Re: WSE 3.0 cert question
- From: "Pablo Cibraro [MVP]" <pcibraro@xxxxxxxxxxx>
- Date: Wed, 23 Aug 2006 09:52:12 -0400
Hi Jeff,
Since you are using SSL (Https), the username token will be encrypted
without any additional configuration. When you use SSL, the entire messages
are encrypted using the certificate configured in the server, you only have
to configure the client application and service application to use the
turn-key scenario "UsernameOverTransportSecurity".
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"jeff" <jeffr76@xxxxxxxxx> wrote in message
news:uqFo8chxGHA.2264@xxxxxxxxxxxxxxxxxxxxxxx
Hello all
so i have a web-service that will be ran over SSL and it has a custom
UsernameToken that can validate my users with a db now i would like to
encrypt this UsernameToken so using an X509 cert sounds like the logical
action. now management doesn't not want anything installed on the clients
boxes (click-once install only) so making the client install a cert into
there computer is not an option(if i can do the install via click once
that might work) anyway the web service will be over SSL so i should have
access to the public key of the web server. how would i go about getting
the public key from the web server and using that to encrypt the
UsernameToken or if any has better idea or suggestions i would be happy to
hear
thanks
jeff
.
- References:
- WSE 3.0 cert question
- From: jeff
- WSE 3.0 cert question
- Prev by Date: Requiring username token in WSE 2.0
- Next by Date: Re: Requiring username token in WSE 2.0
- Previous by thread: WSE 3.0 cert question
- Next by thread: Requiring username token in WSE 2.0
- Index(es):
Relevant Pages
|
