this first question here @ so, if it's not standard or out of place or anything, please let me know , i'll try , fix.
i'm in process of finding optimal solution following scenario. have windows server 2008 domain holding fair amount of users. of users need able connect wcf service on internet; wcf service resides in domain. want these users use client certificates authentication, , want able map these certificates ad account. users, or user on behalf, should able obtain certificate through web interface. certificate provisioning should automated.
my question this: scenario involve setting ad certificate services, or can create , distribute self-signed certificates users needing them?
the ad certificate services solution seems more extensive setup requiring more work. also, don't see future scenarios full-blown pki can come in handy. self-signed certificates option seems more practical solution. on other hand, if solution requires me place every single certificate in trusted persons store of server hosting wcf service, become major administrative burden. (not sure if that's required, though, since i'm mapping certificate ad user.) also, automating solution seems little more complex, based on afternoon of searching web. , of course, certificates self-signed, assuming distribution channel safe, not seem issue.
so, in short: want proper way, don't want over-engineer solution. ideas on route should take? in advance advice.
Comments
Post a Comment