Transport Security with WCF, IIS, along with client authentication.. is it possible or not?

问题

I can find out few similar questions on SO regarding this, but I am quite unsure about the answer to this. I get more and more confused as I read through different posts on this. So asking this for my satisfaction.

I have a WCF Service hosted on IIS. and I have a client which connects to this service and invokes a method. I now try to use certificates to make use of transport security.

On the client side I have a config

<bindings>
  <basicHttpBinding>
    <binding name="testBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate"  proxyCredentialType="Basic"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

<behaviors>
  <endpointBehaviors>
    <behavior name="testBehavior">
      <clientCredentials>
        <clientCertificate storeLocation="LocalMachine" storeName="My" x509FindType="FindBySubjectName" findValue="client007"/>
      </clientCredentials>
    </behavior>
  </endpointBehaviors>
</behaviors>

On the server side I have a configuration

<behaviors>
  <serviceBehaviors>
    <behavior name="testServiceBehavior">
      <serviceMetadata httpsGetEnabled="true"/>
      <serviceDebug includeExceptionDetailInFaults="true"/>
      <serviceCredentials>
        <clientCertificate>
          <authentication certificateValidationMode="PeerTrust" trustedStoreLocation="LocalMachine"/>
        </clientCertificate>
      </serviceCredentials>
    </behavior>
  </serviceBehaviors>
</behaviors>

<bindings>
  <basicHttpBinding>
    <binding name="testServiceBinding">
      <security mode="Transport">
        <transport clientCredentialType="Certificate"/>
      </security>
    </binding>
  </basicHttpBinding>
</bindings>

Now, the scenario I want is, only the client which has its public key installed on the trusted people of the server can only access the service.

But in my case, whether I install a public key in the trusted people or not. I can access the service with any certificate I self create.

I checked the anonymous authentication was enabled, is it because of this? When I disable anonymous access I get a error saying

the http request is unauthorized with client authentication the authentication received from the server was basic realm

How do I make sure only that client whose public key is on the server can access the service?

Does this kind of validation not work with transport security? Please help me. thanks

来源：https://stackoverflow.com/questions/16074052/transport-security-with-wcf-iis-along-with-client-authentication-is-it-possi