specify service identity
- Hi consider a server side config filewhat is the difference between this section<service >
<endpoint ...>
<identity >
...</identity>and this section<
serviceBehaviors>
<behavior name="xx">
<serviceCredentials> ...regarding configuring service identity ? they do look the samethank in advance
Answers
- Hello:
1) The service/endpoint/identity element defines the identity of the endpoint. This identity can be defined as: a X509 certificate, a RSA public key, a DNS name, a SPN, ...
This identity will be exposed in the address inside the WSDL (using the WS-Addressing extensions)
2) The behavior/serviceCredentials defines the "security settings" of the service.
This includes the information for the service to prove its identity (e.g. the certificate with an associated private key) but also additional information, namely
- settings related to the validation of client ST
- other settings related to the establishment of secure contexts (WS-SecureConversation)
The binding selects the "type" of security to use. The ServiceCredentials contains the specific settings for the selected "type". The identity only contains the public identity of the endpoint.
Hope it helps
Pedro Felix
All Replies
- I understand one is related to the endpoint (interface) and the other to the
class .. is this the difference ? if it's so, how would that turn usefull
and meaningfull ?
TIA - Hello:
1) The service/endpoint/identity element defines the identity of the endpoint. This identity can be defined as: a X509 certificate, a RSA public key, a DNS name, a SPN, ...
This identity will be exposed in the address inside the WSDL (using the WS-Addressing extensions)
2) The behavior/serviceCredentials defines the "security settings" of the service.
This includes the information for the service to prove its identity (e.g. the certificate with an associated private key) but also additional information, namely
- settings related to the validation of client ST
- other settings related to the establishment of secure contexts (WS-SecureConversation)
The binding selects the "type" of security to use. The ServiceCredentials contains the specific settings for the selected "type". The identity only contains the public identity of the endpoint.
Hope it helps
Pedro Felix Hi,
I still have confusion. I was recently trying out a WindowsCardSpace sample using WsFederationHttpBinding.
1) On the service side If I leave Identity blank for an endpoint it produces certificate encoded value on Add Service Reference. Also by default the identity element on service is DNS localhost & when i leave it as is, on the client side I only get identity in form of DNS. What are the scenarios under which one would modify this? (I guess one of them is what I mentioned but it also what's the default value if left blank). In addition when would one use others like SPN, etc.
2) If the client uses identity inside endpoint to ensure that it's communicating to the same service, which certificate client uses to encrpyt the personal card that it sends to service? Is it the same encoded value for encryption? Can we use the same in WsHttpBinding with UsernameToken ASP.NET security? In which scenario you would consider erasing the identity & define service ceredentials for an endpoint via behavior?
The demarcation is not quite clear.
Life is so beautiful!!!
Success,
Niraj
P.S. (sorry if i messed it up)
