Hello everybody,
I am developing a multithreaded windows service in C# whose purpose is to be
a client for a WSE web service with X-509 authentication.
I have to configure a policy file using more than one digital certificate.
In fact, my service must have the possibility to use one certificate per
thread. I know I can configure one <policy> element for each endpoint url,
but I'm looking for a way to use different certificates at the same time.
Here's an extraction of my policy where it sets the cerificates:
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
</wssp:TokenType>
<wssp:Claims>
<wse:Parent>
<wssp:SecurityToken>
<wssp:TokenType>
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
</wssp:TokenType>
<wssp:Claims>
<wse:BaseToken>
<wssp:SecurityToken>
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssuer>
<wssp:Claims>
<wssp:SubjectName
MatchType="wssp:Exact">CLIENT_CERTIFICATO_SUBJECT_ NAME</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">CLIENT_CERTIFICATO_KEY_IDEN TIFIER</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wse:BaseToken>
<wse:IssuerToken>
<wssp:SecurityToken>
<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssuer>
<wssp:Claims>
<wssp:SubjectName
MatchType="wssp:Exact">SERVER_CERTIFICATO_SUBJECT_ NAME</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">SERVER_CERTIFICATO_KEY_IDEN TIFIER</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wse:IssuerToken>
</wssp:Claims>
</wssp:SecurityToken>
</wse:Parent>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>
Is it sufficient to add others similar sections to my my policy with
different certificate references? In that case, how can I decide what
certificate to use in runtime without using manual certificate selection
pop-up dialog ?
Thanks in advance to anybody helping me