2

We have a wcf service hosted in IIS. We like to restrict the client callers to known clients so we implemented a custom X509CertificateValidator. The service is configured with WSHttpBinding binding and IIS set to SSL and require client certificate. Everything is working as expected.

However, we found that we have other aspx pages hosted within the same site that should not require client certificate. It breaks our usage pattern.

I read that turning the IIS setting from Required Client Certificate to Accept Client certificate does not work. I tried this out, while still passing in the client cert from client and it seems to invoke my custom validator. However, using wcf proxy library, I'm unable to call it without a client cert to verify not passing one in.

If "accept client certificate" is not an option, what is the best alternative? Adding some type of message inspector?

Thanks very much in advance.

4

0 回答 0