473,387 Members | 1,585 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > more than one certificate in a policy

Join Bytes to post your question to a community of 473,387 software developers and data experts.

more than one certificate in a policy

Hello everybody,
I am developing a multithreaded windows service in C# whose purpose is to be
a client for a WSE web service with X-509 authentication.

I have to configure a policy file using more than one digital certificate.
In fact, my service must have the possibility to use one certificate per
thread. I know I can configure one <policy> element for each endpoint url,
but I'm looking for a way to use different certificates at the same time.
Here's an extraction of my policy where it sets the cerificates:
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
</wssp:TokenType>
<wssp:Claims>
<wse:Parent>
<wssp:SecurityToken>
<wssp:TokenType>
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
</wssp:TokenType>
<wssp:Claims>
<wse:BaseToken>
<wssp:SecurityToken>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssuer>
<wssp:Claims>
<wssp:SubjectName
MatchType="wssp:Exact">CLIENT_CERTIFICATO_SUBJECT_ NAME</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">CLIENT_CERTIFICATO_KEY_IDEN TIFIER</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wse:BaseToken>
<wse:IssuerToken>
<wssp:SecurityToken>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssuer>
<wssp:Claims>
<wssp:SubjectName
MatchType="wssp:Exact">SERVER_CERTIFICATO_SUBJECT_ NAME</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">SERVER_CERTIFICATO_KEY_IDEN TIFIER</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wse:IssuerToken>
</wssp:Claims>
</wssp:SecurityToken>
</wse:Parent>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>
Is it sufficient to add others similar sections to my my policy with
different certificate references? In that case, how can I decide what
certificate to use in runtime without using manual certificate selection
pop-up dialog ?

Thanks in advance to anybody helping me

Nov 23 '05 #1
1 2442
I am wrestling with a similar issue, but what I have found so far may be of
help. I have found that if you wrap multiple <SecurityToken> elements with a
<wsp:OneOrMore> element then, at least on the request side, the web service
can take any of the certs I use on the client side. Now if I can find a way
to specify on the return trip that the cert used on the request is the one to
use on the response message, I'll be golden. Anyone?

HTH,
Keith

"haller" wrote:
Hello everybody,
I am developing a multithreaded windows service in C# whose purpose is to be
a client for a WSE web service with X-509 authentication.

I have to configure a policy file using more than one digital certificate.
In fact, my service must have the possibility to use one certificate per
thread. I know I can configure one <policy> element for each endpoint url,
but I'm looking for a way to use different certificates at the same time.
Here's an extraction of my policy where it sets the cerificates:
<wssp:Integrity wsp:Usage="wsp:Required">
<wssp:TokenInfo>
<wssp:SecurityToken>
<wssp:TokenType>http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
</wssp:TokenType>
<wssp:Claims>
<wse:Parent>
<wssp:SecurityToken>
<wssp:TokenType>
http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
</wssp:TokenType>
<wssp:Claims>
<wse:BaseToken>
<wssp:SecurityToken>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssuer>
<wssp:Claims>
<wssp:SubjectName
MatchType="wssp:Exact">CLIENT_CERTIFICATO_SUBJECT_ NAME</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">CLIENT_CERTIFICATO_KEY_IDEN TIFIER</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wse:BaseToken>
<wse:IssuerToken>
<wssp:SecurityToken>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</wssp:TokenType>
<wssp:TokenIssuer>C=it, O=GRTN, OU=CA
GRTN</wssp:TokenIssuer>
<wssp:Claims>
<wssp:SubjectName
MatchType="wssp:Exact">SERVER_CERTIFICATO_SUBJECT_ NAME</wssp:SubjectName>
<wssp:X509Extension OID="2.5.29.14"
MatchType="wssp:Exact">SERVER_CERTIFICATO_KEY_IDEN TIFIER</wssp:X509Extension>
</wssp:Claims>
</wssp:SecurityToken>
</wse:IssuerToken>
</wssp:Claims>
</wssp:SecurityToken>
</wse:Parent>
</wssp:Claims>
</wssp:SecurityToken>
</wssp:TokenInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()
wsp:Header(wsa:Action) wsp:Header(wsa:FaultTo) wsp:Header(wsa:From)
wsp:Header(wsa:MessageID) wsp:Header(wsa:RelatesTo) wsp:Header(wsa:ReplyTo)
wsp:Header(wsa:To) wse:Timestamp()</wssp:MessageParts>
</wssp:Integrity>
Is it sufficient to add others similar sections to my my policy with
different certificate references? In that case, how can I decide what
certificate to use in runtime without using manual certificate selection
pop-up dialog ?

Thanks in advance to anybody helping me

Nov 30 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

4
Client Certificate Validation
by: Matt Frame | last post by:
I am working on a special ASP.Net application that receives files from customers. The connection is made via HTTPS and the client sends the file as a POST to my ASP.Net listener. All of this...
ASP.NET
1
SOAP access denied when IIS set to required client certificate
by: Bob | last post by:
I'm building a .NET web service which requires client certificate for strong security. I set IIS to require SSL and client certificate (under site properties in IIS admin, Directory Security tab,...
ASP.NET
6
Q: to create a certificate
by: JIM.H. | last post by:
Hello, I am trying to create a certificate for our internet for our employees so that they can login to system from home. Do I have to go, for example, VeriSign to get a certificate? Can I create...
ASP.NET
1
securityTokenManager loading X509 certificate
by: | last post by:
Hi, I'd like to store X509 cetificates in a central location (file server, database, etc), and load them when needed, is it practical ? and in term of implementation, can this be achieved by...
.NET Framework
0
Active Direcotory - Map a certificate to a user account
by: jakobsgaard | last post by:
It is possible to Map a certificate to a Active Directory User Account from DotNet? Please provide an example. Best regards, Ejnar Jakobsgaard...
.NET Framework
2
Accessing private key in a X.509 certificate
by: ucb01 | last post by:
Hi, I am working with Visual Studio 2005 in C#. Using makecert I create a self-signed certificate A with a private key then a certificate B based on A. The first is installed in the...
.NET Framework
2
how to sign an x.509 certificate?
by: GaryDean | last post by:
This post is a "sanity check".... I have located the docs on how to sign a x.509 certificate http://msdn.microsoft.com/en-us/library/aa529277.aspx...
ASP.NET
0
Live communications server requires a certificate that has a valid
by: =?Utf-8?B?RGxpbng=?= | last post by:
I am getting the following error: Live communications server requires a certificate that has a valid certificate chain after I add in the policy; certutil -setreg policy\EditFlags...
.NET Framework
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!