how to sign response message with X509 thru code.

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

wchar - 10 Feb 2005 00:23 GMT

I can't find any code sample that shows how to sign the web service response
message. I got the request message signed with no problem. I assume signing
the response is the same except using ResponseSoapContext in my webmethod

ResponseSoapContext.current.Security.Elements.Add(sig);

I am getting the Cryptography_CSP_NoPrivateKey error but I can sign the
request using the same certificate in the client web app.

Reply to this Message

SA - 10 Feb 2005 00:44 GMT

You can't sign a message if you don't have the private key used to create
the X.509 certificate installed on the machine you are sending the message
from.

You can sign the request message on the client, because you have the full
certificate available. On the server-side, you only have the public key of
the client's certificate installed (as it should be). That's enough the
verify the signature in the request is valid, but not enough to create a
signature.

In other words, you will need to pull a different certificate on the server
side in order to sign the response message.

(For your reference, you might want to check up on PKI principles, because
otherwise you'll run into a similar issue when using encryption).

HTH,

Signature

Sven.

> I can't find any code sample that shows how to sign the web service response
> message. I got the request message signed with no problem. I assume signing
[quoted text clipped - 4 lines]
> I am getting the Cryptography_CSP_NoPrivateKey error but I can sign the
> request using the same certificate in the client web app.

Reply to this Message

wchar - 10 Feb 2005 01:07 GMT

I understand that. Both client and server apps are running on my dev
workstation. Both public and private keys are installed in both localmachine
and currentuser.

Is my assumption correct that all I need to do to sign the response message
is to add the MessageSignature to the
ResponseSoapContext.current.Security.Elements collection?

Thanks for your help

> You can't sign a message if you don't have the private key used to create
> the X.509 certificate installed on the machine you are sending the message
[quoted text clipped - 23 lines]
> > I am getting the Cryptography_CSP_NoPrivateKey error but I can sign the
> > request using the same certificate in the client web app.

Reply to this Message

SA - 11 Feb 2005 00:48 GMT

Hi,

No, you will still need to retrieve the certificate. Simply re-using won't
work because only the public key is available.

WSE 2.0 won't by itself figure out that the certificate (including private
key) is available on the machine and go get it for you.

(With UsernameTokens, you can do that, because everything's public for
them).

Signature

Sven.

> I understand that. Both client and server apps are running on my dev
> workstation. Both public and private keys are installed in both localmachine
[quoted text clipped - 33 lines]
> > > I am getting the Cryptography_CSP_NoPrivateKey error but I can sign the
> > > request using the same certificate in the client web app.

Reply to this Message

wchar - 11 Feb 2005 18:59 GMT

I finally figured it out. It was a problem with how I copied my certificates
from the currentuser store to localmachine store. I dragged the certificate
from one to the other in the certificate MMC snap-in. For people who
encountered the same problem, here is the document.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/ea7d6d
b0-8d74-4b6b-ba3a-207db29f5757.asp

> Hi,
>
[quoted text clipped - 54 lines]
> the
> > > > request using the same certificate in the client web app.

Reply to this Message

how to sign response message with X509 thru code.

Free Magazines