 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / November 2005more than one certificate in a policy
Hello everybody, I am developing a multithreaded windows service in C# whose purpose is to be a client for a WSE web service with X-509 authentication. I have to configure a policy file using more than one digital certificate. In fact, my service must have the possibility to use one certificate per thread. I know I can configure one <policy> element for each endpoint url, but I'm looking for a way to use different certificates at the same time. Here's an extraction of my policy where it sets the cerificates: <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <wssp:SecurityToken> <wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk </wssp:TokenType> <wssp:Claims> <wse:Parent> <wssp:SecurityToken> <wssp:TokenType> http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct </wssp:TokenType> <wssp:Claims> <wse:BaseToken> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>C=it, O=GRTN, OU=CA GRTN</wssp:TokenIssuer> <wssp:Claims> <wssp:SubjectName MatchType="wssp:Exact">CLIENT_CERTIFICATO_SUBJECT_NAME</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">CLIENT_CERTIFICATO_KEY_IDENTIFIER</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wse:BaseToken> <wse:IssuerToken> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>C=it, O=GRTN, OU=CA GRTN</wssp:TokenIssuer> <wssp:Claims> <wssp:SubjectName MatchType="wssp:Exact">SERVER_CERTIFICATO_SUBJECT_NAME</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">SERVER_CERTIFICATO_KEY_IDENTIFIER</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wse:IssuerToken> </wssp:Claims> </wssp:SecurityToken> </wse:Parent> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From) wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo) wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts> </wssp:Integrity> Is it sufficient to add others similar sections to my my policy with different certificate references? In that case, how can I decide what certificate to use in runtime without using manual certificate selection pop-up dialog ? Thanks in advance to anybody helping me I am wrestling with a similar issue, but what I have found so far may be of help. I have found that if you wrap multiple <SecurityToken> elements with a <wsp:OneOrMore> element then, at least on the request side, the web service can take any of the certs I use on the client side. Now if I can find a way to specify on the return trip that the cert used on the request is the one to use on the response message, I'll be golden. Anyone? HTH, Keith > Hello everybody, > I am developing a multithreaded windows service in C# whose purpose is to be [quoted text clipped - 65 lines] > > Thanks in advance to anybody helping me
Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.