 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / March 2006SecureConversation using AES256 with WSE 2.0
Is there any way to configure SecurityContextTokenService in WSE 2.0 to issue security context tokens with AES256 symmetric keys? If so, how to get such tokens from the client side? Thanks, Dejan Hi Dejan, Yes, it should work if you add the following setting to the configuration file: <microsoft.web.services2> ... <security> .... <binarySecurityTokenManager valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"> <sessionKeyAlgorithm name="AES256"/> <!-- add this to switch to AES256 from default AES128 --> </binarySecurityTokenManager> </security> ... <microsoft.web.services2> Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > Is there any way to configure SecurityContextTokenService in WSE 2.0 to > issue security context tokens with AES256 symmetric keys? If so, how to > get such tokens from the client side? > > Thanks, > Dejan Hi Pablo, thanks a lot for your quick answer. I have tryed this, but it seems it does not work. MSDN says that SecurityContextTokenService within WSE 2.0 uses Entropy of 128 bits in length. I find the information that I can use proof token instead of entropy to get an AES256 key. However, I can't find any example of how to use the proof token to get AES256 key and how to configure SecurityContextTokenService to work with proof tokens. My web.config file looks as follows: <?xml version="1.0" encoding="utf-8"?> <configuration> <configSections> <section name="microsoft.web.services2" type="Microsoft.Web.Services2.Configuration.WebServicesConfiguration, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> </configSections> <microsoft.web.services2> <tokenIssuer> <autoIssueSecurityContextToken enabled="true" /> <serverToken> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <wsse:SecurityTokenReference xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:KeyIdentifier ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509SubjectKeyIdentifier">3yCJD4BTZ2nPV7hgKB5pEz+fDM0=</wsse:KeyIdentifier> </wsse:SecurityTokenReference> </KeyInfo> </serverToken> <ttlInSeconds>315360000</ttlInSeconds> </tokenIssuer> <security> <x509 storeLocation="CurrentUser" allowRevocationUrlRetrieval="false" verifyTrust="false" /> <binarySecurityTokenManager valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" <sessionKeyAlgorithm name="AES256" /> </binarySecurityTokenManager> </security> <diagnostics> <trace enabled="true" input="InputTrace.webinfo" output="OutputTrace.webinfo" /> </diagnostics> </microsoft.web.services2> <system.web> <identity impersonate="true" userName="testuser" password="testpwd" /> <webServices> <soapExtensionTypes> <add type="Microsoft.Web.Services2.WebServicesExtension, Microsoft.Web.Services2, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0" /> </soapExtensionTypes> </webServices> </system.web> </configuration> Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.