 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / September 2004Signing/Encrypting with kerberos token or usernametoken
How can I define a policy that would sign and/or encrypt with a kerberos token or a usernametoken (I am assuming you can sign with a usernametoken, I don't know if that is true). The WSE Visual Studio plug-in only lets you configure certificates for signing and encrypting. I am hoping to start with a policy file such as the following: <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext/"> <wsp:ExactlyOne> <wsse:SecurityToken wsp:Usage="wsp:Required" wsp:Preference="10"> <wsse:TokenType>wsse:Kerberosv5TGT</wsse:TokenType> </wsse:SecurityToken> <wsse:SecurityToken wsp:Usage="wsp:Required" wsp:Preference="1"> <wsse:TokenType>wsse:UsernameToken</wsse:TokenType> </wsse:SecurityToken> </wsp:ExactlyOne> </wsp:Policy> Thanks in advance, Indra > How can I define a policy that would sign and/or encrypt with a kerberos > token or a usernametoken (I am assuming you can sign with a usernametoken, I [quoted text clipped - 16 lines] > Thanks in advance, > Indra Check the QuickStart samples for the product: each sample has a code variant and a policy variant, the UsernameToken signing example should have what you need.  SignatureThis posting is provided "AS IS", with no warranties, and confers no rights. The sample just shows signing with the username token. I take it that the username token can also be used to somehow encrypt the message also. Is there some place where I can find details of how the username is used to sign and encrypt the message. I would like to understand the mechanism. I take it that the password is no longer in plain text in a message that is signed and encrypted with the username token ... because if it is not, can't someone sniff the password and replace the signed encrypted message with one of their own? Thanks again, IP > > How can I define a policy that would sign and/or encrypt with a kerberos > > token or a usernametoken (I am assuming you can sign with a usernametoken, I [quoted text clipped - 20 lines] > variant and a policy variant, the UsernameToken signing example should > have what you need. > The sample just shows signing with the username token. I take it that the > username token can also be used to somehow encrypt the message also. [quoted text clipped - 34 lines] >>variant and a policy variant, the UsernameToken signing example should >>have what you need. You should not use the UsernameToken to both sign and encrypt a message to a service; instead you should sign with the username token and then encrypt the token and the message using the services token. If you don't have the services token, you should strongly consider sending this initial message over a secure channel (always a good thing w/ the UsernameToken). The response from the service can be encrypted with the clients signing token by marking the signing token in policy as the identity token. This should be illustrated in the ResponseEncryption sample. SignatureThis posting is provided "AS IS", with no warranties, and confers no rights. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.