wcf - How do I make WIF use RSA15 when encrypting data using a certificate? -

-

i have been working on wcf service return base64 encoded string is, in reality, full saml response xml document. because information handed off vendor, have meet requirements how saml document , encoded. having trouble getting output meets requirements.

i know wcf , wif should me. built service using wif create saml assertions (token) , other c# code generate final saml document. of works , meets vendor's requirements except <encrypteddata> node of document. section uses aes256 , rsaoaep vendor wants aes128 , rsa15. thus, hunting resolution. appreciated.

here walk through.

the service takes in guid used call database , return fields. these used so:

datatable userdata = getdataforuser(userid); list<claim> claims = new list<claim>() {     new claim("clientid", "nameofclient") }; foreach (datarow row in userdata.rows) {     string memberid = row["memberid"].tostring().trim();     string firstname = row["firstname"].tostring().trim();     string lastname = row["lastname"].tostring().trim();     datetime dob = convert.todatetime(row["dateofbirth"], cultureinfo.invariantculture);      claims.add(new claim("memberid", memberid));     claims.add(new claim("firstname", firstname));     claims.add(new claim("lastname", lastname));     claims.add(new claim("dob", dob.tostring("mm/dd/yyyy"))); }  return claims;

i create securitytokendescriptor this:

securitytokendescriptor descriptor = new securitytokendescriptor();

the claims added descriptor so:

descriptor.subject = new claimsidentity(claims);

the descriptor instructed encrypt token this:

descriptor.encryptingcredentials = getencryptingcredentials();

and getencryptingcredentials() routine looks this:

private encryptedkeyencryptingcredentials getencryptingcredentials() {     // encrypting certificate     x509certificate2 encryptcert = certificatehelper.findsinglecertificate(storename.trustedpeople, storelocation.localmachine, x509findtype.findbysubjectdistinguishedname, "<<certificate stuff here >>", true);      encryptedkeyencryptingcredentials encryptingcreds = new encryptedkeyencryptingcredentials(encryptcert);      return encryptingcreds;  }

all of generates token which, when written file gives me this:

  <encryptedassertion xmlns="urn:oasis:names:tc:saml:2.0:assertion">     <xenc:encrypteddata id="_16584ace-9f3e-4352-9fc9-f6db8b2e925c" type="http://www.w3.org/2001/04/xmlenc#element" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">       <xenc:encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc" />       <keyinfo xmlns="http://www.w3.org/2000/09/xmldsig#">         <e:encryptedkey xmlns:e="http://www.w3.org/2001/04/xmlenc#">           <e:encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p">             <digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />           </e:encryptionmethod>           <keyinfo>             <o:securitytokenreference xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">               <x509data>                 <x509issuerserial>                   <x509issuername><!-- value --></x509issuername>                   <x509serialnumber><!-- value --></x509serialnumber>                 </x509issuerserial>               </x509data>             </o:securitytokenreference>           </keyinfo>           <e:cipherdata>             <e:ciphervalue><!-- value -->ciphervalue>           </e:cipherdata>         </e:encryptedkey>       </keyinfo>       <xenc:cipherdata><xenc:ciphervalue><!-- value --></xenc:ciphervalue>       </xenc:cipherdata>     </xenc:encrypteddata>   </encryptedassertion>

great, right? nope. vendor needs <encrypteddata> section have following child node:

<encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>

and need <keyinfo><encryptedkey> section show this:

<encryptionmethod algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>

i have tried every combination can think of within getencryptingcredentials() routine. nothing has produced desired results. promising error message receive looks this:

id4178: encryptingcredentials provided in securitytokendescriptor asymmetric key. must use encryptedkeyencryptingcredentials encrypt token.

anyone have suggestion? don't afraid tell me start over. that's right. need work.

thanks in advance.

i found solution works. @ least, generates xml need , vendor has said able use sending them.

i rewrote getencryptingcredentials() routine slightly. looks this:

private encryptingcredentials getencryptingcredentials() {     string keywrapalgorithm = securityalgorithms.rsav15keywrap; //"http://www.w3.org/2001/04/xmlenc#aes256-cbc";     string encryptionalgorithm = securityalgorithms.aes128encryption; //"http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";     int keysize = 128;      x509certificate2 encryptcert = certificatehelper.findsinglecertificate(storename.trustedpeople, storelocation.localmachine, x509findtype.findbysubjectdistinguishedname, _settings.encryptingcredentials, true);      encryptingcredentials encryptingcredentials = new encryptedkeyencryptingcredentials(encryptcert, keywrapalgorithm, keysize, encryptionalgorithm);      return encryptingcredentials; }

just thought let know , close loop on this.


Comments

Post a Comment

Popular posts from this blog

android - Spacing between the stars of a rating bar? -

-
ho can set spacing beween stars? thats ratingbar: ratingbar = (ratingbar) inflater.inflate(r.layout.ratingbar, null); ratingbar.setlayoutparams(new layoutparams(layoutparams.wrap_content, layoutparams.wrap_content)); the layout: <?xml version="1.0" encoding="utf-8"?> <ratingbar xmlns:android="http://schemas.android.com/apk/res/android" style="@style/mystyle" android:layout_alignparentright="true" android:layout_height="19dp" android:layout_width="wrap_content" android:numstars="5"> </ratingbar> the style: <style name="mystyle" parent="@android:style/widget.ratingbar"> <item name="android:progressdrawable">@drawable/android_r2_ratingstar_yellow</item> <item name="android:indeterminatedrawable">@drawable/android_r2_ratingstar_grey</item> </style> thanks, cheers you have ...
Read more

html - Instapaper-like algorithm -

-
does of algorithm extracts contents webpage? instapaper ? there 2 steps instapaper does: find main content block on page (excluding headers, footers, menus etc) from content block extract , format text to find content block (typically html block element, div containing key page text content) instapaper uses algorithm 1 used readability . can @ source of readability.js see what's going on, @ core tries find area on page highest text/link ratio, although has other simple scoring metrics (e.g. off top of head, things ratio of text commas, para elements etc) go heuristics. once have identified root node element, relevant content, you'll need format it, if want can pull node element containing text out of source document , insert yours, in reality you'll want remove existing styles , apply own, standard , feel. if want output nice text-only can use jericho's renderer . update1 : should mention else instapaper - follow 'pagination' links (...
Read more

c# - How to execute a particular part of code asynchronously in a class -

-
i creating speech recognition engine that's going respond user commands.i have created button enable , disable speech recognition per user convenience.i have used dispose() of speech engine disable speech recoginition.here code private void button1_click(object sender, routedeventargs e) { engineon = !engineon; if (engineon) { speechengine = speech.createspeechengine(); //speech class creates , returns new speech engine. speechengine.audiolevelupdated += new eventhandler<audiolevelupdatedeventargs>(speechengine_audiolevelupdated); // use system's default microphone speechengine.setinputtodefaultaudiodevice(); speechengine.loadgrammar(new dictationgrammar()); // start listening speechengine.recognizeasync(recognizemode.multiple); } else { speechclass.myengine.dispose(); } } but disposal of speech obj...
Read more