AFAIK它是至少非常困难，如果不是下来不可能。 WCF使用 SChannel SSPI提供程序身份验证，此SSPI提供商将只从加载证书SChannel CSP提供商。为了使用数据库中的证书，证书必须首先加载到 PROV_RSA_SCHANNEL CSP密钥库，然后此密钥库的证书上下文将传递到 AcquireCredentialsHandle 。例如，这是数据库镜像能够进行身份验证的方式使用存储在数据库中的证书。虽然可以在托管代码中完成所有这些步骤，但我不确定是否可以将它们插入WCF：我期望，但是可能不是为了微弱的心。 / p>

I have a SQL Database which is storing my client side certificate for WCF service and other services. (X509 etc). I would like to use this Store (instead of 'My') to retrive this certificate (instead of declaring it in web.config) and then use it for WCF.

I have tried to search on this site and google but does not seems to be much of a help.

Currently I am doing

 var targetEndpoint = new EndpointAddress(targetLogicalAddress, targetIdentity);
 MyTransportPortTypesClient proxy = new MyTransportPortTypesClient("WebConfigSection", targetEndpoint);

So ideally I would like to get rid of the "WebConfigSection" and instead pass some sort of WCF object which has certifictate signed.

Does anyone know how to achive this?

I have finally solved this and Here's how I did it. (I'll share my experiece so everyone can use it) This is without using any machine CertificateStore. Its purely from Database to the client Proxy.

I have created X509Certificate2 Object and assign physical file (in byte[]). You can also put password if its password protected.

Then I have assigned the certificate to my proxy client. Something like :

proxy.ClientCredentials.ClientCertificate = __MyCertificate

Now I have manupulated my clientproxy as I was inteneted to in my app.config. and that's it. All these properties will be in your proxy object.

Hope this helps.

AFAIK it is at least very difficult, if not down right impossible. WCF uses SChannel SSPI provider for the authentication and this SSPI provider will load certificates only from the SChannel CSP provider. In order to use a certificate from the database the certificate would have to be loaded first into a PROV_RSA_SCHANNEL CSP keystore and then the certificate context of this keystore would be passed to AcquireCredentialsHandle. For instance, this is how database mirroring is able to authenticate using a certificate stored in the database. While it is possible to do all these steps in managed code too, I'm not sure if is possible to plug them into WCF: I expect it is, but probably not for the faint of heart.