none
What is implementation of function "SetupCertificates(credentials);" RRS feed

  • Question

  • Hi,

    I am trying to build example from MSDN article 729856 (https://msdn.microsoft.com/en-us/library/ms729856(v=vs.110).aspx?cs-save-lang=1&cs-lang=csharp#code-snippet-5, Windows Communication Foundation/Extending WCF/Extending Security), but I did not find implementation or reference to some dll for function "SetupCertificates(credentials);".

    Where can I find it ? Or what reference am I missing ?

    Thanks. Tomas

    Wednesday, August 10, 2016 12:43 PM

Answers

  • Hi Tomas,

    >> I did not find implementation or reference to some dll for function "SetupCertificates(credentials);".

    Based on the document, SetupCertificates is used to set Certificates for ClientCredentials and ServiceCredentials. I think you could create your own SetupCertificates with setting clientSigningCert, clientEncryptingCert, serviceSigningCert and serviceEncryptingCert.

    Here is a simple code:

    //**********Setup certificates(credentials);
    credentials.ServiceSigningCertificate = _ServiceCertificate
    credentials.ServiceEncryptingCertificate = _ClientCertificate;
    credentials.ClientSigningCertificate = _ClientCertificate;
    credentials.ClientEncryptingCertificate = _ServiceCertificate;

    Best Regards,

    Edward


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    • Marked as answer by martinek.t Saturday, August 13, 2016 11:11 AM
    Thursday, August 11, 2016 12:11 PM

All replies

  • Hi Tomas,

    >> I did not find implementation or reference to some dll for function "SetupCertificates(credentials);".

    Based on the document, SetupCertificates is used to set Certificates for ClientCredentials and ServiceCredentials. I think you could create your own SetupCertificates with setting clientSigningCert, clientEncryptingCert, serviceSigningCert and serviceEncryptingCert.

    Here is a simple code:

    //**********Setup certificates(credentials);
    credentials.ServiceSigningCertificate = _ServiceCertificate
    credentials.ServiceEncryptingCertificate = _ClientCertificate;
    credentials.ClientSigningCertificate = _ClientCertificate;
    credentials.ClientEncryptingCertificate = _ServiceCertificate;

    Best Regards,

    Edward


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    • Marked as answer by martinek.t Saturday, August 13, 2016 11:11 AM
    Thursday, August 11, 2016 12:11 PM
  • Thanks. I tried my own implementation for SetupCertificates method (to read 2 certificates from LocalMachine store), but this solution unfortunately has not solve my situation. This sample solution creates message security mode at the end, but I need transport security mode with one certificate, and sign whole request body with another certificate. This sample solution generates me an error "Could not establish secure channel for SSL/TLS with authority 'wsd2.cnb.cz'.". So no SSL connection was created as in transport security mode.

    When I use this configuration (my own, transport security mode):

    <system.serviceModel>
    	<behaviors>
    		<endpointBehaviors>
    			<behavior name="CruBehavior">
    				<clientCredentials>
    					<clientCertificate findValue="17a34cf8d70455d92dc152b43b73de48ba59ff66" storeLocation="LocalMachine" x509FindType="FindByThumbprint" />
    				</clientCredentials>
    			</behavior>
    		</endpointBehaviors>
    	</behaviors>
    	<bindings>
    		<basicHttpsBinding>
    			<binding name="CruBindingHttps">
    				<security mode="Transport">
    					<transport clientCredentialType="Certificate" />
    				</security>
    			</binding>
    		</basicHttpsBinding>
    	</bindings>
    	<client>
    		<endpoint address="https://wsd2.cnb.cz/cruuzmvd/services/cruuzmvdPort" behaviorConfiguration="CruBehavior" binding="customBinding" bindingConfiguration="CruCustomBinding"
    		contract="TestCallAllCb3Services.Interfaces.ICru" name="Cru" />
    	</client>
    </system.serviceModel>

    ... I can set up SSL connection, but I get error "WSDoAllReceiver: Request does not contain required Security header". I can see soap message in log with "Source="TransportSend"", but service end point rejected this not signed request (security headers with sign is missing). But message has to be sign with another certificate with thumb print "c90f4aafa38e21daeb43dab13bdd50d98423bd4d" (it is definitely different from clientCertificate used as ClientCredentialType for transport mode).

    How can I sign the message with this second certificate ? I found some solution with SecureMessage method in WSE, but none for WCF itself (without WSE). It seems that this is not common situation. I have to use SSL channel (one certificate is used to set up this channel), and through this channel I have to send signed message (second certificate is used to sign it). Service end point is Java Web service, and it is a third party solution (I have only WSDL without any security, none soap request example, or some .Net solution or setting recommendation).

    Any ideas or solution would be very fine.


    Thursday, August 11, 2016 8:47 PM
  • Hi Tomas,

    >> This sample solution generates me an error "Could not establish secure channel for SSL/TLS with authority 'wsd2.cnb.cz'.". So no SSL connection was created as in transport security mode.

    For your original issue, it is related with "SetupCertificates(credentials);". For this new issue which is related with this specific error, I suggest you post a new thread for this new issue, and then we could focus on this issue.

    Best Regards,

    Edward


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Saturday, August 13, 2016 6:04 AM