It sounds like we’re on the same path; maybe we can help each other out.
I ended up doing security by configuration:
<security
enableUnsecuredResponse="true"
authenticationMode="MutualCertificate"
messageSecurityVersion="WSSecurity10WSTrust13WSSecureConversation13WSSecurityPolicy12BasicSecurityProfile10"
/>
You’ll also need to override the identity DNS value for your endpoint with whoever your certificate was issued to. Put this inside your <endpoint> tags
<identity>
<dns value="[Issued To]" />
</identity>
Finally, when you create a client, you need to use a ChannelFactory and set the appropriate credentials. Mine looks like this:
var factory = new ChannelFactory<BulkRequestTransmitterPortType>("BulkRequestTransmitterPort");
factory.Credentials.ClientCertificate.SetCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "3164c4510490d2c0f16f1e4cffd76b708964fa7c");
factory.Credentials.ServiceCertificate.SetDefaultCertificate(StoreLocation.LocalMachine, StoreName.My, X509FindType.FindByThumbprint, "3164c4510490d2c0f16f1e4cffd76b708964fa7c");
var client = factory.CreateChannel();
Let me know if you run into something else. Assuming your certificate and application status is OK, then once you get through this you’ll probably be stuck on the next step with me (proper MTOM encoding). If you get through that successfully PLEASE let me know 🙂