How do I implement Client Certificate authentication the right way?

Question

WCF is extremely extensible and has a lot of ready-to-use features, however I continue struggling with some topics and the more documentation I read, the more I get confused

Answer 1

In your scenario, you don't need to configure certificates in WCF, IIS handles those for you. You can clear the entire block, because:

The of specifies an X.509 certificate that will be used to authenticate the service to clients using Message security mode, which you do not use, and the of defines an X.509 certificate used to sign and encrypt messages to a client form a service in a duplex communication pattern.

See here how to map client certificates to user accounts.