How to: Secure a Service with an X.509 Certificate
Securing a service with an X.509 certificate is a basic technique that most bindings in Windows Communication Foundation (WCF) use. This topic walks through the steps of configuring a self-hosted service with an X.509 certificate.
A prerequisite is a valid certificate that can be used to authenticate the server. The certificate must be issued to the server by a trusted certificate authority. If the certificate is not valid, any client trying to use the service will not trust the service, and consequently no connection will be made. For more information about using certificates, see Working with Certificates.
To configure a service with a certificate using code
Create the service contract and the implemented service. For more information, see Designing and Implementing Services.
Create an instance of the Uri class for the base address of the service. Because the WSHttpBinding uses the HTTP transport, the Uniform Resource Identifier (URI) must begin with that schema, or Windows Communication Foundation (WCF) will throw an exception when the service is opened.
Use the SetCertificate method of the X509CertificateRecipientServiceCredential class to add the valid certificate to the service. The method can use one of several methods to find a certificate. This example uses the FindBySubjectName enumeration. The enumeration specifies that the supplied value is the name of the entity that the certificate was issued to.
The following example uses the SetCertificate method to configure a service with an X.509 certificate.
// Create a binding and set the security mode to Message. WSHttpBinding b = new WSHttpBinding(SecurityMode.Message); Type contractType = typeof(ICalculator); Type implementedContract = typeof(Calculator); Uri baseAddress = new Uri("http://localhost:8044/base"); ServiceHost sh = new ServiceHost(implementedContract, baseAddress); sh.AddServiceEndpoint(contractType, b, "Calculator"); ServiceMetadataBehavior sm = new ServiceMetadataBehavior(); sm.HttpGetEnabled = true; sh.Description.Behaviors.Add(sm); sh.Credentials.ServiceCertificate.SetCertificate( StoreLocation.LocalMachine ,StoreName.My, X509FindType.FindBySubjectName ,"localhost"); sh.Open(); Console.WriteLine("Listening"); Console.ReadLine(); sh.Close();