I have two servers in different locations (not within the same LAN). Both have a WCF client and WCF server. The WCF client on one server connects to the WCF server on the other, and v.v. What would be the best way to secure this communication, other than using SSL and certificates?
Site-to- site VPN between both locations created at the edge/perimeter network so the servers are unaware of the tunnel and no configuration is needed by the servers or applications running on those boxes.
Same here. Written plenty of server and client side code for it, but never had any involvement with securing it. That's why I want to know about other techniques than hardware/certificate based. I know those work, but perhaps there's something simpler I can use. I'm not sending over extremely sensitive data.
Thanks Ket. Am not put off by the certs. That was my first choice too (that's why I excluded it in the OP). Some people I have to convince are usually looking for code based solutions. Since I am new to the configuring part I was just looking for other possibilities.
You could use Username/Password based authentication over TLS, but that's not as secure as having a certificate solution in my opinion. But it's a better solution if money is a problem or you can't establish a valid certificate chain.
WCF can be configured in code or in web.config, so technically speaking, you could implement the certificate solution in code ;)