 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / October 2006WSE 3.0 custom signature
Hello! I'm trying to create the following scenario: 1. Internet Explorer client initiates a command to presentation server. 2. presentation server calls a web service. 3. web service is configured with a policy which requires x509 signature - returns an exception along with the digest value needed to be signed. 4. Internet Explorer receives the 'signature request' and signs it using a smart card and CAPICOM. client automatically retries the same command and sends the same button click to presentation server. 5. presentation server calls the web service and this time the custom client policy assertion detects the browser signed the message and builds the ws-security elements. 6. service accepts the request and everyone are happy. Right now I'm a bit stuck in stage 5. I'm able to load the client certificate from the browser and construct an X590SecurityToken, from that I create a MessageSignature and try to manually create the reference to the soap body and insert the SignatureValue to what the client signed in CAPICOM. the problem is that when I finish it's still trying to sign the message using the x509 security token and naturally throws an exception about only having the public key and not the private. Any idea how I override that process and just insert the signature by myself? I don't mind veryfying it by myself in the server side using another custom policy assertion. Thanks! Avner Peled avnerus@gmail.com Hi Avner, In order to create a custom signature, you have to develop a custom SecurityAssertion (You can create a SecurityAssertion deriving your class from one of the existing assertions like UsernameForCertificate or MutualCertificate11Assertion or the base class SecurityAssertion). A security assertion creates 4 filters: a.. ClientOutputFilter: for outgoing messages on the client a.. ClientInputFilter: for incoming messages on the client a.. ServiceOutputFilter: for outgoing messages on the service a.. ServiceInputFilter: for incoming messages on the service For more details, take a look to this article, http://msdn.microsoft.com/msdnmag/issues/06/02/WSE30/default.aspx You will have to create a custom ClientOutput filter to add the custom message signature, and a custom ServiceInput filter to validate it. Regards, Pablo Cibraro. > Hello! > I'm trying to create the following scenario: [quoted text clipped - 29 lines] > Avner Peled > avnerus@gmail.com Thanks for your reply! I'm actually already using a custom policy assertion...maybe it wasn't understood but I did write in stage 5 "custom client policy assertion" :) I've made some advancement today. My problem was that inside my ClientOutputFilter I was creating a message signature with an X509SecurityToken which I generated from the base64 certificate I got from the browser client. but turns out that X509SecurityToken has a "Key" property which is an RSAOEP KeyAlgorithm which has a SignatureFormatter which uses a locally stored private key to sign the stream. So now I've replaced all of those! in my custom SignatureFormatter I override Sign() and instead of signing I return the stream to the client so it will sign using javascript, try again and then in the Sign() retry I will return what the client signed. I will continue this tomorrow... > Hi Avner, > [quoted text clipped - 51 lines] > > Avner Peled > > avnerus@gmail.com
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.