Re: SecureConversation Problem

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

---

• From: "James Han***" <~james@xxxxxxxxxxxxxxxxxxxx>
• Date: Mon, 26 Jun 2006 23:04:01 -0400

---

Hrm. OK.

I figured that SecureConversation would use some sort of session to ensure
that the information was secure for all future messages instead of sending
that info... oh well. SSL isn't an option, so this will have to do. It's
about the same size as previous messages anyhow...

Thanks for your help!

"Pablo Cibraro" <pcibraro@xxxxxxxxxxx> wrote in message
news:eN1KALTmGHA.5076@xxxxxxxxxxxxxxxxxxxxxxx

Hi James,

Secure conversation only assures that you authenticate the client once
(instead of authenticate it for each message).
You can not get ride of the signature and security stuffs because in that
way your messages can suffer tampering attacks.
If you want smaller messages, WS-Security or message security is not the
way to go and you should consider using transport security as SSL.
Anyway, the choice between transport security and message security depends
on your security requirements for the web services.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"James Han***" <~james@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:enbjYDJmGHA.4868@xxxxxxxxxxxxxxxxxxxxxxx

I've created my own Assertion using UsernameToken (I use 512 bit
passwords that aren't sent over the wire and are unique per session and
the data is encrypted in my assertion). In that new assertion, I've
implimented SecureConversation by using the following:

SecureConversationServiceSendSecurityFilter etc. etc. etc.
And inherit my assertion from SecirtyPolicyAssertion.

I don't get any errors and all of my encryption and signing stuff works
great.

The problem is that every message has all of the signature and header
crap that I was hoping to avoid. The end result is 80K of wasted junk on
every message, even though I'm using SecureConversation.

My question is, how do I get rid of this junk (i.e. duplicate stuff from
every message, I realize the first one will have it, but from every
subsequent message)? What have I missed in my secureconversation stuff? I
thought it just stripped out everything automatically after you made your
assertion (which is clearing working because the traces are showing the
nice encryption and stuff) inherit from the secure conversation classes.

Thanks!

James Han***

.

---

• References:
  • SecureConversation Problem
    • From: James Han***
  • Re: SecureConversation Problem
    • From: Pablo Cibraro

• Prev by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
• Next by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
• Previous by thread: Re: SecureConversation Problem
• Next by thread: Re: SecureConversation
• Index(es):
  • Date
  • Thread

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.webservices.enhancements  > 2006-06