We have a service that is currently using basicHttpBinding. We have the flexibility to convert it to netTCPBinding. While deploying it in IIS 7, we are using authentication as Anonymous. The service is accessed by a website hosted in IIS in same network.
Our client raised a concern about anonymous authentication and he doesn’t want unwanted users (in the office network) to use it. The point is people can create their own sample website and consume the service.
Suppose I am using Transport Credential Type as “Certificate“, will it meet my requirement? I.e., only users having the client certifcate can access the service? Can you direct me to any article that explains how to implment it?
<endpoint address=""
binding="basicHttpBinding"
I have referred the following
http://msdn.microsoft.com/en-us/library/ms731092.aspx
Note:The consuming website in IIS uses Windows Authentication: Enabled, ASP.NET impersonation: Enabled
Thanks
My suggestion is to convert to netTCP and use the certificate authentication . Share the certificate only with the website which access the web service. Below link will help you to achieve the certificate security in WCF
http://www.codeproject.com/Articles/36683/9-simple-steps-to-enable-X-509-certificates-on-WCF