Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / July 2004

Tip: Looking for answers? Try searching our database.

"The signature or decryption was invalid"

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Matthew Sajdera - 23 Jul 2004 22:34 GMT
All -

We continue to have a problem with a simple signed response using WSE
2.0.

We keep getting the following error message:

"The signature or decryption was invalid"

Our client is .Net using WSE 2.0.  The Service is a WebLogic web
service.
I'm using a Cert generated by our Cert Authority to generate a Client
Authentication Certificate, Microsoft Base Crypto v1.0, Key Usage –
Both, Hash Algorithm SHA-1.
The request gets processed properly by the server, but the response
keeps failing with the above message.

What should I look at next and / or change?  I have a feeling it's how
I'm creating the cert, but I'm not sure.

Thanks,

-    Matt Sajdera
-    msajdera@ncen.com
Reply to this Message
Lucien - 27 Jul 2004 20:26 GMT
Does the response contain a signature or decryption? If it does can you post
piece of these security headers?

> All -
>
[quoted text clipped - 20 lines]
> - Matt Sajdera
> - msajdera@ncen.com
Reply to this Message
Byron Kim - 27 Jul 2004 21:12 GMT
I suspect client receives x509 signed message but the STR has KeyName which
is not supported by WSE by default.

<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">

<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-_5">

- <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">

<dsig:KeyName>CN=WSE2QuickStartClient</dsig:KeyName>

</dsig:KeyInfo>

- <xenc:CipherData>

So, you need to override
X509SecurityTokenManager.LoadTokenFromKeyInfo(KeyInfo keyInfo)

And return X509token for signature verification

Byron KIM

> All -
>
[quoted text clipped - 20 lines]
> - Matt Sajdera
> - msajdera@ncen.com
Reply to this Message
Byron Kim - 27 Jul 2004 21:37 GMT
Please note that this is not compilant with X509 profile and WS-I BSP. That
is the reason why WSE does not support this by default.

bckim

> I suspect client receives x509 signed message but the STR has KeyName which
> is not supported by WSE by default.
[quoted text clipped - 42 lines]
> > - Matt Sajdera
> > - msajdera@ncen.com
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.