WSE 3.0 With Both UsernameToken and x.509 certificates RRS feed

  • Question

  • I have a web-service and a client(web-service) both developed in c#.

     I have managed to successfully get WSE 3.0 to use mutual x.509 certificates to sign and encrypt my messages.

     I have also managed to successfully get WSE 3.0 to carry out user authentication via UsernameTokens.

     The problem that I have is that I would like to have a mix of mutual x.509 certificates and UsernameTokens working within the same solution. 

     My client is itself a web-service that runs locally at user sites and acts as a geteway to my central service.

     My hope is to have one client x.509 certificate per site.

    I want to use x.509 certificates to encrypt the data and sign with a signature that represents which client site the request has come from.  I also want to identify and verify the individual user that made the request via UsernameTokens.

     It seems that the 'setup-wizard' for WSE only allows me to choose either certificate based or username based authentication as opposed to both certificate based and username based authentication.

    Friday, July 25, 2014 11:32 AM

All replies