How to configure security when calling WCF Service from .Net 2.0 Client

Question

I have a WCF service up and running and am able to communicate between the service and a .Net 2.0 Client using basicHttpBinding.

I now need to lock down the WCF se

Answer 1

You security will be covered by the ssl.

For authentication you have two options - basic (username and password) or certificate.

Here is a video that demonstrates configuring certificate authentication.

In that you are configuring the security elements of the basicHttpBinding shown below:

  
    
      
    
  

There is also a good page on this here. Google on clientCredentialType and you should find yourself on the right track soon enough.

For setting up the client certificates you are after the wse* policy file.

You will need to work out how you will provide the client certificate to the various sites.- that depends on security concerns of the project. There are various ways (none of which I can remember sorry, I last did this for wse* to wse* about two years ago so the details are forgotten, but it is certainly possible, took a few days solid research to find a good method).