Re: Client Side Certificates for Web Services?

From: Joe Kaplan \(MVP - ADSI\) (joseph.e.kaplan_at_removethis.accenture.com)
Date: 10/25/04

Next message: richlm: "Re: Client Side Certificates for Web Services?"
Previous message: WJ: "Re: Forms Auth and FormsAuthentication.SignOut()Question"
In reply to: localhost: "Client Side Certificates for Web Services?"
Next in thread: richlm: "Re: Client Side Certificates for Web Services?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 25 Oct 2004 15:08:19 -0500

My instinct is that you would want to use WSE 2.0 for this so you can do it
at the message level. Enforcing client certificates at the transport level
unfortunately means changing the IIS metabase configuration which you said
you can't do.

I'd also suggest reading some of the recent MSDN magazine articles on WSE
2.0 and try posting your question in one of the webservices or WSE
newsgroups.

Joe K.

"localhost" <primpilus@cohort.ces> wrote in message
news:ibdqn0tjbpjfe95025k18bmbm8ueuaaeva@4ax.com...
>
> Part 1:
> I have a simple web service. I would like to protect the web
> application by only allowing callers that have a client-side
> certificate installed. How can I do that programmatically? I have no
> access to the IIS metabase, so I need to do it in web.config or in my
> application .cs code.
>
> Part 2:
> Assuming I can make Part 1 a success, I want to make a console app
> that uses client-side certificates "on the fly" to access the web
> service. I don't want a user to have to install a certificate with
> any UI, I want to do it for them behind the scenes.
>
> Thanks.
>
>

Next message: richlm: "Re: Client Side Certificates for Web Services?"
Previous message: WJ: "Re: Forms Auth and FormsAuthentication.SignOut()Question"
In reply to: localhost: "Client Side Certificates for Web Services?"
Next in thread: richlm: "Re: Client Side Certificates for Web Services?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: The message must contain a wsa:To header
... How can I check that the WSE is running? ... at ApplicationMessagingWS.Dispatch(String messageType, String ... be used along with the Integrity assertion when the presence of the ... look for a certificate with this subject name in the certificate store ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: The message must contain a wsa:To header
... options I should select while going through the WSE 2 wizard. ... at ApplicationMessagingWS.Dispatch(String messageType, String ... be used along with the Integrity assertion when the presence of the ... look for a certificate with this subject name in the certificate store ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: WS-Policy and WSE problems!
... WSE client signing using my certificate. ... is set to true in the token manager registered for this token type. ...
(microsoft.public.dotnet.framework.aspnet.webservices)
RE: WSE 3.0 X.509 certs problem
... Please I need your help because you had done a lot of experimenting with WSE ... secure with these certs - no rocket science here. ... Microsoft.Web.Services3.Security.SecureConversationServiceSendSecurityFilter.SecureMessage(SoapEnvelope envelope, Security security) ... if the certificate has been properly installed in the Trusted People ...
(microsoft.public.dotnet.framework.webservices.enhancements)
Re: WS-Security interoperability with Websphere 5.1 and .NET WSE
... Additionally WSE 2.0, apparently allows you to override the default schema ... > can programmatically remove the mustUnderstand tag. ... > certificate, but still received the same error. ... > I created a sample web service client on Websphere to see what a valid ...
(microsoft.public.dotnet.framework.webservices.enhancements)