.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Seperate certificate for ssl and signing

Posted By:      Posted Date: October 08, 2010    Points: 0   Category :WCF
Hi there! Im creating a service and client that has to use a different certificate for signing than for the ssl-traffic. It has to use the MutualCertificate security binding.

In the following article the requirement is that the messagepattern for this to work has to be a duplex one? Isnt there anyway around this? =(

Note that i dont do message encryption, only message signing. I dont understand if the article refers to the message-encryption or the ssl-encryption?

View Complete Post

More Related Resource Links

Certificate Signing Request Tool

Hi All, Currently there is a requirement in our application for creating a SSL Certificate Signing Request (CSR) message. Is it possible to develop one on .Net Framework 3.5 Some of the websites lilke Verisign do not mention any such procedure where they say that a custom tool is available apart from OpenSSL but they basically have provided a list all the webservers where their Digital Certificates are compatible and the instructions which say how the CSR's can be generated on these web servers.  I understand that the CSR contain the Web Server's public key, organization information and a unique match for server's private key. The certificates issued by the Certifying Authority  is used for Cient/Server authentication over TCP/IP. Look forward for some replies Thanks

How to programmatically generate soap section for certificate signing




Hope somebody can help me…


During the last week, I’ve been trying to work on the following problem but despite trying many things and a lot of internet searches, have not been able to get to the bottom of it.


In our company, we have a test tool that a number of external quality engineers insist on using to hit our WCF web services.  Their test tool can only natively hit our unsecured services.  However, we also have some SAML secured services and some certificate secured services.  


Windows Script Host: New Code-Signing Features Protect Against Malicious Scripts


Downloading scripts from the Web or e-mail leaves users vulnerable to security risks because scripts can't be signed. But now developers can use Windows Script Host (WSH) to hash scripts so users can verify their source and safety. With WSH, scripts can be signed or verified using all the same tools ordinarily used to sign EXE, CAB, DLL, and OCX files. This article discusses public-key cryptosystems, the process of signing and verifying scripts in WSH, and several warnings about attacks that could potentially be made against cryptographically secured scripts and ways in which to avoid them.

Eric Lippert

MSDN Magazine April 2001

Binding an event method from a control in a seperate window

How would you bind a event method from a control back to a seperate window?  I have a ActiveX control hosted in a WindowsFormsIntegration wrapper.  That is operating in its own window along with all its events.  The properties of the control are handled by a class that defines the dependency objects (thanks Bob) to provide a view model between it and a window with controls for setting/getting those properties.  Since events constrained to Window 2, is it possible to bind the events back to Window 1?

Automatic expiration of forms authentication when user closes the browser windows without signing ou

Dear all, can u tell me how to automatically sign out a user if he/she closes the browser window without signing out. I'm using Forms Authentication.   Thanks 

Certificate API question - Private Key.

I am trying to follow http://msdn.microsoft.com/en-us/library/system.security.cryptography.x509certificates.x509certificate2.aspx but I am finding that the Private Key property of the certificate is always null. I created the certificate with makecert -pe -n "CN=BuySeasonsThirdParty" -r -b 08/26/2010 -e 08/26/2011 -sky exchange Amazon.cer. Then installing it on the local user store using: X509Store store = new X509Store(storeName, StoreLocation.CurrentUser); and using the same API to get the certificate from the store. The certificate that I retrieve from the store is non-null it is just the PrivateKey is null. So I can encrypt using something like: ((RSACryptoServiceProvider)cert.PublicKey.Key).Encrypt(Encoding.Unicode.GetBytes(text), true)   But since the Private Key property is NULL I cannot decrypt. Any ideas? Kevin

sslstream client certificate validation error

Hi,I have taken server and client program from MSDN2 for sslstream. in that code client certifiacte authetication is made false  i want to enable that and do the code i have done some modification to the code but is giving error "RemoteCertificateNotAvailable" and i think that its not getting the client certificate at server side.So please can any one help me to do client server program using sslstream in which client certificate also needs to be validated.I am attaching my modified code of MSDN2Server sideusing System;using System.Collections;using System.Net;using System.Net.Sockets;using System.Net.Security;using System.Security.Authentication;using System.Text;using System.Security.Cryptography.X509Certificates;using System.IO;namespace Examples.System.Net{    public sealed class SslTcpServer     {        static X509Certificate serverCertificate = null;        // The certificate parameter specifies the name of the file         // containing the machine certificate.        // The following method is invoked by the RemoteCertificateValidationDelegate.        public static bool ValidateClientCertificate(              object sender,              X509Certificate certificate,              X509Chain chain,              SslPolicyErrors sslPolicyErrors)        {            SslPolicyErrors errors = sslPolicyErrors;            if (errors != SslPolicyErrors.None)            {

SSL Using Server Created Certificate

We need to secure a SQL server using an SSL certificate and I understand there are a couple of ways of doing it.  One of which is having SQL Server generate a self-signed certificate which exposes the man-in-the-middle attack vulernability.  Thus we want to avoid this approach.  My question is, can we just allow the Windows Server 2003 we are running to be configured to be a Ceriifcate Authority and ust it create an SSL certificate.  Is that just a secure as getting an SSL certificate from a third party company such as Verisign?  If it is better to go with a third party company, how do you get a certificate from them when it is not going to be used for a website? Thanks NickNick's Programming Tips

RSACrytoService Provider decrypt each element with seperate key gives Bad Data

I have spent about two days. Here is my code: XmlDocument xmlDoc = new XmlDocument(); xmlDoc.PreserveWhitespace = true; xmlDoc.Load("C:\\test.xml"); CspParameters cspParams = new CspParameters(); cspParams.KeyContainerName = "XML_ENC_RSA_KEY"; RSACryptoServiceProvider rsaKey = new RSACryptoServiceProvider(cspParams); CspParameters cspParams2 = new CspParameters(); cspParams2.KeyContainerName = "XML_ENC_RSA_KEY2"; RSACryptoServiceProvider rsaKey2 = new RSACryptoServiceProvider(cspParams2); Encrypt(xmlDoc, "creditcard", "EncryptedElement1", rsaKey, "rsaKey"); Encrypt(xmlDoc, "personal", "EncryptedElement2", rsaKey2, "rsaKey"); This works gerat. Now I want to decrypt the 'creditcard' and 'personal' data elements seperately with 'rsakey' and 'rsakey2' . If do this I get Bad Data error public static void Decrypt(XmlDocument Doc, RSA Alg, string KeyName) { EncryptedXml exml = new EncryptedXml(Doc); exml.AddKeyNameMapping(KeyName, Alg); exml.DecryptDocument(); } This gives bad data since the file has been encrypted with two different keys. So I tried something like this. But I don't know how to decrypt each data element seperately.  Can someone please help? public static void DecryptElement(string ElementToEncrypt, RSA Alg, string KeyName) {

connect client certificate to an account in a membership database

Hello I have created a web service that authenticates with username and password, works fine.Basically this one, http://msdn.microsoft.com/en-us/library/ff649647.aspxNow I also want to connect to this web service using client certificates, works finehttp://msdn.microsoft.com/en-us/library/cc948997.aspx But I would like to when authenticated via client certificates, connect that certificate to a user in the membership database.So that I can use Roles.IsUserInRole(...) and such.I thought that, well if I implement a Custom certificate Validatorhttp://msdn.microsoft.com/en-us/library/ms733806.aspxthen I could check for example subject and map that against a created username in the membership database.But in the class X509CertificateValidatorpublic override void Validate(X509Certificate2 certificate)I don't have the same ability as when the user is authenticatedlike  void OnAuthenticateRequest(object source, EventArgs eventArgs)HttpApplication app = (HttpApplication)source;Basically how can I do this app.Context.User = new GenericPrincipal(new GenericIdentity(username, "Membership Provider"),roles);withinpublic override void Validate(X509Certificate2 certificate)and if that is not possible, can this be solved differently?Bottom line, how do I connect a client certificate to a user account in the membership database. Is there a MSDN article

RSACryptoServiceProvider + smart card with X509 certificate = Bad Key.

Hello! I'm trying the interop with Java. The task: create  SHA1withRSA signature of the document hash with .NET CLR. The singer key is an X509 certificate from external CA, and this signer certificate is on the smart card. 1. First solution: the .NET CLR SignedCms class passes the document hash to the Windows CryptoApi (and to the smart card), and the result is a PKCS#7 message with the signature. This solution works well with smart card, but the requirement is only the "SHA1withRSA" signature of document hash, the PKCS#7  message will be created at Java side. 2. Second attempt, create only "SHA1withRSA" signature:             // choosing certificate from smart card             X509Certificate2 card = GetCertificate();             // this fails when certificate is on the smart card:             RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)card.PrivateKey;             // only the signed hash needed             byte[] signedHashValue1 = rsa.SignData(documentHash, new SHA1Managed()); The problem: the car

Getting client information from X.509 certificate in C# code

I have a WCF service which accepts X.509 certificate signed incoming messages. As per my understanding the client will send the message with signature encrypted using his private key and web services will decrypt the signature with client's public key. This ensures that the sender of the message is holder of the private key and that he is certified by the server trusted CA as "He is what he claims to be". It's being a highly secure application I need to give access to only certain clients regardless of whether they are trusted or not. (This is to take care of good turned bad scenario :-)) How do I achieve this? Is there any way to get the client information as subject name etc from his certificate in C# code? Is there any example of this usage? Thanks in advance,Jeet.    

WPF Security + Certificate HELP - xbap

Hello everyone,   I got a problem with my current XBAP application. Everyone had no problem running my application until on person had the following error: <!-- [if gte mso 10]> <mce:style> * An exception occurred while determining trust. Following failure messages were detected:                         + User has refused to grant required permissions to the application.   Then I researched and found out I needed to set up a certificate and have them put it IE. However now the people that once had no problem need to install the certificate.   I was wondering how to revert the project so EVERYONE can run my application WithOut a certificate.   *This application requires full trust.   Can anyone please help me?  

SharePoint 2010 - Seperate MySite collections.

We are currently looking into SharePoint 2010. The configuration will be in a farm setting with a couple front end servers etc. We will have the one main farm, but each department is then given thier own 'Portal' or 'Web Application'. This web application points to thier own SLQ DB on the shared SQL server. Some departments have expresse the possibility of using 'My Sites'. My question is, how can I configure each departments's my site to also use a different SQL DB. Currently I see only the ability to have one my site DB for the entire farm.   Thanks in advance.

#BIND two seperate data items into one label

Hey people!I have a simple question.. but for the life of me cannot figure it out. I have two fields in my database (firstname and lastname)I have a formview, and I filter the results and I get two labels - one with firstname and one with lastname. I want to put the FIRSTNAME and LASTNAME together in one label but I am stuck lol. <asp:label id="label1" runat="server" SkinID="profilepropertylabel" Text='<%BIND ("Firstname") & BIND("Lastname") %>' />It only gives me the last name when I do that. Help?

Seperate out the Document Libraries to individual Sites in MOSS 2007

We are using the MOSS 2007 with SP2. We are having three different Document Libraries for three different projects under same site. We have the requirement to migrate each library to shift to the individual sites. We need to do this with all the content, settings and and the permissions. It's fine to migrate the database and settings individually i.e. content database seperately and site settings seperately. Is anyone have this kind of migration?
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend