above in IIS just select the folder that does client certificate authentication and set the folders SSL Settings.
NOTE: In IIS you can set the settings for each folder using web.config or in the IIS features view for each folder.
That way you can achieve multiple authentications.