如何自定义UsernameToken和x.509证书的Policy Assertion [英] how to custom Policy Assertion for Both UsernameToken and x.509 certificates

问题描述

我有一个用c＃开发的网络服务和客户端（网络服务）。

我成功地让WSE 3.0使用相互x.509证书来签名和加密我的消息。

我还成功地通过UsernameTokens成功获得WSE 3.0进行用户身份验证。

我遇到的问题是我希望混合使用相互x.509证书和UsernameTokens在同一解决方案中工作。

我的客户端本身就是一个在用户站点本地运行的Web服务，并作为我的中心服务的基础。

我希望有一个客户端x.509每个站点的证书。

我想使用x.509证书来加密数据并使用签名进行签名，该签名代表请求来自哪个客户端站点。我还想识别并验证通过UsernameTokens发出请求的个人用户。

似乎WSE的'setup-wizard'只允许我选择基于证书或基于用户名的身份验证而不是基于证书和基于用户名的身份验证。

如果有人能指出我正确的方向来实现这一目标，我将不胜感激。

I have a web-service and a client(web-service) both developed in c#.
I have managed to successfully get WSE 3.0 to use mutual x.509 certificates to sign and encrypt my messages.
I have also managed to successfully get WSE 3.0 to carry out user authentication via UsernameTokens.
The problem that I have is that I would like to have a mix of mutual x.509 certificates and UsernameTokens working within the same solution.
My client is itself a web-service that runs locally at user sites and acts as a geteway to my central service.
My hope is to have one client x.509 certificate per site.
I want to use x.509 certificates to encrypt the data and sign with a signature that represents which client site the request has come from. I also want to identify and verify the individual user that made the request via UsernameTokens.
It seems that the 'setup-wizard' for WSE only allows me to choose either certificate based or username based authentication as opposed to both certificate based and username based authentication.
I would be grateful if anyone could point me in the right direction to achieve this.

推荐答案

这篇关于如何自定义UsernameToken和x.509证书的Policy Assertion的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！