none
Usernametoken Encryption RRS feed

  • Question

  • We have been provided by below policy file from our client. How we can generate configuration file for WCF or WSE 3.0? 

    We need to consume new web services and we are told that this policy should be able to generate message security configuration so that we can plug in x509 certificates into that. 

    Security requirements includes:

    1. Encrypted Usernametoken using x509 asymmetric bindings and TripleDESRSA15 key.

    2. Digitally signed Soap Body and timestamp. 

    svcutil is not generating proper configuration file when we passed this policy. It has created simple bindings node with endpoint details. It did not generated anything for security. 

    Appreciate your help in advance.

    <wsp:Policy wsu:Id="policy0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">

    <wsp:ExactlyOne>

    <wsp:All>
    <sp:AsymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:InitiatorToken>
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:WssX509V3Token10 />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:X509Token>
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:InitiatorToken>
    <sp:RecipientToken>
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:X509Token>
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:WssX509V3Token10 />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:X509Token>
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:RecipientToken>
    <sp:AlgorithmSuite>
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:TripleDesRsa15 />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:AlgorithmSuite>
    <sp:Layout>
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:Strict />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:Layout>
    <sp:IncludeTimestamp />
    <sp:OnlySignEntireHeadersAndBody />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:AsymmetricBinding>
    <sp:Wss10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:MustSupportRefEmbeddedToken />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:Wss10>
    <sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
    <sp:Body />
    </sp:SignedParts>
    <sp:EncryptedSupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
    <wsp:Policy>
    <wsp:ExactlyOne>
    <wsp:All>
    <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient" />
    <sp:HashPassword />
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>
    </sp:EncryptedSupportingTokens>
    </wsp:All>
    </wsp:ExactlyOne>
    </wsp:Policy>

    Tuesday, February 3, 2015 10:00 PM

Answers

All replies