Answered by:
Securing WCF Duplex Connections

Question
-
Hi,
How Can I secure communications over a WCF Duplex connection using certificates? Can someone point me to an example?
Thanks,
Bob
- Edited by Bob12543 Friday, March 6, 2015 8:04 AM
- Moved by Kristin Xie Monday, March 9, 2015 7:11 AM move to better forum
Friday, March 6, 2015 7:47 AM
Answers
-
Hi,
For this scenario, you could refer to the following information about using certificates on WCF:
http://www.codeproject.com/Articles/36683/simple-steps-to-enable-X-certificates-on-WCF
https://sites.google.com/site/srinivasnzd/wcf-cunpv-wsdualhttpbinding
Besides, in the more typical request-reply pattern, the client includes its certificate in the request, which the service uses to secure its response back to the client. The duplex communication pattern, however, has no requests and replies. The service cannot infer the client's certificate from the communication and therefore the service requires the client's certificate in advance to secure the messages to the client. You must obtain the client's certificate in an out-of-band manner and specify the certificate using the <certificate> of <clientCertificate> Element when the service must have the client's certificate in advance to communicate securely with the client..
For more information, you could refer to:
https://msdn.microsoft.com/en-us/library/ms731199(v=vs.110).aspx
Regards
- Marked as answer by Shawn Zhao Tuesday, March 17, 2015 1:49 AM
Monday, March 9, 2015 9:16 AM
All replies
-
please see this landing page from MSDN for all your queries related to WCF security - this is recommended reading to get started on securing your wcf services.
hope this helps!
Friday, March 6, 2015 8:04 AM -
I have gone through these before , but none of them show an example of securing a duplex service via certificates.
-Bob
Friday, March 6, 2015 8:24 AM -
Hi,
For this scenario, you could refer to the following information about using certificates on WCF:
http://www.codeproject.com/Articles/36683/simple-steps-to-enable-X-certificates-on-WCF
https://sites.google.com/site/srinivasnzd/wcf-cunpv-wsdualhttpbinding
Besides, in the more typical request-reply pattern, the client includes its certificate in the request, which the service uses to secure its response back to the client. The duplex communication pattern, however, has no requests and replies. The service cannot infer the client's certificate from the communication and therefore the service requires the client's certificate in advance to secure the messages to the client. You must obtain the client's certificate in an out-of-band manner and specify the certificate using the <certificate> of <clientCertificate> Element when the service must have the client's certificate in advance to communicate securely with the client..
For more information, you could refer to:
https://msdn.microsoft.com/en-us/library/ms731199(v=vs.110).aspx
Regards
- Marked as answer by Shawn Zhao Tuesday, March 17, 2015 1:49 AM
Monday, March 9, 2015 9:16 AM