none
RSA identity value syntax RRS feed

  • Question

  • My code gets System.Security.XmlSyntaxException with message "Invalid syntax on line 1." when trying to use RSA idendity following the example in http://msdn.microsoft.com/en-us/library/aa347738.aspx. Apparently WCF is expecting certain XML syntax in the RSA value string, instead of the plain public key string as in the MSDN example. 

    Can someone let me know what XML syntax I need to provide to RSA value?

    Below is the snippet of client side configuration that I am using.

          <endpoint name="X509WsHttp"
                    address="http://localhost/Configuration/ConfigurationService.svc/X509AuthenticationWsHttp"
                    binding="wsHttpBinding"
                    contract="ISecurityRuntimeX509Authentication"
                    behaviorConfiguration="X509Client"
                    bindingConfiguration="wsHttpBindingWithX509Authentication">
            <identity>
              <rsa value="30818902818100bda6a83bfa4b87a90b46a9dd49f7e4ddf881b0a38fba51d9b9a3b242f9929bf0953c9e33b53af60776f2f6b3a71a2579f72467a13782aefb810923a4545c3d508dddce33005aeda48d7db7ed4a5029ace967ff7e06c19b59a43b813371237ef0591fc774557f0a15f01e5df6c518f5c2f451cce8fac61900f2a41c8812a3997d0203010001"/>
            </identity>
          </endpoint>

    Monday, October 7, 2013 3:29 PM

Answers

  • Hi,

    As for the <identity>, it is used for specify some evidence to authenticate/verify the server-side WCF service/endpoint. For your case, if your service is using x509 certificate based service credentials, you can use <certificate> identity instead of RSA based identity. You just need to import a public key only certificate (contain the public key of the server-side service certificate to client) and specify the cert info (store and location name) which will be easier than using RSA key syntax. For RSA key syntax, I haven't tried it but the following MSDN reference has mentioned a sample syntax which shows that we need to embed the XML format RSA key info into the <RSA> element (with encoded format):

    #Service Identity and Authentication
    http://msdn.microsoft.com/en-us/library/ms733130.aspx

    #<identity> element
    http://msdn.microsoft.com/en-us/library/ms731721.aspx

    And if you stil want to use RSA key for the <identity>, you can try the following means:

    1) the ASP.NET aspnet_regiis.exe tool has provided option for us to export key info of RSA key to XML file

    #Importing and Exporting Protected Configuration RSA Key Containers
    http://msdn.microsoft.com/en-us/library/yxw286t2(v=vs.90).aspx

    2) Or we can consider writing a simple .NET app which programmatically obtain the RSA key info (from certificate or certain container) and then export the key info to XML format (through the ToXmlString method):

    #RSA.ToXmlString Method
    http://msdn.microsoft.com/en-us/library/system.security.cryptography.rsa.toxmlstring.aspx


    <THE CONTENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, WHETHER EXPRESS OR IMPLIED>
    Thanks
    MSDN Community Support

    Please remember to "Mark as Answer" the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Tuesday, October 8, 2013 2:47 AM
    Moderator