none
How certificate works with wcf to encrypt decrypt data RRS feed

  • Question

  • i saw people use certificate to encrypt decrypt data for security. certificate has two key one public and one private

    1) i like to know which key is used to encrypt data from service end ?

    2) which key is used to decrypt data at client end and again how response is encrypted from client side to service ?

    3) how public key is push to client side ?

    4) when certificate is used then fiddler can show data or not ?

    5) various file format for certificate. one i know which is cert?

    please answer my question point wise. thanks

    Thursday, April 23, 2015 2:02 PM

Answers

  • Hi Mou_kolkata,

    When we use the certificate authentication in the WCF Service, we will need to install the service certificate and the client certificate as you said. Then in the client side, the client will use the service public key to encrypt the message and send to the service and the service will use the service private key to decrypt the message. Besides, in the service side, it will use the the client public key to encrypt the message and send to the client. Then the client will use the client private key to decrypt the message.
    For viewing data from a WCF Service with certificate authentication using the fiddler, please try to refer to this article:
    https://shankarsbiztalk.wordpress.com/2011/09/21/using-fiddler-to-view-https-data-when-consuming-a-service-from-a-wcf-client/ .
    For the file format of the certificate, please try to refer to the following thread:
    http://stackoverflow.com/questions/7031664/ssl-certificate-file-type .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by accado liao Tuesday, May 5, 2015 3:21 AM
    • Marked as answer by Mou_kolkata Tuesday, May 5, 2015 7:46 PM
    Friday, April 24, 2015 6:53 AM
    Moderator
  • Hi Mou_kolkata,

    For how to use the certificate authentication, we need follow the below steps:
    • Create certificate to act as a root certificate authority
    • Install root certificate
    • Install service certificate on server
    • Export client certificate
    • Import certificate on client
    • Configure WCF Service
    • Configure client(s)

    For more information, please try to refer to:
    #WCF certificate authentication:
    http://consultingblogs.emc.com/matthall/archive/2009/10/22/client-certificate-authorisation-with-wcf-in-development-environments.aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by accado liao Tuesday, May 5, 2015 3:21 AM
    • Marked as answer by Mou_kolkata Tuesday, May 5, 2015 7:46 PM
    Tuesday, May 5, 2015 3:20 AM
    Moderator

All replies

  • Hi Mou_kolkata,

    When we use the certificate authentication in the WCF Service, we will need to install the service certificate and the client certificate as you said. Then in the client side, the client will use the service public key to encrypt the message and send to the service and the service will use the service private key to decrypt the message. Besides, in the service side, it will use the the client public key to encrypt the message and send to the client. Then the client will use the client private key to decrypt the message.
    For viewing data from a WCF Service with certificate authentication using the fiddler, please try to refer to this article:
    https://shankarsbiztalk.wordpress.com/2011/09/21/using-fiddler-to-view-https-data-when-consuming-a-service-from-a-wcf-client/ .
    For the file format of the certificate, please try to refer to the following thread:
    http://stackoverflow.com/questions/7031664/ssl-certificate-file-type .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by accado liao Tuesday, May 5, 2015 3:21 AM
    • Marked as answer by Mou_kolkata Tuesday, May 5, 2015 7:46 PM
    Friday, April 24, 2015 6:53 AM
    Moderator
  • 1) u said "we will need to install the service certificate and the client certificate"

    where to install client certificate ? if i need to install client certificate then it may not be possible because client could be any one.

    2) u said "in the service side, it will use the the client public key to encrypt the message and send to the client"

    r u trying to say service decrypt client message by his private key and service will encrypt data with client public key ?

    3) how client gets public key because when i develop wcf service then consumer could be anyone who pc is not accessible for service developer.

    One Guy answer this question in another forum this way which is still not clear

    1. PersonA : creates public and private key pair

    2. PersonA : Sends Public Key(A) to PersonB

    3. PersonB : Encrypts data with Public Key(A)

    4. PersonB : Sends encrypted Data to PersonA

    5. PersonA : Decrypts encrypted Data with Private Key(A)

    WCF can be setup to do multiple types of encryption and protocols but essentialy what i think you are asking boils down to

    1. Client : Sends "Hello"
    2. Server : Here is my public key
    3. Server : Please send your public key
    4. Client : Here is my (encrypted with server public key)public key
    5. Client : Here is an (encrypted with server public key)request
    6. Server : Here is an (encrypted with client public key)response

    Friday, April 24, 2015 10:42 AM
  • Hi Mou_kolkata,

    For how to use the certificate authentication, we need follow the below steps:
    • Create certificate to act as a root certificate authority
    • Install root certificate
    • Install service certificate on server
    • Export client certificate
    • Import certificate on client
    • Configure WCF Service
    • Configure client(s)

    For more information, please try to refer to:
    #WCF certificate authentication:
    http://consultingblogs.emc.com/matthall/archive/2009/10/22/client-certificate-authorisation-with-wcf-in-development-environments.aspx .

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    • Proposed as answer by accado liao Tuesday, May 5, 2015 3:21 AM
    • Marked as answer by Mou_kolkata Tuesday, May 5, 2015 7:46 PM
    Tuesday, May 5, 2015 3:20 AM
    Moderator