Re: WSE2005: Protection requirements in MutualCertificate11Assertion..

From: "Pablo Cibraro" <pcibraro@xxxxxxxxxxx>
Date: Tue, 11 Jul 2006 10:01:58 -0400

Hi Chris,

The algorithm can be a problem, but I am not sure about that . If the
service is using WSE 3.0, it is probably using RSA-OAEP because that is the
default algorith.
Did you take a look to the eventlog or the trace files ?. You will find more
information about the error there.
I will able to help you more if you give me the error description that you
find in those sources.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
[MVP - Connected Systems Developer]

"Chris Fink" <ChrisFink@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:ED825FA5-59BA-4D02-B18E-F3861F2998A1@xxxxxxxxxxxxxxxx

I am receiving the following error when trying to consume a secure WSE
webservice using client certificates:

WSE2005: Protection requirements in MutualCertificate11Assertion are not
satisfied.

The client is using Windows Server 2003.
I've placed my client cert (w/public + private key) in the Local Machine
Personal Store and granted it everyone FULL access using the certificates
tools.
I've placed the customers cert (w/public key only) in the Local Mach -
Other
Peoples store.
I've added the following to my client's web.config, as per the following
recommendation:
http://www.thedatafarm.com/blog/PermaLink,guid,0d461526-d79d-49ce-8c8e-30dbb4646b50.aspx

<security>
<x509 allowTestRoot="true" />
<binarySecurityTokenManager>
<add
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
<keyAlgorithm name="RSA15" />
</add>
</binarySecurityTokenManager>
</security>

Obviously, I have no control over the webservice that I am calling. Is it
possible that the problem is that the service is setup using a different
algorithm? Is this something I need to address on the service or client
side?

Thanks for your help!

Follow-Ups:
- Re: WSE2005: Protection requirements in MutualCertificate11Asserti
  - From: Chris Fink

Prev by Date: Re: HttpHandler Problem in ASP .NET 2.0
Next by Date: Re: X.509 Certificates and the WSE
Previous by thread: WSE 3 SAML Null principal with SecureConversation enabled
Next by thread: Re: WSE2005: Protection requirements in MutualCertificate11Asserti
Index(es):
- Date
- Thread

Relevant Pages

Re: Searching for a special challenge&response algorithm
... I am searching for a special challenge & response algorithm which allows to ... When a client connects to a server it has to authenticate itself against ... For preventing brute force attacks against this authentication ...
(sci.crypt)
Re: Message encryption
... algorithm, you need to add the following setting in the web.config file: ... I can see in the output trace that the windows2000 client is encrypting ... I have two machines Windows 2000 Pro and Windows XP Home. ... to force which encryption algorithm to use. ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: WSE3003 Error - encryption algorithm differs on client and server
... In order to change the default algorithm, you need to add the following ... When my client is windows xp and server is the same, ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Message encryption
... default algorithm, you need to add the following setting in the web.config ... I can see in the output trace that the windows2000 client is encrypting ... I have two machines Windows 2000 Pro and Windows XP Home. ... to force which encryption algorithm to use. ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: Requiest advice on PE exam
... > Where an engineer has a fiduciary responsibility to his client (i.e. he ... > a PE if he wants to apply his signature as an "engineer". ... > Most algorithm development doesn't fall into this class. ...
(comp.dsp)