I need advice on how to secure my WCF web service hosted in IIS. I am new to WCF and would appreciate any sample code, articles to help me restrict access to my WCF service.
I am in the process of testing and deploying a WCF service that will be available on the internet. I need to secure the web service so that only authorized clients can use the service. I need to be able to detect who the client is making the call to the service. The group I am building this service for wants to use Certificate authentication or IP address to Identify the themselves to call my web service. They do not want to use user name and password.
I have found several articles and code snippets for getting the IP address of the client and Certificate authentication. The problem I found using trying to get the IP address of the client is that since my web service his hosted behind a F5 or some type of reverse proxy I cannot get the true IP of the client. The IP that the web services get is the IP of the F5 or the reverse proxy.
For Certificate Authentication I followed the directions from the 9 simple steps to enable X.509 certificates on WCF located here http://www.codeproject.com/KB/WCF/9S
View Complete Post