Hi,
I secure my server by a combination of clientcredentials and certificate.

I use thiss endpoints

[ServiceContract(Namespace = "urn:ConfigTeset")]
public interface IData
{
[OperationContract]
bool IsAuthenticated(string upnName);

[OperationContract]
string GetGroups(string upnName);
}

This is how I connect to the server

using System;
using System.Collections.Generic;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Security;
using System.ServiceModel.Channels;
using System.Runtime.Serialization;
using Objects;

namespace RodalWCFWFF_Client_Infra
{
public class Wcf
{
public static EndpointAddress GetEpa()
{
EndpointAddress epa = new EndpointAddress(Properties.Settings.Default.Proctocol +
"://" + Properties.Settings.Default.Server + ":" + Properties.Settings.Default.Port +
"/" + Properties.Settings.Default.EndPoint + "/");
return epa;
}

public static WSHttpBinding getBinding()
{
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
binding.MaxReceivedMessageSize = 2097152;
return binding;
}

public static IData getProxy()
{
//NOT FOR PRODUCTION MODE
//THIS IS TO SKIP THE CHECK FOR THE CERTIFICATE TO SEE WHO THE GIVER IS.
//IT WILL NOW ACCEPT ALL CETIFICATE OF HTTPS-RodalServer WITHOUT CHECK WHO IT COMES FROM
PermissiveCertificatePolicy.Enact("CN=HTTPS-RodalServer");
Objects.LoginCredentials.Username = "test3";
Objects.LoginCredentials.Password = "Test3";
//END NOT FOR PRODUCTION MODE
ChannelFactory<IData> cf = new ChannelFactory<IData>(getBinding(), GetEpa());
cf.Credentials.UserName.UserName = Objects.LoginCredentials.Username;
cf.Credentials.UserName.Password = Objects.LoginCredentials.Password;
IData proxy = cf.CreateChannel();
return proxy;
}
}
}

This is my server code

using System;
using System.Collections.Generic;
using System.Text;
using System.ServiceModel;
using System.ServiceModel.Channels;
using System.ServiceModel.Configuration;
using System.Runtime.Serialization;
using System.ServiceModel.Description;

namespace RodalServer
{
class MyServiceHost : ServiceHost
{
public MyServiceHost(Type serviceType, params Uri[] baseAddresses)
: base(serviceType, baseAddresses)
{
Console.WriteLine("Configuring Host...");
}

protected override void ApplyConfiguration()
{
string straddress = GetAddress();
Uri address = new Uri(straddress);
Binding binding = GetBinding();
base.AddServiceEndpoint(typeof(IData), binding, address);

}

string GetAddress()
{
string Server = Properties.Settings.Default.Server;
string EndPointAddress = Properties.Settings.Default.EndPoint;
string Port = Properties.Settings.Default.Port;
return Server + ":" + Port + "/" + EndPointAddress + "/";
}

Binding GetBinding()
{
WSHttpBinding binding = new WSHttpBinding();
binding.Security.Mode = SecurityMode.Transport;
binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.Basic;
binding.MaxReceivedMessageSize = 2097152;

return binding;

}

}
}
ANd this is how I call it

string Server = Properties.Settings.Default.Server;
string Port = Properties.Settings.Default.Port;
string EndPoint = Properties.Settings.Default.EndPoint;
Uri baseaddress = new Uri(Server + ":" + Port + "/" + EndPoint);
MyServiceHost host = new MyServiceHost(typeof(Data), baseaddress);
host.Open();

I use the followinf code to skit the root check as I use a certman generated certificate.

PermissiveCertificatePolicy.Enact("CN=HTTPS-RodalServer");

I need now to buy a real certificate, where and what certificate do I buy, and how do I generate the CSR for it.

I looked at thawt, they have trial certificates, I wanted to try that to make sure I buy the right certificate, but there are so much options that I don't know what to take

Thanks
RNBY