Re: .config file: How to configure message encryption with x509certificates.

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

It is working perfect now. I inspected the network traffic and it is encrypted.
Thank you very much Steven.

""Steven Cheng"" <stcheng@xxxxxxxxxxxxxxxxxxxx> wrote in message news:oODP8HmkJHA.3952@xxxxxxxxxxxxxxxxxxxxxxxxx
Thanks for your reply Max,

Well, the error is caused by the sevice endpoint identity of the
server-side doesn't match the one used at client-side(by default client use
"localhost" dns identity). A quick way to fix this problem is just change
the DNS identity(in your client application's app.config file) as the error
message suggested. For your case, just do the following change(in client
app's app.config):

========app.config of client app=========
<client>
<endpoint
............ >

<identity>
<!-- change it from localhost to the certificate
name -->
<dns value="XXX509Key" />
</identity>
</endpoint>
</client>
=============

Actually this <identity> is used for client to specify an expected value of
the service endpoint's server identity. You can get more information on
this in the MSDN reference:

#<identity>
http://msdn.microsoft.com/en-us/library/ms731721.aspx

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

--------------------
From: "Max2006" <alanalan3@xxxxxxxxxxxxxxxx>
References: <41D609D9-5080-4016-AED7-227B3C1E835A@xxxxxxxxxxxxx>
<S9HtOgckJHA.1704@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: .config file: How to configure message encryption with
x509certificates.
Date: Thu, 19 Feb 2009 00:16:22 -0500

Hi Steven,

I configured the way that you suggested. I receive the following exception
at the client side when I call a web method:

Identity check failed for outgoing message. The expected DNS identity of
the
remote endpoint was '127.0.0.1' but the remote endpoint provided DNS claim
'XXX509Key'. If this is a legitimate remote endpoint, you can fix the
problem by explicitly specifying DNS identity 'XXX509Key' as the Identity
property of EndpointAddress when creating channel proxy.

At the server side's web.config, I have the following code at the endpoint
identity:
<identity>
<certificateReference findValue="CN=XXX509Key"/>
</identity>



Could you help how can I fix the exception.

Thank you...Max




identity(for authentication)
========client-side code ============
static void CallService()
{
TestSVC.TestServiceClient client = new
TestSVC.TestServiceClient();

//set the service certificate(for client, it should be a
publick key only cerificate obtain from service side)

client.ClientCredentials.ServiceCertificate.SetDefaultCertificate
(
StoreLocation.LocalMachine,
StoreName.My,
X509FindType.FindByThumbprint,
"b0d98888fc2fec907661ef11aa430f29e6ae8a91"
);


//set the client crediential(certificate credential here)
client.ClientCredentials.ClientCertificate.SetCertificate(
StoreLocation.CurrentUser,
StoreName.My,
X509FindType.FindByThumbprint,

"9f1bbe2bf87df0e4c021292ffd8c68ad08648b7c"
);


string ret = client.GetDescription();

Console.WriteLine(ret);

}
================================

If you feel necessary, I can send the entire solution to you for
reference.
If there is anything unclear on this, please feel free to let me know.

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msdnmg@xxxxxxxxxxxxxx

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 2 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions. Issues of this
nature are best handled working with a dedicated Microsoft Support
Engineer
by contacting Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/en-us/subscriptions/aa948874.aspx
==================================================
This posting is provided "AS IS" with no warranties, and confers no
rights.


--------------------
From: "Max2006" <alanalan3@xxxxxxxxxxxxxxxx>
Subject: .config file: How to configure message encryption with
x509certificates.
Date: Wed, 18 Feb 2009 00:00:38 -0500


Hi,
I am looking for a simple way to configure my web.config file to message
encryption with x509 certificates. Could you refer me to an online
resource
that gives me a sample .config file how to leverage message encryption
with
basic http binding? I prefer basicHttp instead of wsHttp

I have created certificates with MakeCert the way that it explained here:
http://msdn.microsoft.com/en-us/library/ms733813.aspx

Any help would be appreciated,
Max



.

Relevant Pages

  • Re: VS2008 creates a 2nd endpoint when actualising a web reference
    ... If I remove it and then actualise, VS2008 will create me a second client entry. ... The service used to use wshttpbinding, and when you switch it to netTcpBinding and regenerate the service reference at client, you found the client generate two configuration section for the service endpoint, correct? ... We welcome your comments and suggestions about how we can improve the support we provide to you. ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: Change WCF client endpoint address
    ... You can pass a new Endpoint address instancein your ... WCF client proxy's constructor, e.g. ... Microsoft MSDN Online Support Lead ...
    (microsoft.public.dotnet.framework.webservices)
  • Re: VS2008 creates a 2nd endpoint when actualising a web reference
    ... you are developing an WCF service and a client through VS 2008. ... The service used to use wshttpbinding, and when you switch it to netTcpBinding and regenerate the service reference at client, you found the client generate two configuration section for the service endpoint, correct? ... We welcome your comments and suggestions about how we can improve the support we provide to you. ...
    (microsoft.public.dotnet.framework.webservices)
  • =?iso-8859-1?Q?SV=3A_Securing_RDP_-_Is_this_possible=3F?=
    ... Data encryption can protect your data by encrypting it on the ... client software do not support this high level of encryption. ... Windows XP Professional). ...
    (Security-Basics)
  • Re: OT: bittorrent help
    ... The main torrent clients all seem to support the same informal spec... ... A lot allow encryption. ... as long as your client has fallback options. ...
    (uk.media.tv.misc)