WCF: Transport Security with User Name + Client Certificate


Vast world of WCF provides endless possibilities to handle the security.

This is one interesting scenario, where service needs to get dual layer of credentials.

Along with the valid user name and password, it also expects the client application to send a valid client certificate.




Security: Transport/SSL

Client Credentials: User Name along with valid Client Certificate


IIS Settings:





 Client certificate:




WCF Service:



End Point:


 Service Behavior:


Certificate Validator:



Password Validator:





WCF Client




End Point:


 Client end point behavior:




  1. From above sample we have set the User name validator class on service to check the User name coming via client application.
  2. We also create a Certificate validator class on service to check the incoming certificate, here we are verifying the Thumbprint value.
  3. Failure of either validator will result in respective error and client will be treated as un-authenticated.



Hope this helps in implementing this interesting security configuration.