This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

signing SecurityToken using X509 certificate

Question
0

Sign in to vote

I created custom security token in code. I would like to sign it using x509 certificate before sending it to client in code? How can we do this

Thanks

ajit

Tuesday, January 4, 2011 6:57 PM

Answers

0

Sign in to vote
create the security binding element from code like this:

SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement(new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never));

element.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());

element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;

use this element as part of a custom binding. of course change the username token to your one. also you may want to slightly fine tune the other settings depending on your needs.

http://webservices20.blogspot.com/
WCF Security, Interoperability And Performance Blog
- Proposed as answer by Yaron Naveh Friday, January 7, 2011 6:28 PM
- Marked as answer by Steven Cheng - MSFT Thursday, January 13, 2011 2:32 AM
Tuesday, January 4, 2011 8:09 PM

All replies

0

Sign in to vote
create the security binding element from code like this:

SymmetricSecurityBindingElement element = new SymmetricSecurityBindingElement(new X509SecurityTokenParameters(X509KeyIdentifierClauseType.Thumbprint, SecurityTokenInclusionMode.Never));

element.EndpointSupportingTokenParameters.SignedEncrypted.Add(new UserNameSecurityTokenParameters());

element.MessageSecurityVersion = MessageSecurityVersion.WSSecurity11WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11;

use this element as part of a custom binding. of course change the username token to your one. also you may want to slightly fine tune the other settings depending on your needs.

http://webservices20.blogspot.com/
WCF Security, Interoperability And Performance Blog
- Proposed as answer by Yaron Naveh Friday, January 7, 2011 6:28 PM
- Marked as answer by Steven Cheng - MSFT Thursday, January 13, 2011 2:32 AM
Tuesday, January 4, 2011 8:09 PM
0

Sign in to vote

if you want to sign it directly you can sign it anyway you want and add it to the message.

if you want wcf to sign it for you then use the code I showed.
http://webservices20.blogspot.com/
WCF Security, Interoperability And Performance Blog

Tuesday, January 4, 2011 9:27 PM