I am trying to understand the process for securing a webservice. I have set up an https iis web service and require client certificates. Now, as I understand it when I make the web service request I attach my client certificate and the web browser encrypts the request using the web servers public key (which I assume the web server decrypts using it's private key). My question is...
Does the web server automatically encrypt the response with the client certificate public key?
If so will the client (web browser, custom winforms or other) automatically decrypt the response with the clients private key?
What happens if the private key is not available at the client (ie someone steals your public key in an attempt to impersonate), is some sort of exception thrown?
Thanks,
Justin
Does the web server automatically encrypt the response with the client certificate public key?
If so will the client (web browser, custom winforms or other) automatically decrypt the response with the clients private key?
What happens if the private key is not available at the client (ie someone steals your public key in an attempt to impersonate), is some sort of exception thrown?
Thanks,
Justin