Best approach to authenticate the client certificate

I have hosted a secure WCF service on cloud with a certificate created by makecert.

Now I want to restrict the access to the service by allowing only those clients who have the certificate generated by me.

What is the best approach to implement this

* Shall I go with the changes in the configuration file
* Or 开发者_运维问答Shall I write the code to validate this in the service
* Is there any other alternative?

Ram, How are client certificates mapped? If they are mapped to Directory Services (AD), using configuration file should be okay as you won't need to change/add any code- utilizing existing tried and tested method is always a good thing :) However, if you don't want/can't map client certificates using IIS, you may need to write code which will map the certificate to user.

In short, the best approach will depend upon how you plan to map (and manage) certificate to users/clients.

Good luck,

Gaurav Kumar