none
WCF Optional Client Certificate RRS feed

  • Question

  • WCF service is configured for client certificate with X509CertificateValidationMode.Custom and a custom X509CertificateValidator.

    Binding is WebHttpBinding with WebHttpSecurityMode.Transport and HttpClientCredentialType.Certificate.

    This setup enforces the client to provide a certificate attached to the request and its working fine with requests which has the certificate.

    Now, I need to process requests which don't have a certificate attached and let them proceed based on some other conditions. but as I've noted it respond 403 before hitting my custom X509CertificateValidator.

    How do I hook into WCF requests come without a certificate?

    • Edited by Sency101 Saturday, March 3, 2018 10:59 PM
    Saturday, March 3, 2018 10:58 PM

All replies

  • Hello Sency101,

    Is it possible to have a separate endpoint?  If so you could just expose two endpoints and have the client choose the appropriate security.

    If not, then I would explore creating a custom certificate validator: https://docs.microsoft.com/en-us/dotnet/framework/wcf/extending/how-to-create-a-service-that-employs-a-custom-certificate-validator


    Cheers, Jeff

    Sunday, March 4, 2018 9:29 PM