Hello everybody,
I am developing a multithreaded windows service in C# whose purpose is to be
a client for a WSE web service with X-509 authentication.
I have to configure a policy file using more than one digital certificate.
In fact, my service must have the possibility to use one certificate per
thread. I know I can configure one <policy> element for each endpoint url,
but I'm looking for a way to use different certificates at the same time.
Here's an extraction of my policy where it sets the cerificates:
<wssp:Integri ty wsp:Usage="wsp: Required">
<wssp:TokenInfo >
<wssp:SecurityT oken>
<wssp:TokenType >http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
</wssp:TokenType>
<wssp:Claims>
<wse:Parent>
<wssp:SecurityT oken>
<wssp:TokenType >
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
</wssp:TokenType>
<wssp:Claims>
<wse:BaseToke n>
<wssp:SecurityT oken>
<wssp:TokenType >http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssu er>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssue r>
<wssp:Claims>
<wssp:SubjectNa me
MatchType="wssp :Exact">CLIENT_ CERTIFICATO_SUB JECT_NAME</wssp:SubjectNam e>
<wssp:X509Exten sion OID="2.5.29.14"
MatchType="wssp :Exact">CLIENT_ CERTIFICATO_KEY _IDENTIFIER</wssp:X509Extens ion>
</wssp:Claims>
</wssp:SecurityTo ken>
</wse:BaseToken>
<wse:IssuerToke n>
<wssp:SecurityT oken>
<wssp:TokenType >http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssu er>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssue r>
<wssp:Claims>
<wssp:SubjectNa me
MatchType="wssp :Exact">SERVER_ CERTIFICATO_SUB JECT_NAME</wssp:SubjectNam e>
<wssp:X509Exten sion OID="2.5.29.14"
MatchType="wssp :Exact">SERVER_ CERTIFICATO_KEY _IDENTIFIER</wssp:X509Extens ion>
</wssp:Claims>
</wssp:SecurityTo ken>
</wse:IssuerToken >
</wssp:Claims>
</wssp:SecurityTo ken>
</wse:Parent>
</wssp:Claims>
</wssp:SecurityTo ken>
</wssp:TokenInfo>
<wssp:MessagePa rts
Dialect="http://schemas.xmlsoap .org/2002/12/wsse#part">wsp: Body()
wsp:Header(wsa: Action) wsp:Header(wsa: FaultTo) wsp:Header(wsa: From)
wsp:Header(wsa: MessageID) wsp:Header(wsa: RelatesTo) wsp:Header(wsa: ReplyTo)
wsp:Header(wsa: To) wse:Timestamp() </wssp:MessagePar ts>
</wssp:Integrity>
Is it sufficient to add others similar sections to my my policy with
different certificate references? In that case, how can I decide what
certificate to use in runtime without using manual certificate selection
pop-up dialog ?
Thanks in advance to anybody helping me