Backgorund: I am using Client Application Services with a WPF client. The client talks to a Forms authenticated web site. I am using the Forms token to protect web services that the client uses to get information from the web site. I am protecting the
web services with certificates, both server and client. Issue: All the web services are protected against man-in-the-middle attacks. The test I am using is to load Fiddler on the client and allow it to install certificates. The presence of fiddler as man-in-the-middle
is detected by all the web services but not by the validation request of Client Application Services. I am able to read the user name and password from that message using Fiddler. How can I get client application services to use the certificates?
View Complete Post