X509 certificates and multiple services. RRS feed

  • Question

  • Hi,


    I have been trying to put together a B2B scenario using X509 certs and WCF and I'm running up against a brick wall.

    My scenario is as follows:


    3 entities: Client C, Service S1, Service S2.


    The process flow is as follows: Client C makes synchronous calls to service S1, which in turn makes synchronous calls to service S2.


    The location of the entities is as follows:

    Client C makes calls across the internet.

    Service S1 is between 2 firealls in a DMZ

    Service S2 is on an intranet.


    The services all use wsHttpBinding.


    The security scenario I want to implement is as follows:


    Client C signs and encrypts a mesage using its X509 cert.

    It submits the message to Service S1.

    Service S1 authenticates the signature but does not decrypt the message.

    Service S1 forwards the message to Service S2.

    Service S2 authenticates and decrypts the message.

    Service S2s response is a reverse of this process.


    I cannot work how to implement this. Is this even possible with WCF?

    Can a service be configure to route messages to another service without having to decrypt the messages?


    Any insight anybody has would be greatly appreciated.


    Wednesday, October 10, 2007 1:45 PM