|
|
You're in the
dotnet web services enhancements
group:WSE 2.0 and alternate X.509 cert store locations
dotnet web services enhancements:
messages using X.509 certificates. It appears that my only options when doing this are to tell my Web service to look for certificates in either the LocalMachine or CurrentUser stores that Windows provides. If I would like to instead store my certificates somewhere else, such as an OpenLDAP server, or a different certificate store, is that an option? How can I tell WSE to look somewhere else for certificates? If I can't set a different value in the "x509 storeLocation" web.config node, can I override a method from WebService or something? Thanks, Ethan
You may create a custom security token manager to access the certs
repository. http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/3630a570-6cc2-4d8a-8194-1fe59a0e1e00.asp http://msdn.microsoft.com/msdnmag/issues/04/10/servicestation/default.aspx -- Hernan de Lahitte http://weblogs.asp.net/hernandl http://www.lagash.com/english/index.html [quoted text, click to view] <eshayne@bigfoot.com> wrote in message news:1105735066.579802.26990@f14g2000cwb.googlegroups.com... >I would like to use WSE 2.0 for signing and encrypting Web service > messages using X.509 certificates. It appears that my only options when > doing this are to tell my Web service to look for certificates in > either the LocalMachine or CurrentUser stores that Windows provides. > > If I would like to instead store my certificates somewhere else, such > as an OpenLDAP server, or a different certificate store, is that an > option? How can I tell WSE to look somewhere else for certificates? If > I can't set a different value in the "x509 storeLocation" web.config > node, can I override a method from WebService or something? > Thanks, > Ethan >
Thanks!
Can you (or anyone else) tell me what "qname" value to use in my web.config, to point to my custom X.509 security token manager? Thanks, Ethan [quoted text, click to view] Hernan de Lahitte wrote:
> You may create a custom security token manager to access the certs > repository. > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/3630a570-6cc2-4d8a-8194-1fe59a0e1e00.asp > http://msdn.microsoft.com/msdnmag/issues/04/10/servicestation/default.aspx > > > -- > Hernan de Lahitte > http://weblogs.asp.net/hernandl > http://www.lagash.com/english/index.html > > > <eshayne@bigfoot.com> wrote in message > news:1105735066.579802.26990@f14g2000cwb.googlegroups.com... > >I would like to use WSE 2.0 for signing and encrypting Web service > > messages using X.509 certificates. It appears that my only options when > > doing this are to tell my Web service to look for certificates in > > either the LocalMachine or CurrentUser stores that Windows provides. > > > > If I would like to instead store my certificates somewhere else, such > > as an OpenLDAP server, or a different certificate store, is that an > > option? How can I tell WSE to look somewhere else for certificates? If > > I can't set a different value in the "x509 storeLocation" web.config > > node, can I override a method from WebService or something? > > Thanks, > > Ethan > >
Thank you for the pointers.
Once I create a new security token manager (presumably subclassed from X509SecurityTokenManager), which method(s) would I want to override? What I'm trying to do is take an incoming Soap message that has been signed using an X.509 certificate (private key), and authenticate that signature. I'll probably also want to do something similar where the incoming message has been encrypted using an X.509 certificate (public key), and decrypt it. The way WSE normally does this is just fine - all I want to change is where it goes to load the appropriate X.509 certificate (corresponding public or private key) from. I'm not clear on where this particular part of the process happens? Thanks, Ethan [quoted text, click to view] Hernan de Lahitte wrote:
> You may create a custom security token manager to access the certs > repository. > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/3630a570-6cc2-4d8a-8194-1fe59a0e1e00.asp > http://msdn.microsoft.com/msdnmag/issues/04/10/servicestation/default.aspx > > > -- > Hernan de Lahitte > http://weblogs.asp.net/hernandl > http://www.lagash.com/english/index.html > > > <eshayne@bigfoot.com> wrote in message > news:1105735066.579802.26990@f14g2000cwb.googlegroups.com... > >I would like to use WSE 2.0 for signing and encrypting Web service > > messages using X.509 certificates. It appears that my only options when > > doing this are to tell my Web service to look for certificates in > > either the LocalMachine or CurrentUser stores that Windows provides. > > > > If I would like to instead store my certificates somewhere else, such > > as an OpenLDAP server, or a different certificate store, is that an > > option? How can I tell WSE to look somewhere else for certificates? If > > I can't set a different value in the "x509 storeLocation" web.config > > node, can I override a method from WebService or something? > > Thanks, > > Ethan > >
Hello Ethan,
If its x509 then it should just be the same qname as it normally is HTH Regards, Dilip Krishnan MCAD, MCSD.net dkrishnan at geniant dot com http://www.geniant.com [quoted text, click to view] > Thanks! > > Can you (or anyone else) tell me what "qname" value to use in my > web.config, to point to my custom X.509 security token manager? > > Thanks, > Ethan > Hernan de Lahitte wrote: > >> You may create a custom security token manager to access the certs >> repository. >> > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/h > tml/3630a570-6cc2-4d8a-8194-1fe59a0e1e00.asp > > http://msdn.microsoft.com/msdnmag/issues/04/10/servicestation/default. > aspx > >> -- >> Hernan de Lahitte >> http://weblogs.asp.net/hernandl >> http://www.lagash.com/english/index.html >> <eshayne@bigfoot.com> wrote in message >> news:1105735066.579802.26990@f14g2000cwb.googlegroups.com... >>> I would like to use WSE 2.0 for signing and encrypting Web service >>> messages using X.509 certificates. It appears that my only options >>> > when > >>> doing this are to tell my Web service to look for certificates in >>> either the LocalMachine or CurrentUser stores that Windows >>> > provides. > >>> If I would like to instead store my certificates somewhere else, >>> > such > >>> as an OpenLDAP server, or a different certificate store, is that an >>> option? How can I tell WSE to look somewhere else for certificates? >>> > If > >>> I can't set a different value in the "x509 storeLocation" >>> > web.config > >>> node, can I override a method from WebService or something? >>> Thanks, >>> Ethan
You need to override the AuthenticateToken method.
Chris Rolon [quoted text, click to view] <eshayne@bigfoot.com> wrote in message news:1106080948.269162.297080@c13g2000cwb.googlegroups.com... > Thank you for the pointers. > > Once I create a new security token manager (presumably subclassed from > X509SecurityTokenManager), which method(s) would I want to override? > > What I'm trying to do is take an incoming Soap message that has been > signed using an X.509 certificate (private key), and authenticate that > signature. I'll probably also want to do something similar where the > incoming message has been encrypted using an X.509 certificate (public > key), and decrypt it. The way WSE normally does this is just fine - all > I want to change is where it goes to load the appropriate X.509 > certificate (corresponding public or private key) from. I'm not clear > on where this particular part of the process happens? > > Thanks, > Ethan > > Hernan de Lahitte wrote: > > You may create a custom security token manager to access the certs > > repository. > > > > > http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wse/html/3630a570-6cc2-4d8a-8194-1fe59a0e1e00.asp > > > http://msdn.microsoft.com/msdnmag/issues/04/10/servicestation/default.aspx > > > > > > -- > > Hernan de Lahitte > > http://weblogs.asp.net/hernandl > > http://www.lagash.com/english/index.html > > > > > > <eshayne@bigfoot.com> wrote in message > > news:1105735066.579802.26990@f14g2000cwb.googlegroups.com... > > >I would like to use WSE 2.0 for signing and encrypting Web service > > > messages using X.509 certificates. It appears that my only options > when > > > doing this are to tell my Web service to look for certificates in > > > either the LocalMachine or CurrentUser stores that Windows > provides. > > > > > > If I would like to instead store my certificates somewhere else, > such > > > as an OpenLDAP server, or a different certificate store, is that an > > > option? How can I tell WSE to look somewhere else for certificates? > If > > > I can't set a different value in the "x509 storeLocation" > web.config > > > node, can I override a method from WebService or something? > > > Thanks, > > > Ethan > > > >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |