Folks, I have a Silverlight Phone app that talks to a WCF service. The spec says that phones must *prove* to the service that they are legitimate and trusted. I figure therefore that I will stuff something in the message headers of each call that can't be forged to prove a phone has legitimate client software ... but what?
The spec is vague and does not specify any kind of "login" method or handshake to establish trust. To confuse matters, I've been given a pair of X509 certificates (as cer and pfx files) without any hint about what to do with them. So I've been reading about X509's for hours, but I can't figure out if they're of any help in this situation or not. All the sample code I've found using certificates is for the full CLR and not for the Silverlight CLR where many classes are smaller or missing. I can't figure out how to use X509s for solving my problem (if they are of any use). Any suggestions from crypto protocol boffins out there? *Greg K*
