Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / February 2006

Tip: Looking for answers? Try searching our database.

Message encryption

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
KDV - 10 Feb 2006 14:19 GMT
Hi,

       I have a web service which uses WSE 3 security features.  Both the
client and service are WSE enabled. (Signing,encryption and encryting
signature). I have two machines Windows 2000 Pro and Windows XP Home. If I
run both client and service on either of the machine everything works fine.
But If I move Service on Windows 2000 Pro( Under IIS) and try to access it
from Windows XP Home I get following error message

unsupported signature or encryption algorithm was used
WSE3002: The receiver is expecting the key wrapping algorithm to be
http://www.w3.org/2001/04/xmlenc#rsa-1_5, but the incoming message used
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p.  You can change the key
wrapping algorithm through configuring security token manager.



This trace is produced by the Web service. and I get exception on the client.

My questions are:

1) Is the receiver here Web service?  

2) How can I set in the policies (If possible, both on client and service)
to force which encryption algorithm to use.

3) I read somewhere that RSAOAEP method cannot be used in clients prior to
Windows XP

Thanks
KDV
Reply to this Message
Julie Lerman - 12 Feb 2006 22:44 GMT
KDV

I'm having similar issues.

I can see in the output trace that the windows2000 client is encrypting the
security token with rsa-15 and I get the same error as you. Looking at my xp
client, it is encrypting the security token with rsa-oaep and all is well.

For me the goal is to force the client's to use rsa-oaep.

I'll dig around further and let you know if I come up with anything. Though
hopefully someone who knows already will come along and reply first!

julie

> Hi,
>
[quoted text clipped - 27 lines]
> Thanks
> KDV
Reply to this Message
Pablo Cibraro - 13 Feb 2006 14:06 GMT
Hi KDV,
This is the answer for your second question. In order to change the default
algorithm, you need to add the following setting in the web.config file:

<microsoft.web.services3>
<security>
 <binarySecurityTokenManager>
   <add
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
      <keyAlgorithm name="RSA15" />
   </add>
 </binarySecurityTokenManager>
</security>

</microsoft.web.services3>

That setting changes the default algorithm from "rsa-oaep" to "rsa-15".

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> KDV
>
[quoted text clipped - 48 lines]
>> Thanks
>> KDV
Reply to this Message
Julie Lerman - 13 Feb 2006 14:44 GMT
p.s.

see pablo's blog post - which I just found this morning.

http://weblogs.asp.net/cibrax/archive/2005/09/19/425555.aspx

> Hi KDV,
> This is the answer for your second question. In order to change the
[quoted text clipped - 73 lines]
>>> Thanks
>>> KDV
Reply to this Message
KDV - 13 Feb 2006 16:08 GMT
Thanks for the reply. Actually I tried this one but it did not help. I will
see in the config file to make sure I am not making any other mistake. I just
want to ask do I have to change only the section <binarySecurityTokenManager>
or (securityTokenManager> section also). On the blog I have found these two.

I will first try with <binarySecurityTokenManager> and let u know if I it
helps out.

Thanks
KDV

> p.s.
>
[quoted text clipped - 79 lines]
> >>> Thanks
> >>> KDV
Reply to this Message
Julie Lerman - 13 Feb 2006 17:23 GMT
it worked for me.

The blog pointer was for more eduction.

Use the code he pasted in the message here.

I put it in my web.config and voila! All was well again. Hooray Pablo.

A warning - put it in your client's app.config, too. That way if the client
app gets deployed to windows xp, it will also know to use rsa15, not it's
default of oaep.

julie

> Thanks for the reply. Actually I tried this one but it did not help. I
> will
[quoted text clipped - 102 lines]
>> >>> Thanks
>> >>> KDV
Reply to this Message
KDV - 14 Feb 2006 00:18 GMT
Thanks for your help. It worked and I can access service running on Win2000
Pro from WinXP client. The problem I was facing before because I was
accessing the service through DLL. So I changed the configuration in the dll
config and WSE was not finding it. So as long as I use exe.config or
web.config then there is no problem. Is there any way I can tell the client
application to look in dll.config instead of exe.config

Now I have some settings in dll.config and some in exe.config. I want to
make use of app.config which I have included in DLL assembly. ( I think there
may be a way to apply these settings through code, but I don't know how???)

Thanks once again
KDV

> it worked for me.
>
[quoted text clipped - 116 lines]
> >> >>> Thanks
> >> >>> KDV
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.