UsernameOverTransportSecurity+SSL Confusion, please help

Hi,

I am confused. I have a web service, and a client. Both are connected
over VPN. I want to use direct authentication from WSE 3.0. To secure
the transport of the messages, I just want to use SSL.

I have this set up working, but I am confused. I installed a test
certificate on my web server, so I need to access my web service over
SSL. However, in my policy config file on the client I have:
<policy name="usernameTokenSecurity">
<usernameOverTransportSecurity />
<requireActionHeader />
</policy>

in app.config on the client I have:
<microsoft.web.services3>
<diagnostics>
<trace enabled="false" input="InputTrace.webinfo"
output="OutputTrace.webinfo" />
<detailedErrors enabled="false" />
</diagnostics>
<policy fileName="Configuration\wse3policyCache.config" />
<security>
<x509 verifyTrust="true" allowTestRoot="true"
revocationMode="Offline" verificationMode="TrustedPeopleOrChain"/>
<binarySecurityTokenManager>
<add
type="Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31BF3856AD364E35"
valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";>
<keyAlgorithm name="RSA15" />
</add>
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>


in my client winform I have:
Service1.ServiceWse proxy = new Service1.ServiceWse();

UsernameToken token;
token = GetUsernameToken(txtUsername.Text,
txtPassword.Text, PasswordOption.SendPlainText);

proxy.SetClientCredential(token);
proxy.SetPolicy("usernameTokenSecurity");

Service1.Product product =
proxy.GetProductInformationWithSendPlainText(txtProduct.Text);

lblResults.Text =
String.Format(CultureInfo.InvariantCulture,
"Product: {0}, Quantity {1}, Unit price {2}",
product.Name, product.Quantity,
product.UnitPrice);
lblResults.Text += proxy.ValidateLogin();




I am just confused if this is what I want this to be? Is my app.config
file correct? The direct authentication works. My concern is if the SSL
is set up ok. Where do I sign the message with the public key?

Please help!!!

Thanks,
Mike

.

Relevant Pages

  • Re: SSL question
    ... It has some methods which are accessible by some client applications. ... I have developed this web service with the use of SSL in my head, ... > SSL will encrypt this information. ...
    (microsoft.public.inetserver.iis.security)
  • RE: SoapException - NullReferenceException
    ... As for webservice over SSL, there does exists some common issue such as the ... client certificate supplyment(if you've configured it to require client ... Microsoft MSDN Online Support Lead ... I have a web service running on an SSL connection and unfortunately I ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: Implementing a common SOAP Header across multiple Web Service Pages
    ... to set a client up to reference multiple Web ... the Web Service site would ... Your point about leaving the ASMX page as lean as possible and acting just ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Implementing a common SOAP Header across multiple Web Service Pages
    ... between my Web Service application and the client. ... public string SID; ... Web Service page, rather than to a dozen or so separate Web Service pages ... You can easily create a .ASMX file ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: An unexpected error occurred on a send
    ... Windows Client?), so the first issue may not be the problem, but firstly, ... the COM component must be called from a STA thread, while your Web Service ... App you are calling the Web Service from, to see if it cures the problem. ... > Protocol: SSL. ...
    (microsoft.public.dotnet.framework.webservices)