Re: WSE 3.0 CertSrv Request
- From: "Techno_Dex" <nospamchurst@xxxxxxxxxxxx>
- Date: Thu, 7 Sep 2006 13:58:55 -0500
The output trace has the following....
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Design.MutualCertificate11Assertion+ClientOutputFilter"
/>
<processingStep description="Exception thrown: WSE910: An error happened
during the processing of a response message, and you can find the error in
the inner exception. You can also find the response message in the Response
property."> at
Microsoft.Web.Services3.Messaging.SoapClient.SendRequestResponse(String
methodname, SoapEnvelope envelope)
at
Microsoft.Web.Services3.Security.SecurityTokenServiceClient.RequestSecurityToken(SecurityTokenMessage
request, String methodName)
at
Microsoft.Web.Services3.Security.SecurityContextTokenServiceClient.RequestSecurityContextToken(AppliesTo
appliesTo)
at
Microsoft.Web.Services3.Security.SecurityContextTokenServiceClient.IssueSecurityContextToken(AppliesTo
appliesTo)
at
Microsoft.Web.Services3.Security.Tokens.SecurityContextTokenManager.RequestTokenFromIssuer(EndpointReference
tokenIssuer, String tokenType, AppliesTo appliesTo, Policy policy,
SoapProtocolVersion soapVersion, StateManager messageState, StateManager
operationState, StateManager sessionState)
at
Microsoft.Web.Services3.Security.SecureConversationClientSendSecurityFilter.EstablishSecureConversation(SoapEnvelope
envelope)
at
Microsoft.Web.Services3.Security.SecureConversationClientSendSecurityFilter.SecureMessage(SoapEnvelope
envelope, Security security)
at
Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope
envelope)</processingStep>
"Pablo Cibraro [MVP]" <pcibraro@xxxxxxxxxxx> wrote in message
news:%23q568Oq0GHA.1268@xxxxxxxxxxxxxxxxxxxxxxx
mmm, it seems that something is bad configured on the server side. Take a
look to the server trace to see if you can find any error there.
Regards,
pablo.
"Techno_Dex" <nospamchurst@xxxxxxxxxxxx> wrote in message
news:uvJgyjf0GHA.1268@xxxxxxxxxxxxxxxxxxxxxxx
The InputTrace from the Client has the following error message. The
Client OutputTrace looks clean. I am unable to get the Service to spit
out any logging info when using a VS ASP.NET Development Server.
- <soap:Fault>
<faultcode>soap:MustUnderstand</faultcode>
<faultstring>System.Web.Services.Protocols.SoapHeaderException: SOAP
header Security was not understood. at
System.Web.Services.Protocols.SoapHeaderHandling.SetHeaderMembers(SoapHeaderCollection
headers, Object target, SoapHeaderMapping[] mappings, SoapHeaderDirection
direction, Boolean client) at
System.Web.Services.Protocols.SoapServerProtocol.CreateServerInstance()
at System.Web.Services.Protocols.WebServiceHandler.Invoke() at
System.Web.Services.Protocols.WebServiceHandler.CoreProcessRequest()</faultstring>
</soap:Fault>
"Pablo Cibraro [MVP]" <pcibraro@xxxxxxxxxxx> wrote in message
news:OaBGs5b0GHA.3464@xxxxxxxxxxxxxxxxxxxxxxx
Hi,
I need to set the CSP to "Microsoft Enhanced Cryptographic Provider
1.0". I marked the Key Usage as Both (Exchange and Signature), set the
Key Size to 1024, checked Create new key set, Mark Keys as exportable.
I set the Hash algorithm to SHA-1
All those settings are correct, so what error are you receiving from WSE
when you try to use those certificates ?
Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
"Techno_Dex" <nospamchurst@xxxxxxxxxxxx> wrote in message
news:eirCk8SzGHA.3512@xxxxxxxxxxxxxxxxxxxxxxx
I am having a problem creating the appropriate Certificates for mutual
X509 security use our in house Cert Authority with teh CertSrv wizard.
I have not found any good documentation on what type of certificates
need to be created and which parameters need to be set in the CertSrv.
I took a look at Pablo's blog
http://weblogs.asp.net/cibrax/archive/2006/08/08/Creating-X509-Certificates-for-WSE-or-WCF.aspx
but all that does is obscure the CertSrv Template that is used to create
the desired Certifcates instead of explaining which options need to be
set.
So far I am using the Advanced request option in the CertSrv and using
the CA form option to populate the cert details. I'm assuming that the
Intended Purpose is "Server Authentication Certificate" for the WS side
and "Client Authentication Certificate" for the Client side. From
Pablo's blog is appears I need to set the CSP to "Microsoft Enhanced
Cryptographic Provider 1.0". I marked the Key Usage as Both (Exchange
and Signature), set the Key Size to 1024, checked Create new key set,
Mark Keys as exportable. I set the Hash algorithm to SHA-1.... Can
someone shed some light on what I'm missing?
.
- References:
- Re: WSE 3.0 CertSrv Request
- From: Pablo Cibraro [MVP]
- Re: WSE 3.0 CertSrv Request
- From: Techno_Dex
- Re: WSE 3.0 CertSrv Request
- From: Pablo Cibraro [MVP]
- Re: WSE 3.0 CertSrv Request
- Prev by Date: Re: WSE 3.0 CertSrv Request
- Next by Date: Re: WSE 3.0 CertSrv Request
- Previous by thread: Re: WSE 3.0 CertSrv Request
- Next by thread: Re: WSE 3.0 CertSrv Request
- Index(es):
Relevant Pages
|
