Hello All,

I have a problem with configuration of my asmx web service in web.config file.

My web service is based on .NET 2.0 framework (I know, pretty old one) and is deployed on IIS 6.0 (also pretty old...).
It is configured as new web application with the access over https (standard 443 port).
I need to restrict access to my web service only to the clients with dedicated client certificate.
Of course I've got both server and client certificates with private keys.

One more important think, my server (that hosts my web service on IIS 6.0) is placed in LAN (WIndows domain), but the client will be calling web service from external server by some java client application.
That's we I want to use solution with SSL and client/server certificates and I can't use Windows authentication mode.

How should I prepare my web.config file for such a combination?
What authentication mode should I use?

Please remember, that my web service is ASMX service based on .NET 2.0 framework.
For now, I don't have any other special requirements.

Currently my web.config is pretty simple:

<?xml version="1.0"?>
<configuration>
<appSettings/>
<connectionStrings/>
<system.web>
<compilation debug="true"></compilation>
<authentication mode="Windows" />
</system.web>
</configuration>

With above mentioned "Windows" mode it doesn't work, after setting in IIS that the client certificate is required.

Please help...

Regards