Re: Encrypting the response
From: D.Mitchell (DMitchell_at_discussions.microsoft.com)
Date: 09/15/04
- Next message: Tim Haynes: "UsernameToken & LogonAsUser"
- Previous message: Tomas: "RE: PolicyVerificationException: WSE464: No policy could be found"
- In reply to: Softwaremaker: "Re: Encrypting the response"
- Next in thread: SA: "Re: Encrypting the response"
- Reply: SA: "Re: Encrypting the response"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 09:11:19 -0700
I'm runnig the client and web service on separate machines now. Am using a
couple of test verisign certificates. Client picks up the imported server
public key to encrypt the request OK using my code. Server recieves the
request (am hooked into the ASPNET process in VS.Net) and says 'Cannot find
the certificate and private key for decryption'. Message is obviously thrown
before it gets to the first line of the WebMethod being called. Have
installed the server key in Local Computer>Personal store. Have set WSE
Settings 2.0>Security tab>Store location for the web service to LocalMachine.
Am running the web service under Win XP Pro on a workstation. Not sure what
account WSE 2 is using to try to access the private key. The 'How to: Make
X.509 Certificates Accessible to WSE' implies that IIS 6 will use an account
called 'Network Service'. No such account exists. I did try giving ASPNET
local admin permissions temporarily and it had no affect.
Any ideas?
"Softwaremaker" wrote:
> If [Server's] X509s are used, usually a key pair is generated. The Server
> keeps the Private Key [which usually says on the cert "you have a
> corresponding private key"] and the Public Key may be [but not necessarily
> be] distributed to all clients. In the HOL examples, we are assuming that
> the Public Key is distributed.
>
> Signing the [Server's] response is done with the [Server's] private key [if
> X509s are used].
>
> Sven says:
> Just because of what you said: if the server was to encrypt the response
> with the token used to encrypt the request, it would be signing it with
> either
> a) it's own public key, which wouldn't work because the client doesn't have
> the server's private key to decrypt.
> b) it's own private key, which wouldn't work because everyone
> (theoretically) can have the server's public key to decrypt.
>
> When you sign a message, you have to sign it with your own private key (b).
> The objective is to let everyone [who has the Public Key Pair] verfiy that
> the message actually comes from you.
>
> hth.
> --
> Thank you very much
>
> Warmest Regards,
> Softwaremaker
> Architect | Evangelist | Consultant
> http://softwaremaker.net/blogs/softwaremaker
>
> +++++++++++++++++++++++++++++++++
>
>
> "D.Mitchell" <DMitchell@discussions.microsoft.com> wrote in message
> news:16C995AB-C0D7-4C69-8627-B91F2F34C072@microsoft.com...
> > Sven - If you look in the 'C:\Program Files\Microsoft
> > WSE\v2.0\Samples\VB\QuickStart\ResponseEncryption\Code' example I am sure
> > that the signing token of the request is used to encrypt the response.
> I've
> > tried it but can't get it to work.
> >
> > How about installing the client's certificate on the same server as the
> web
> > service. Pulling the token out of that and usnig that to encrypt the
> > response. I tried it and it didn't work.
> >
> > Anyone from Microsoft WSE team out there (X files theme tune plaing in
> > backround)?
>
>
>
- Next message: Tim Haynes: "UsernameToken & LogonAsUser"
- Previous message: Tomas: "RE: PolicyVerificationException: WSE464: No policy could be found"
- In reply to: Softwaremaker: "Re: Encrypting the response"
- Next in thread: SA: "Re: Encrypting the response"
- Reply: SA: "Re: Encrypting the response"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
