I was able to modify the sample for SecureConversation to use a shared
secret. Basically i changed it from using x509 certs ot use a UsernameToken
that was known by both the client and server. Here's what i did:
SecureConvClient.cs modifications:
1) Replace the existing token and issuerToken with a single UsernameToken
that is your shared secret. Set the PasswordOption.SendNone.
2) When calling client.IssueSecurityContextTokenAuthenticated() replace the
token and issuerToken with your UsernameToken.
CustomUsernameTokenManager.cs
1) In AuthenticateToken() look for your username token and return the
password for it. This is used to authenticate the client request.
2) Add an override for LoadTokenFromKeyInfo() that returns the same
UsernameToken that represents your shared secret. This will encrypt the
token response.
Modify Web.Config on the server:
1) In the web.config for the secure conversation server replace the
<wsse:SecurityTokenReference> with the following:
<wsse:SecurityTokenReference>
<wsse:Reference
ValueType="
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username- token-profile-1.0#UsernameToken" />
</wsse:SecurityTokenReference>
This works for me and looking at the trace everything looks encrypted.
However I haven't gotten any "final word" from Microsoft people if this is
correct or not...
Kyle
[quoted text, click to view] "Neil Allen" <neilal@fwbaker.co.uk> wrote in message
news:Ob1%23bqvcEHA.3512@TK2MSFTNGP12.phx.gbl...
> I have used WSE 1.0 with a shared-secret to encrypt my service.
>
> Now I have upgraded to WSE 2.0 it's all gone to pot.
>
> Does anyone have a code sample to do the shared-secret bits using custom
> security tokens and custom security token managers?
> - or a link to a tutorial -
>
> Thanks,
>
> Neil..
>
>
>
