RE: WSE 3.0 X.509 certs problem

Hello!
Please I need your help because you had done a lot of experimenting with WSE
2.0 and you it all seemed to work.
I am working now with WSE 2.0 and I want to encrypt a soap message and
decrypt it using X509 certificate. I use WSE2QuickStartServer and
WSE2QuickStartClient given by WSE in their Samples.
I think that encryption walk well. but when I call my proxy:
secureWSWSE myProxy = new secureWSWSE();
int value = myProxy.myWebService();
I have an exception: System.InvalidOperationException Private Key is not
available, Please try later.

Why? I encrypt using code and I decrypt using Policy as we can see in WSE
help.

Please could you help me? Thanks

"Bill44077" wrote:

Hello,

I had done a lot of experimenting with WSE 2.0 and it all seemed to work
after a fashion. I have recently installed WSE 3.0 and went through the setup
several times to try an figure out why the X.509 certs don't seem to be
working correctly. I have a simple HelloWorld program that I am trying to
secure with these certs - no rocket science here. I have added and removed
the policies from both client and service side several times thinking I must
have set something up incorrectly. None the less, I am using the test certs
that came with the hands on labs so I have a Client Cert, and a server Cert
which has a private and public key. Here are the errors that I get in the app
event log:

Event Type: Error
Event Source: Microsoft WSE 3.0
Event Category: None
Event ID: 0
Date: 6/9/2006
Time: 3:15:55 PM
User: N/A
Computer: OHBOCXX99RMRVK
Description:
An error occured processing an outgoing fault response.

Details of the error causing the processing failure:
System.InvalidOperationException: Send security filter on the server could
not retrieve the operation protection requirements from the operation state.
at
Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security)
at
Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope
envelope)
at
Microsoft.Web.Services3.WseProtocol.GetFilteredResponseEnvelope(SoapEnvelope
outputEnvelope)

The SOAP fault that was being processed follows:
<soap:Envelope xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing";
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/";>
<soap:Header>

<wsa:Action>http://schemas.xmlsoap.org/ws/2004/08/addressing/fault</wsa:Action>

<wsa:MessageID>urn:uuid:149c64e0-c4a1-416a-b9f9-89a4b1d076a9</wsa:MessageID>

<wsa:RelatesTo>urn:uuid:5fcec70c-c985-4a2f-84e0-08075a07aca6</wsa:RelatesTo>

<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:To>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode
xmlns:prefix2="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";>prefix2:FailedAuthentication</faultcode>
<faultstring>System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services3.Security.SecurityFault: The security token could not
be authenticated or authorized ---> System.Security.SecurityException:
WSE3003: The certificate's trust chain could not be verified. Please check
if the certificate has been properly installed in the Trusted People
Certificate store. Or you might want to set allowTestRoot configuration
section to true if this is a test certificate.
at
Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain)
at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust()
at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify()
at
Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token)
at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element)
The Zone of the assembly that failed was:
MyComputer
--- End of inner exception stack trace ---
at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element)
at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope
requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage
message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type,
HttpContext context, HttpRequest request, HttpResponse response, Boolean&
abortProcessing)</faultstring>
<faultactor>http://localhost:3577/DemoWS/Service.asmx</faultactor>
</soap:Fault>
</soap:Body>
</soap:Envelope>

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
-------------------------------------------------------------------------------------------
2nd error:
-------------------------------------------------------------------------------------------

Event Type: Error
Event Source: Microsoft WSE 3.0
Event Category: None
Event ID: 0
Date: 6/9/2006
Time: 3:15:55 PM
User: N/A
Computer: OHBOCXX99RMRVK
Description:
System.ApplicationException: WSE841: An error occured processing an outgoing
fault response. ---> System.Web.Services.Protocols.SoapHeaderException:
Microsoft.Web.Services3.Security.SecurityFault: The security token could not
be authenticated or authorized ---> System.Security.SecurityException:
WSE3003: The certificate's trust chain could not be verified. Please check
if the certificate has been properly installed in the Trusted People
Certificate store. Or you might want to set allowTestRoot configuration
section to true if this is a test certificate.
at
Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyChain(X509Chain chain)
at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.VerifyTrust()
at Microsoft.Web.Services3.Security.Tokens.X509SecurityToken.Verify()
at
Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager.VerifyToken(SecurityToken token)
at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element)
The Zone of the assembly that failed was:
MyComputer
--- End of inner exception stack trace ---
at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.LoadBinarySecurityToken(XmlElement element)
at
Microsoft.Web.Services3.Security.Tokens.SecurityTokenManager.GetTokenFromXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.LoadToken(XmlElement
element, SecurityConfiguration configuration, Int32& tokenCount)
at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element)
at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope
envelope, String localActor, String serviceActor)
at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.WseProtocol.FilterRequest(SoapEnvelope
requestEnvelope)
at Microsoft.Web.Services3.WseProtocol.RouteRequest(SoapServerMessage
message)
at System.Web.Services.Protocols.SoapServerProtocol.Initialize()
at System.Web.Services.Protocols.ServerProtocolFactory.Create(Type type,
HttpContext context, HttpRequest request, HttpResponse response, Boolean&
abortProcessing)
--- End of inner exception stack trace ---

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

-----------------------------------------------------------------------------------------

I have google'd and seached to no avail. Has anyone seen this error or can
tell me what the problem might be. I have been struggling with this one all
day long.

thanks in advance!
BillC

.

Relevant Pages

  • WSE 3.0 X.509 certs problem
    ... secure with these certs - no rocket science here. ... Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) ... if the certificate has been properly installed in the Trusted People ... HttpContext context, HttpRequest request, HttpResponse response, Boolean& ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • RE: WSE 3.0 X.509 certs problem
    ... "1) Did you check the "allow test root" option on the security page for the ... secure with these certs - no rocket science here. ... if the certificate has been properly installed in the Trusted People ... Or you might want to set allowTestRoot configuration ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: 2 Factor Authentication with VPN
    ... I once heard a security guy call certificates "1 and a half ... and if your users want to use a kiosk for example, certs are out. ... your network with strong authentication, ... I have tried using Microsoft Certificate Services and can't ...
    (microsoft.public.win2000.ras_routing)
  • RE: X509 Cert Services Cert
    ... "HOL202 Exploring WSE 3.0 Security " Hands-On Lab ... certificate that you installed a few steps ago. ... ASPNET local account by default, so grant read access to that account by ... > certs with no issue but receive a bunch of different errors when attempting ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: The message must contain a wsa:To header
    ... How can I check that the WSE is running? ... at ApplicationMessagingWS.Dispatch(String messageType, String ... be used along with the Integrity assertion when the presence of the ... look for a certificate with this subject name in the certificate store ...
    (microsoft.public.dotnet.framework.webservices.enhancements)