Over the past few months, several people have asked me how to accept client certificates on a service. The scenario is something like the following:
This discussion was happening enough that I thought it beneficial to have a quick sample to point to. Here’s my approach to the scenario:
The trick is to check the certificate thumbprint in ServiceAuthorizationManager on the Service. This allows the service to trust a large number of certificates from lots of different issuers. You just lookup the certificate in your store (DB, Azure storage, etc.).
This isn’t the only way to tackle the problem, but I think it gets the job done.