WCF Certificate Store from SQL Server Database

I have a SQL Database which is storing my client side certificate for WCF service and other services. (X509 etc). I would like to use this Store (instead of 'My') to retrive this certificate (instead of declaring it in web.config) and then use it fo开发者_运维技巧r WCF.

I have tried to search on this site and google but does not seems to be much of a help.

Currently I am doing

 var targetEndpoint = new EndpointAddress(targetLogicalAddress, targetIdentity);
 MyTransportPortTypesClient proxy = new MyTransportPortTypesClient("WebConfigSection", targetEndpoint);

So ideally I would like to get rid of the "WebConfigSection" and instead pass some sort of WCF object which has certifictate signed.

Does anyone know how to achive this?

I have finally solved this and Here's how I did it. (I'll share my experiece so everyone can use it) This is without using any machine CertificateStore. Its purely from Database to the client Proxy.

I have created X509Certificate2 Object and assign physical file (in byte[]). You can also put password if its password protected.

Then I have assigned the certificate to my proxy client. Something like :

proxy.ClientCredentials.ClientCertificate = __MyCertificate

Now I have manupulated my clientproxy as I was inteneted to in my app.config. and that's it. All these properties will be in your proxy object.

Hope this helps.

AFAIK it is at least very difficult, if not down right impossible. WCF uses SChannel SSPI provider for the authentication and this SSPI provider will load certificates only from the SChannel CSP provider. In order to use a certificate from the database the certificate would have to be loaded first into a PROV_RSA_SCHANNEL CSP keystore and then the certificate context of this keystore would be passed to AcquireCredentialsHandle. For instance, this is how database mirroring is able to authenticate using a certificate stored in the database. While it is possible to do all these steps in managed code too, I'm not sure if is possible to plug them into WCF: I expect it is, but probably not for the faint of heart.