x.509 Certificates - one more time

[GaryDean]

I posted an earlier message on this subject and received links to some old
1.1 docs that didn't do any good. Since then I fouund a book on WSE 3.0
that tells, in some detail, how to develop a web service client where x.509
certificates are used.

I'm using the book "Web Service Security - patterns and practices" from
microsoft. (also available free as a pdf MS_WSS_Dec.pdf) On page 141 they
tell how to develop a Web Service Client using x.509. They do a very good
job of showing how to access the certificate store that all results in a
wse3policyCache.config file. Then they say the next step is "The client
signs the message using it's private key" - but they never show how to do
that.

Then, the following step is "The Client encrypts the message using the
service's public key" - but they never show how to do that either?

Can anyone help me out with this? I'm finding almost nothing on this issue.
Is no one really using x.509 certs?

Thanks,

Gary

 

[Cowboy \(Gregory A. Beamer\)]

WCF is all declarative. See if this helps:
http://www.theserverside.net/tt/articles/showarticle.tss?id=SecuringWCFService

 

[Steven Cheng [MSFT]]

Hi Gary,

As other members mentioned, if possible, we would always recommend you take
a look at WCF as that has been the current well equiped distribute
communication component.

For WSE 3.0, there are some article introducing how to use X509 certificate
for message secure(message layer security):

#Implementing Message Layer Security with X.509 Certificates in WSE 3.0
http://msdn.microsoft.com/en-us/library/aa480581.aspx

#<x509> Element
http://msdn.microsoft.com/en-us/library/aa529251.aspx

In addition, I've also suggested you have a look at the samples in the WSE
3.0 sdk, that will give you a more clear view on how to configure a X509
service client and server.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------

 

[GaryDean]

That is an article on how to secure a WCF service. I'm writing a Web
Service Client using WSE (yes I know its obsolete) using an x.509 cert. The
article would be interesting if I were writing a WCF service.

 

[Steven Cheng [MSFT]]

Hi Gary,

Have you had a look at the WSE security aritlces I mentioned in previous
message?

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead


Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).

==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------