Client Authentication using X 509 certificates

I am a WSE newbie and am trying to authenticate a client application (written in .NET) to a web service (written in .NET) using WSE 3.0. All I care about is authenticating the client and do not care about encryption or mutual authentication.

When I am using the WSE 3.0 wizard to generate the client side policy file, it forces me to enter the name of a server certificate (which does not seem right) along with the client cert (which is right). My understanding is that the server cert (only the public key is needed on the client) is needed to authenticate the server, as in a mutual authentication scenario.

Now if my use-case is only to authenticate the client, and not care to authenticate the server, how do I do that in WSE 3.0.

If I install a server cert on the server, the public portion of the server cert on the client, and the client cert (both private and public) on the client, and follow the prompts, everything seems fine. But I do not want to enter the server certificate,

How do I do this in WSE 3.0 Any help will be greatly appreciated.

.NET Development20

Hi,

You are right, the MutualCertificateAssertion requires the service public key on the client side. As you said, it is mainly used to authenticate the service.

There is no way to change this behavior unless you write your own custom security assertion, and this option requires a lot of custom code.

Regards,

Pablo.

Thanks Pablo -- although I think that if we select to use the option to sign only, even though we need to specify the server-side public key on the client, the server-side public cert probably does not get used.

I believe someone on the WSE forum could help you better. Moving thread.