.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

No AllowSerializedSigningTokenOnReply on TransportSecurityBindingElement, how can I allow signing to

Posted By:      Posted Date: September 09, 2010    Points: 0   Category :WCF
I've been able to send a signed request to a non WCF web service that implements the following standards, from a WCF client: WS-I Basic Security Profile Version 1.0 Web Services Security X.509 Certificate Token Profile, OASIS Standard X.509 used for digitally signing digests of uploaded files and web service requests SOAP 1.1. HTTPS 1.1 I use a CustomBinding created in the following maner: HttpsTransportBindingElement httpsTransport = new HttpsTransportBindingElement(); httpsTransport.ProxyAddress = new Uri("http://myproxy:8080"); httpsTransport.UseDefaultWebProxy = false; TransportSecurityBindingElement messageSecurity = SecurityBindingElement.CreateCertificateOverTransportBindingElement(); messageSecurity.IncludeTimestamp = true; TextMessageEncodingBindingElement messageVersionElement = new TextMessageEncodingBindingElement(MessageVersion.Soap11, System.Text.Encoding.UTF8); CustomBinding binding = new CustomBinding(messageVersionElement, messageSecurity, httpsTransport); The request goes through all right and I receive a response that looks all right but WCF raises an exception stating that "Cannot find a token authenticator for the 'System.IdentityModel.Tokens.X509SecurityToken' token type. Tokens of that type cannot be accepted according to current security settings" On other SecurityBindingElements there's a AllowSerialized

View Complete Post

More Related Resource Links

Windows Script Host: New Code-Signing Features Protect Against Malicious Scripts


Downloading scripts from the Web or e-mail leaves users vulnerable to security risks because scripts can't be signed. But now developers can use Windows Script Host (WSH) to hash scripts so users can verify their source and safety. With WSH, scripts can be signed or verified using all the same tools ordinarily used to sign EXE, CAB, DLL, and OCX files. This article discusses public-key cryptosystems, the process of signing and verifying scripts in WSH, and several warnings about attacks that could potentially be made against cryptographically secured scripts and ways in which to avoid them.

Eric Lippert

MSDN Magazine April 2001

Automatic expiration of forms authentication when user closes the browser windows without signing ou

Dear all, can u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.   Thanks 

Certificate Signing Request Tool

Hi All, Currently there is a requirement in our application for creating a SSL Certificate Signing Request (CSR) message. Is it possible to develop one on .Net Framework 3.5 Some of the websites lilke Verisign do not mention any such procedure where they say that a custom tool is available apart from OpenSSL but they basically have provided a list all the webservers where their Digital Certificates are compatible and the instructions which say how the CSR's can be generated on these web servers.  I understand that the CSR contain the Web Server's public key, organization information and a unique match for server's private key. The certificates issued by the Certifying Authority  is used for Cient/Server authentication over TCP/IP. Look forward for some replies Thanks

Signing The Body of a Web Service Request (From Client)

Hello, I attempting to consume a webservice, which has numerous security factors, one of which is SSL. I am using WS-Security and attempting to sign the body of my request.  Right now it is only currently signing the timestamp and to: (endpoint).  I've been scouring the forums, but seem to come to a dead end with threads dying off... http://social.msdn.microsoft.com/Forums/en-US/wcf/thread/034f71cd-408e-447c-a95c-e0cf4baa5742 I'm assuming I will have to modify the reference.cs file or maybe even the WSDL, but here's some of the code I've done for the binding..is this on the right track? WSHttpBinding myBinding = new WSHttpBinding(); myBinding.Security.Mode = SecurityMode.TransportWithMessageCredential; myBinding.Security.Message.ClientCredentialType = MessageCredentialType.Certificate; myBinding.Security.Message.NegotiateServiceCredential = false; myBinding.Security.Message.EstablishSecurityContext = false;

Digital Signing of Forms (not template) changes status of form

I have a nice InfoPath Travel Request form that requires sequential digital signing.  I have the sections holding the signatures display contingent upon the prior signed section having a value of being signed.  All is working well. Now, once I publish the form to a SharePoint Form Library, I'd like to have a column showing a status such as 'Supervisor Approved', then on to 'Manager Approved' to finally 'Fully Approved'. I thought that I could create a Rule that when a section's digital signature value changes to 'signed', it could update a 'Status' field's text value.  However, when in practice, if digital signature is applied, there is no method to update the 'Status' field.  Digital signatures apply to Sections and sections don't have Rules capabilities. Other than writing code, is there a method that I can use that would change a 'Status' field value based on a section being digitaly signed?Greg Appelt

Signing SSIS-Package will not work



I#m trying to sign a SSIS 2008 R2 Package in BIDS 2008. I used makecert to generate a certificate and checked, if it contains the "code-signing"-role. The certificate is imported into my personal certicate-store on the same machine. I restartet SQL-Server, Integration-Services and even the whole computer, but: The signing-dialog keeps saying, that there is no matching certificate available after I click on "Sign" :-(.

I even imported the certificate into the "local machine"-store with no effect.

Has anyone some sort of idea for me?

Thanks in advance!

How to programmatically generate soap section for certificate signing




Hope somebody can help me…


During the last week, I’ve been trying to work on the following problem but despite trying many things and a lot of internet searches, have not been able to get to the bottom of it.


In our company, we have a test tool that a number of external quality engineers insist on using to hit our WCF web services.  Their test tool can only natively hit our unsecured services.  However, we also have some SAML secured services and some certificate secured services.  


Digitally Signing Infopath Forms Error after installing SP2



I have a Infopath form with Digital Signatures implemented for some sections. Everything worked well in Moss 2007 SP1. Forms are opening in Web browser.

After installing SP2 When I try to sign some section I've got Infopath error dialog that just says "Error occured", no other errors, no errors in event viewer. If I click Continue everything works fine and I can sign my section.

Any clues or ideas?

Thanks in advance.

Drasko Popovic

Seperate certificate for ssl and signing

Hi there! Im creating a service and client that has to use a different certificate for signing than for the ssl-traffic. It has to use the MutualCertificate security binding.

In the following article the requirement is that the messagepattern for this to work has to be a duplex one? Isnt there anyway around this? =(

Note that i dont do message encryption, only message signing. I dont understand if the article refers to the message-encryption or the ssl-encryption?

delayed signing issue on windows 7



i was using xp professional with different projects in vs2005 and vs2008. after changing my pc an I am using windows 7 now, still with vs 2005 and 2008. in this projects I enabled delayed signing for all assemblies. in both projects this wasn't a problem on my old machine after skipping verification like this - (of course real token istead of zeros)

sn -Vr *,000000000000

I tried that on the new machine in the same way but now i get "strong name"-check exceptions on starting...

Is there something special to know about delayed-signing on w7+2005+vs2008 ???

thx in advance


Signing Activex


Good Day ,

I am trying to sign my ActiveX control by following the method described in the url http://www.top20toolbar.com/misc/codesigncert.htm

i have created the certificate files(steps from 1 to 8) and installed the certificate as root certificate.when i try to sign the activex using signtool i am getting the error "Windows cannot build the requested certification path."

Please Help me with some suggestions

Difficulties with signing in into a forum


Dear Forum, I am struggling already since a few days (with interraptions) to sign in into the .NET Framework Setup Forum" and choose it as my forum. I have been advised to so in a mail which was sent to me, to molub@bezeqint.net by forumsup@microsoft.com at 10/15/2010 16:32 . After double clicking the URL link in that above mail, I was entered to the .NET Framework Setup Forum". Well, I signed in with my LiveID and was accepted showing my user Site, the "hotlub1" . On that same page I saw the .NET Framework Setup forum" FAQ page, but my effords to sign up choosing it as my forum was in vain because I couldn't find a place where to do it from. It is really frustrating not to be able to find it :-(( . So please be so kind and help me. Thank's . hotlub1

MD5 with RSA Signing - Java DotNet interoperability



From my 2.0 .Net Framework App I need to sign a string with a X.509 certificate and the encryption algorithm for signing should be MD5/RSA. The resulting signature must be verified in a remote java app. Here's my methods to sign and verify the string:

public byte[] SignMessage(string Message)

 try {
  // Instantiate X509Certificate using file path
  X509Certificates.X509Certificate2 x509 = new X509Certificates.X509Certificate2(My.Settings.CertificatePath);

  // Convert Message to byte array
  byte[] data = Encoding.Unicode.GetBytes(Message);

  // Instantiate a RSA Algorithm object with Private Key
  RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509.PrivateKey;

  // Sign it
  // New MD5CryptoServiceProvider -> Instantiate the hash Algorithm to create the hash value.
  byte[] signature = rsa.SignData(data, new MD5CryptoServiceProvider());

  // Encode the Signature
  string Base64EncodededSignatureString = Convert.ToBase64String(signature, Base64FormattingOptions.None);

  // Return it as byte array
  return Encoding.Unicode.GetBytes(Base64EncodededSignatureString

Urgent: help needed signing a SOAP 1.1 Message's Body+Timestamp, and send over SSL



I have a deadline that is about to whoosh by having underestimated how tricky this would turn out to be.



  • SOAP 1.1
  • WS-Security for timestamp and signing
  • signature has to be single signature made from 2 elements: body + timestamp
  • Asymmetric Algorithm: SHA1
  • Key algorithm: RSA 
  • sent over SSL
  • client has to authenticate to server via cert with well known CN=
  • Server is not .NET but Weblogic, with policies that cannot be changed.

Basically, a secure (SSL) based transport, with signing to protect against tampering as well as replay.



Seemed like a good choice at first as it has WS-Security built in.After setting up a behavior that defines client and server certs setting binding/  

Unfortunately wsHttpBinding creates a signature from too many elements in the message (Body, Action, RelatesTo, Timestamp).

There is no apparent way of controlling what gets selected as an element of the signature.  

For example: as the ws-Security headers (Timestamp, etc.) are not part of the proxy Request message class definition, and are added/injected somewhere down the line, and are no

Signing SOAP Messages with Certificates in WCF

Let me preface this question by saying that I am a novice with WCF--especially configuration.

I currently have a .NET client written that uses WSE 2.0 to consume a web service provided by a 3rd party. The web service is designed to accept a signed SOAP message for login. Signing is achieved via a purchased certificate. Once authenticated, the service returns a SAML assertion token which is included on subsequent messages until the client calls a logout method on the web service. I was hoping to convert this client to WCF for hopefully better tracing capabilities and because it is tedious installing WSE 2.0 on target machines. I also am hoping to avoid forthcoming obsolescence of WSE.

Here are the details of the web service. Please let me know if something is lacking.

The service uses SOAP 1.1 with attachments for communication. The login messages must be signed with the purchased certificate. The public key for the certificate has already been supplied to the service provider. The endpoint addresses actually specify "https", which I understand to mean that the communication is happening over SSL--this is one area that I am a bit hazy on, so please forgive me if I stated that incorrectly. The service uses WS-Security as a means of securing the message.

In what I've tested so far, I have been able t

Cross Database Module Signing Difficulty



I am reading up on certificates and module signing and I can follow the example provided except that I want to clarify some confusing points for me. In my case I have 2 dbases so right there most tutorials fall out.

Generally speaking what I understand is that we create a user on dbase 2. We create the certificate on dbase2. We associate the cert with the user on dbase 2. We give the Cert user perms needed on dbase 2.

On dbase 1 we have an sp that needs the signature of the cert created on dbase2 so it has the proper authority context to execute. But how do I get that? The closest I came was reading this article (http://blogs.msdn.com/b/raulga/archive/2006/10/30/using-a-digital-signature-as-a-secondary-identity-to-replace-cross-database-ownership-chaining.aspx) which indicated that after creating the cert I then back it up and bring it into other dbases from the backup .cer file.

But this does not work. I get an error:

Msg 15556, Level 16, State 1, Line 1

Cannot decrypt or encrypt using the specified certificate, either because it has no private key or because the password provided for the private key is incorrect.

Well it a

ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend