您可以将WCF端点配置为使用 2-way SSL身份验证。这意味着您可以要求客户端在请求服务时出示X.509证书，以确认其身份。


在服务器端，您可以使用一个证书。 WCF中的内置验证方案，或者提供您自己的验证逻辑来​​检查X.509证书。

如果您将服务托管在IIS中，则配置SSL以要求客户端很简单。 运输级别的证书。但是，您可以在此处找到有关如何在自托管WCF服务中实现此行为的良好指南：

You can configure a WCF endpoint to use 2-way SSL authentication. That means that you can require clients to present an X.509 certificate that confirms their identity whenever they make a request to the service.

On the server side of things, you can use one of the built-in validation schemes in WCF or provide your own validation logic to check the X.509 certificate.
If you were hosting your service in IIS, it would be trivial to configure SSL to require client certificates at the transport-level. However, you can find a good guide on how to implement this behaviour in a self-hosted WCF service here:

http://leastprivilege.com/2007/08/25/certificate-based-authentication-and -wcf-message-security /

我自己没有尝试过此操作，但是由于这在 message-level上创建了安全要求，我认为您将必须在您的WSDL合同中使用 wsHttpBinding 来实施它，因为对访问Web服务的安全要求是WS- *标准的一部分。

I haven't tried this myself but, since this creates a security requirement at the message-level, I think you will have to use wsHttpBinding to enforce it in your WSDL contract, since imposing security requirements to access a web service is part of the WS-* standards.

如果必须使用 basicHttpBinding ，则可以尝试以下解决方案，而不是在传输级别上进行升级：

If you have to use basicHttpBinding, you can try this solution instead that moves things up at the transport-level:

http：//最小特权om / 2007/08/26 / certificate-based-authentication-and-wcf-mode-independent /

希望这会有所帮助