Re: WCF endpoint certificate identity

It doesn't quite get me what I need. Any idea where I can find any
documentation on what this value is and how its generated? Some
documentation says that "This element specifies a Base64-encoded X.509
certificate value to compare with the client." but then also says that
"This element restricts authentication to a single certificate based upon
its thumbprint value." So if anything changes that affects the thumbprint,
this value will have to be regenerated (quotes taken from
http://msdn.microsoft.com/en-us/library/ms733130.aspx).

I also run a pretty good chance that the customer(s) may want to use their
own certificate anyways, so I'll need a good way of updating this
encodedValue (outside of my dev environment). Any other thoughts on how
this can be done? Its got to be pretty common to have to change this value
since certificates expire, company processes require updating of
certificates/key pairs or other other update problems. Is there any
documented procedure for doing this?

"Tiago Halm" <thalm@xxxxxxxxxxxxxxxxxx> wrote in message
news:2B8CF6E4-B702-46AB-B539-1F6C6910EB1E@xxxxxxxxxxxxxxxx
Larry,

See here, see if it helps to generate the value (haven't checked):
http://forums.microsoft.com/MSDN/ShowPost.aspx?PostID=597530&SiteID=1

Tiago Halm

"Larry" <adcoder@xxxxxxxxxxxxxxxx> wrote in message
news:upp5uYxIJHA.4896@xxxxxxxxxxxxxxxxxxxxxxx
There is more to this encoded value than just the public key. As I
mentioned previously, the encoded value begins with AwAAAAEAAAAUAAAARF
and doesn't have until later in the value MIIE (the start of the public
key). It kind of looks like it starts with an encoded thumbprint or
signature. I see though that I won't have to change this value unless a
new key pair is needed.

Thanks for your help!

"Tiago Halm" <thalm@xxxxxxxxxxxxxxxxxx> wrote in message
news:%23t5W0WrIJHA.4600@xxxxxxxxxxxxxxxxxxxxxxx
The encoded value is the public key of the X.509 certificate. The client
uses this public key to encrypt a given message, which the private key
owner
(the web service) is able to decrypt.

When the web service owner decides to change the certfificate, this
change
will (eventually) involve a change in the public key which will be
reflected
in the WSDL. The client should be able to update the reference
(re-process
the WSDL) when the certificate changes.

I suspect, but may be wrong, that you may renew the certificate while
maintaining the private/public key pair.

Tiago Halm

"Larry" <adcoder@xxxxxxxxxxxxxxxx> wrote in message
news:uhMmAdqIJHA.456@xxxxxxxxxxxxxxxxxxxxxxx
Sorry about the miss submission.

Like I said, I'm using WCF with my web service calls and use
wsHttpBinding
with certificates and set with message encryption. When I create my
service reference, I end up getting an entry something like this in the
<client /> section of the web.config:
<endpoint address="http://<my service address>"

binding="wsHttpBinding" behaviorConfiguration="certConfig"
bindingConfiguration="wsHttpBindingConfig"

contract="<my contract>" name="wsHttpBindingConfig">

<identity>

<certificate encodedValue="<AwAAAAEAAAAUAAAARFl...MIIE...< more of a
long
encoded string>" />

</identity>

</endpoint>

The encodedValue in the certificate node is automatically generated for
me
when I add the reference (comes from the Svcutil). I'd like to be able
to
replace this value when certs are updated. What is this value made up
from and how can I programmatically update it (using c#)? It looks
like
it has more than the base64 encoded value of the certificate.

I tried something like this:

byte[] bytes = myCert.Export(X509ContentType.SerializedCert);

string base64Cert = Convert.ToBase64String(bytes);

which did not come out the same as what's in the encodedValue. What am
I
missing here? Any suggestions would be greatly appreciated!

Larry
"Larry" <none> wrote in message
news:OETSPlpIJHA.1160@xxxxxxxxxxxxxxxxxxxxxxx
Hello,

I use WCF with my web service calls and all of the communication is
secured with certificates. When I create my service reference, an
endpoint gets created with the correct information. It includes an
entry
like this:









.

Relevant Pages

  • Re: WCF endpoint certificate identity
    ... the encoded value begins with AwAAAAEAAAAUAAAARF and doesn't have until later in the value MIIE (the start of the public key). ... When the web service owner decides to change the certfificate, ... I suspect, but may be wrong, that you may renew the certificate while ... The encodedValue in the certificate node is automatically generated for me ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: WSE 2.0 Policy security settings with multiple X.509 certifica
    ... Certificate Store Location is set to LocalMachine (for the Web Service ... "Trusted Client Certificates" is made from "Local Machine - Other People" ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: WCF endpoint certificate identity
    ... The encoded value is the public key of the X.509 certificate. ... When the web service owner decides to change the certfificate, ... The encodedValue in the certificate node is automatically generated for me ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Using Microsoft Certificate Server Programatically
    ... Client contacts server (web service) with encrypted registration ... The server issues the certificate (not sure how the web service ...
    (microsoft.public.platformsdk.security)
  • Re: WCF endpoint certificate identity
    ... When web services have certificates involved and are used at the message level I believe the update process would be to re-send the WSDL to the client. ... Some documentation says that "This element specifies a Base64-encoded X.509 certificate value to compare with the client." ... When the web service owner decides to change the certfificate, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
Loading