Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <p>I went through your code and it looks correct. There is small difference in WSE and WCF soap message but the difference is only in the way how the certificate used to sign the message is referenced. </p> <p>I think the core issue here is wrong usage of certificates. You are using both transport and message mutual security. In theory this requires four certificates. You need</p> <ul> <li>Service certificate for transport security - this certificate is used by server to build SSL connection. To successfully build the connection client must trust the certificate (you either need to trust authority which issued the certificate or the server certificate must be placed in your trusted people store). </li> <li>Client certificate for transport security - this certificate is used to authenticate client on the server at transport level - you must have certificate and its private key in your personal store</li> <li>Service certificate for message security - this certificate is used for encrypting request and signing response (when WS-Security 1.0) is used. You need to have this certificate somewhere on your machine (it is up to you what location will be used to load the certificate).</li> <li>Client certificate for message security - this certificate is used for encrypting response and signing request (when WS-Security 1.0) is used. You need to have this certificate and its private key somewhere on your machine (it is up to you what location will be used to load the certificate).</li> </ul> <p>It looks like you have only two certificates - one client and one server. In such case they should probably be used for both transport and message security. But here comes interesting issue - your "signing" certificate on the client side in WSE example is actually service certificate. If it is really the case, it means that client must have access to server's private key - that should never ever happen. That is the worst violation of PKI infrastructure. PKI infrastructure is based on trust to certificate authorities and on securing private keys where each participant has its own private key not accessible by anyone else. Sharing private keys reduces security. In the worst case it can be equal to no security at all because anyone with access to private key can intercept the communication or fake signature on the message.</p> <p>If I'm right you should use WSE 3.0 and be happy with that. Just forcing WCF to use different client certificate for HTTPS and message security can be quite hard. You have single <code>ClientCertificate</code> property but you need to load different certificate for HTTPS and message security. It requires creating custom <code>ClientCredentials</code> with two properties and custom <code>SecurityTokenManager</code> to return correct certificate provider (by implementing for each usage (that is a theory - I have never tried it). </p> <p>Btw. your problem with <code>EndpointIdentity</code> is based on the fact that your service is exposed on some DNS and if the subject in the service certificate (which is in your case also signing certificate) is different you must create a new DNS identity for your endpoint. Otherwise WCF will not trust the certificate. Server certificate should be issued with subject matching DNS name used to access the server.</p>
    singulars
    1. This table or related slice is empty.
    1. POWCF SOAP 1.1 and WS-Security 1.0, client certificate transport auth, service cert for message body signature, UsernameToken, Password Digest, Nonce
      singulars
      1. PTQuestion
    1. PTAnswer
    1. This table or related slice is empty.
    1. USLadislav Mrnka
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. COThanks for your feedback and assistance with this Ladislav. My issue is resolved. I am not sure what resolved it. I found the below on IBM site and brought it up with our IT gateway infrastructure group. They say no changes were made to DataPower, but it started working this morning!!! I am going to answer the question with the working code along with the CustomCredential class I put together. Thanks!
      singulars
      1. PO
      1. USJawad
    2. COIBM: https://publib.boulder.ibm.com/infocenter/ieduasst/v1r1m0/index.jsp?topic=/com.ibm.iea.wdatapower/wdatapower/1.0/xa35/380DataPowerWCFIntegration/player.html When using BasicHttpBinding with SSL: You may use disable-ssl-cipher-check parameter to disable cipher checks for any TransportBinding assertions. The Basic Auth Header is not supported by default in the Web services proxy. A custom configuration of an on-error rule to inject the WWW-Authenticate header is required to inter-op with WCF.
      singulars
      1. PO
      1. USJawad
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload