Re: Client X509 Authorization Programmatically
- From: Adriana <Adriana@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 28 Jun 2006 03:06:02 -0700
Good news! It works! :)
At the server the code is something like:
public class CertAssertion : PolicyAssertion
{ ...
public override SoapFilter
CreateServiceInputFilter(FilterCreationContext context)
{
auth = new AuthorizationAssertion();
auth.Rules.Add(new AccessCheckRule(false,
"CN=WSE2QuickStartClient"));
auth.Rules.Add(new AccessCheckRule(false, "*"));
return auth.CreateServiceInputFilter(context);
}
}
public class CustomCertPolicy : Policy
{
public CustomCertPolicy()
{
MutualCertificate11Assertion assertionCert = new
MutualCertificate11Assertion();
//Include here MutualCertificate11Assertion configuration:
ServiceX509TokenProvider, Protection,...
CertAssertion assertionAuth = new CertAssertion();
this.Assertions.Add(assertionAuth);
this.Assertions.Add(assertionCert);
}
}
Just one key: youmust add the assertions in strict order, that is, first
authorization assertion, if you add first MutualCertificate11Assertion the
same exception is throwed:
Entering SOAP filter
Microsoft.Web.Services3.Design.AuthorizationAssertion+AuthorizationFilter
Exception thrown: Identity token not found. Authorization assertion requires
identity token to be supplied by security assertion that runs prior to
authorization. at
Microsoft.Web.Services3.Design.AuthorizationAssertion.GetPrincipal(SoapEnvelope
envelope, RoleProvider roleProvider) at
Microsoft.Web.Services3.Design.AuthorizationAssertion.AuthorizationFilter.ProcessMessage(SoapEnvelope
envelope) at
Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope envelope)
Thanks a lot for your help!!!
.
- References:
- Re: Client X509 Authorization Programmatically
- From: Pablo Cibraro
- Re: Client X509 Authorization Programmatically
- From: Pablo Cibraro
- Re: Client X509 Authorization Programmatically
- Prev by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
- Next by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
- Previous by thread: Re: Client X509 Authorization Programmatically
- Next by thread: Webservice on Compact Framework using X509Certificate.
- Index(es):
