This processes confuses me. With a WCF Service and Mutual Authentication it is said that on the client there MUST be the service certificate and obviously client cert. And on the web service server there MUST be the client cert and the service certificate as well.
What is the situation or under what situation, given the web service certificate is not installed on the client
, would the client work and interact or consume the web service without any contract faults being thrown or anything indicating service authentication failed?
The web service has something like this:
<transport clientCredentialType="Certificate" />
<serviceMetadata httpsGetEnabled="true" />
<serviceDebug includeExceptionDetailInFaults="True" />
<authentication certificateValidationMode="PeerOrChainTrust" />
<serviceCertificate findValue="23423D2E2D1" storeLocation="LocalMachine" storeName="My" x509FindType="FindBySerialNumber" />
<serviceHostingEnvironment multipleSiteBindingsEnabled="true" />
<service behaviorConfiguration="TestService" name="TestService">
<endpoint binding="wsHttpBinding" bindingConfiguration="WSSecurityBindings" name="AtEndPoint" bindingNamespace="TestWebService" contract="TestWebService.ITestService" />
<endpoint address="mex" contract="IMetadataExchange" binding="wsHttpBinding" bindingConfiguration="WSSecurityBindings" />
If I am able to access the web service with using my client certificate but yet I do not have the service certificate on my client machine then how is it doing mutual authentication?
Any information on this would be greatly appreciated so this is understood.