none
X509Certificate signature in WSE 3.0 RRS feed

  • Question

  • Hi everybody.

    Unfortunately I failed configuring WCF to work with JAVA WebService X509 protected. The problem was described here:

    http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/15b8ada3-e1e3-4b35-acf2-4cc8b713e326

    Now I'm trying to use WSE 3.0 to achieve the same. It's almost done, but there is a problem with signing requested part using X509Certificate. In many examples I found this should work without a problem, but here I don't know how to force framework to sign with proper method.

    As you can see in above linked topic and 'final required' SOAP included, there is a tag:

    <wsse:KeyIdentifier EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">__LONGHASH__</wsse:KeyIdentifier>
    

    ValueType attribute is set to BLABLA#X509v3, but my, WSE generated SOAP contains BLABLA#X509SubjectKeyIdentifier value.

    Here is some code which generates the signature:

     

     public
    
     override
    
     void
    
    
     SecureMessage(SoapEnvelope envelope, Security security)
     {
     UsernameToken userToken = new
    
    
     UsernameToken(
     Form1.uname,
     Form1.pwd,
     PasswordOption.SendHashed);
     // we don't send password over network
    
    
    
     // but we just use username/password to sign/encrypt message
    
    
    
     // Add the token to the SOAP header.
    
    
    
     security.Tokens.Add(userToken);
    
     // Sign the SOAP message by using the cert...
    
    
    
     X509SecurityToken certSToken = new
    
    
     X509SecurityToken(Form1.CertPK);
     
     MessageSignature sig = new
    
     MessageSignature(certSToken);
    
     SignatureOptions opt = SignatureOptions.IncludeSoapBody;
    
     sig.SignatureOptions = opt;
    
     security.Elements.Add(sig);
     }
    
    
    

     

    Any idea how can I force to use X509v3 cert not the SubjectkeyIdentifier?

    I used the same cert file to compose message in SOAP UI, there I have option which "Key Identifier Type" to choose. Both option are available, but WebService accepts only X509v3 one.

    Regards

     

     

     

     

     

     

     

    Friday, July 23, 2010 12:04 PM