Re: Client X509 Authorization Programmatically

---

• From: "Pablo Cibraro" <pcibraro@xxxxxxxxxxx>
• Date: Tue, 27 Jun 2006 10:20:04 -0400

---

I know what the problem is, you do not have to override the
MutualCertificate11Assertion to create your own authorization assertion.

You should create a new assertion, something like this,

public class CertAssertion : PolicyAssertion
{ ...

public override SoapFilter
CreateServiceInputFilter(FilterCreationContext context)
{
auth = new AuthorizationAssertion();
auth.Rules.Add(new AccessCheckRule(true,
"CN=WSE2QuickStartClient"));
auth.Rules.Add(new AccessCheckRule(false, "*"));
return auth.CreateServiceInputFilter(context);
}
}

After that, you must configure both assertions in your policy file, the
MutualCertificate11Assertion first, and then the CertAssertion.

Let me know if that works

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax

"Adriana" <Adriana@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1D51A359-F1F1-4820-AADE-F2458666B08B@xxxxxxxxxxxxxxxx

I tried with your answer but it didn't work...The code at the service is
something like:

public class CertAssertion : MutualCertificate11Assertion
{ ...

public override SoapFilter
CreateServiceInputFilter(FilterCreationContext context)
{
auth = new AuthorizationAssertion();
auth.Rules.Add(new AccessCheckRule(true,
"CN=WSE2QuickStartClient"));
auth.Rules.Add(new AccessCheckRule(false, "*"));
return auth.CreateServiceInputFilter(context);
}
}

The input trace file, looks like:

Entering SOAP filter
Microsoft.Web.Services3.Design.AuthorizationAssertion+AuthorizationFilter

Exception thrown: Identity token not found. Authorization assertion
requires
identity token to be supplied by security assertion that runs prior to
authorization. at
Microsoft.Web.Services3.Design.AuthorizationAssertion.GetPrincipal(SoapEnvelope
envelope, RoleProvider roleProvider) at
Microsoft.Web.Services3.Design.AuthorizationAssertion.AuthorizationFilter.ProcessMessage(SoapEnvelope
envelope) at
Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)

Maybe i need add something into the client? The policy at the client side,
is only a MutualCertificate11Assertion, without a custom assertion...

Thanks a lot!

.

---

• Follow-Ups:
  • Re: Client X509 Authorization Programmatically
    • From: Adriana

• References:
  • Re: Client X509 Authorization Programmatically
    • From: Pablo Cibraro

• Prev by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
• Next by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
• Previous by thread: Re: Client X509 Authorization Programmatically
• Next by thread: Re: Client X509 Authorization Programmatically
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)