In this post I will explain how you can build an Windows Communication Foundation web service and client which use a Username and Password combination to authenticate a user. The most difficult action is to create a X509 certificate which is used to encrypt messages passed back and forward to the server.

In this application we will use WCF’s wsHttpBinding and message level security provided by an X509 certificate. The X509 certificate encryption is required by WCF because the client credentials (username/password) are passed as clear text in the SOAP message.

There is one problem that we will face during this series of posts. WCF is reluctant to accept a test certificate, it requires a lot of extra work to get it done. However once you understand the steps that you need to take, you will find it an repetitive but easy task.

I hope you find this post useful. If you have any questions or comments, feel free to post them as reactions on this post. Enjoy!

Read the rest of this entry »