Re: who can give me a e.g using Customer UsernameToken
- From: "Alan" <Alan@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 22 Feb 2006 19:24:26 -0800
thanks Pablo
if i only use the customerUsernameToken, it worked well
but i have a problem
i wanna use public key in a certificate to encrypt the message, so i wrote
other policy
in the server policy:
<policy name="ServicePolicy">
<usernameForCertificateSecurity establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="LocalMachine" storeName="My"
findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName"
/>
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
<usernameOverTransportSecurity />
</policy>
and the client is
<policy name="ClientPolicy">
<usernameForCertificateSecurity establishSecurityContext="false"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"
ttlInSeconds="300">
<serviceToken>
<x509 storeLocation="CurrentUser" storeName="AddressBook"
findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName"
/>
</serviceToken>
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody" encryptBody="false" />
</protection>
</usernameForCertificateSecurity>
<requireActionHeader />
<usernameOverTransportSecurity />
</policy>
and then i got a mistake:
<faultcode
xmlns:q0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>q0:InvalidSecurity</faultcode>
<faultstring>Microsoft.Web.Services3.Security.SecurityFault: An
error was discovered processing the <Security> header --->
System.Security.Cryptography.CryptographicException: WSE009: The input was
not a valid SOAP message because it had more than one element with the
following ID value: SecurityToken-385d18a3-1c78-49c4-b152-d90cd4fcae79.
at
Microsoft.Web.Services3.Security.MessageSignature.FindIdElements(XmlElement
element)
at
Microsoft.Web.Services3.Security.MessageSignature.FindIdElements(XmlElement
element)
...
how to solve this problem or can i use other method to encrypt with
customerUsernameToken?
.
- References:
- Re: who can give me a e.g using Customer UsernameToken
- From: Pablo Cibraro
- Re: who can give me a e.g using Customer UsernameToken
- From: Pablo Cibraro
- Re: who can give me a e.g using Customer UsernameToken
- From: Alan
- Re: who can give me a e.g using Customer UsernameToken
- From: Pablo Cibraro
- Re: who can give me a e.g using Customer UsernameToken
- Prev by Date: Re: Handling a token outside a WSSE header?
- Next by Date: Re: WSE 3.0, MutualCertificate11Assertion and EstablishSecurityContext
- Previous by thread: Re: who can give me a e.g using Customer UsernameToken
- Next by thread: Sending Mtom but receiving non-Mtom message.
- Index(es):
Relevant Pages
|
