Processing UsernameForCertificateAssertion

---

• From: "gregabor" <gregor.borosa@xxxxxxxxx>
• Date: 27 Jun 2006 13:26:12 -0700

---

Hi there,

I'm using UsernameForCertificateAssertion and I have problem
understanding few things about processing SOAP messages, algorithms,
keys etc.

1) I don't see any connection between any ID values of SOAP headers in
OutputTrace and InputTrace.webinfo. Shouldn't some IDs match, at least
MessageID or something?

2) In OutputTrace.webinfo in SOAP header I have
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p in EncryptedKey part,
then also some SHA1 hashing.
In the body, there is http://www.w3.org/2001/04/xmlenc#aes256-cbc.
In InputTrace.webinfo in SOAP header there are TWO SAME DerivedKeyToken
parts, both using http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1 ,
but there is no RSA mentioned as in OutputTrace.
Shouldn't both sent and received soap headers use same encrypt/decrypt
algorithms?


Also, why Pablo Cibraro says
(http://weblogs.asp.net/cibrax/archive/2005/09/19/425555.aspx) that
default algorithm in WSE3.0 is AES128 + RSA 1.5, if I'm getting AES256
as default? Were there any changes in the WSE3.0?

Can you suggest any links about how keys are generated and used in more
detail? The WSS patterns & practices is too general in this area.

Thank you for all your help. I can't sleep because of these questions
:)
Kind regards,
Greg

.

---

• Follow-Ups:
  • Re: Processing UsernameForCertificateAssertion
    • From: Pablo Cibraro

• Prev by Date: Re: Interop between WSE 2.0 and 3.0
• Next by Date: Re: WSE 3.0, usernameOverTransportSecurity, custom Token Manager w/ securityTokenManager,
• Previous by thread: Derived Key
• Next by thread: Re: Processing UsernameForCertificateAssertion
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Problem with WCF adapter and SOAP headers in BizTalk 2006 R2 ... You can add custom SOAP headers to the outbound message by setting the ... be avoided to set the standard SOAP headers. ... something must be done differently from using the standard SOAP adapter. ... (microsoft.public.biztalk.general) Re: best way implement web service with authentication. ... But it's a better idea to encrypt and pass the SOAP headers. ... Best way to authenticate the client. ... (microsoft.public.dotnet.framework.aspnet.webservices) RE: security for WS call from behavior and ASP.net ... I would recommend using SOAP headers ... and authenticating at the message level. ... (microsoft.public.dotnet.framework.aspnet.security) Re: soap ... Soap headers. ... my app is using vb dotnet to call a web service and i would ... > also the soap rapper on a response? ... (microsoft.public.dotnet.languages.vb) Re: Good news...well almost... ... And before Brian gets on his soap box...the FL was to encourage people who had an interest to join us...a little like having a few keys in you hand and only one fits the lock...the FL is the helping hand that sorts the keys out...M3KJD is a little like a burglar...someone has left the door ajar and in he snuck... ... (uk.radio.amateur)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > DotNet  > microsoft.public.dotnet.framework.webservices.enhancements  > 2006-06