1. Why we use WCF
In fact , we can use Web Service or WCF. We select WCF because the WCF contains many advantages that WS doesn’t contain, such as
(1) Extension ability
(2) Better asp.net integration
(3) Can be independent from IIS
(4) Stateful & transaction supported
(5) …
2. Why we talk about Certificate
We talk about certificate not specially for WCF, It’s a secure solution, can be used in all communication cases, such as Website, Web Service and WCF. We use it for it is the best secure solution and is supported by WCF very well. It’s not very complex in use, but only need little time to understand and explain.
What is SSL? It’s a certificate use case. Firstly, there is a CA, CA has a Root Certificate, and the website has a sub-certificate from CA. Why you trust the website? Because you believe the CA. Why you believe the CA, because you have the CA Root Certificate in Trusted Root Certification Authorities on your PC. This authentication process is implemented in Transfer Layer(https). Commonly, SSL is used to authenticate Server.
WCF based Certificate is like SSL, but WCF can implement authentication in application layer and do more detail control. The theory is like the SSL, but we need to do two-way authentication, not only the client authenticates the server, but also the server authenticate the client. So we need deploy certificate both in server & client. That’s all, and is not very complex.
Certificate can be from a CA(we can deploy a CA Server ourselves). In developing period, we can use makecert.exe command to create root certificate & sub certificate.
My example is a pure technical solution, but it simulates our real solution partly, Adam and me has confirmed this.
3. I’ll translate my email later, please give me some time.
