Hi people, I am considering two different ways of using Certificate based authentication of a client connecting to our Web Service:
1. Certificate is contained in the HTTPS request. I intercept the Request in my Web Service, get the Certificate out of it, and do the authentication. 2. Certificate is contained in the signed SOAP Envelope. My Web Service (a Handler) gets the SOAPEnvelope, gets the Certificate out of it, and does the authentication. Which one of these options is the better one, what do you people think? Best regards, Zoltan Schreter Nokia/Finland
