HI Chintana, Mostly Questions: Do you have the latest dotnet code? (Have to ask - I assume yes.)
I am concerned we had to modify program.cs. We should only have to change the config file so that is an issue. When you say: "Since PHP doesn't make any assumptions about the end point, doing this is frowned upon in a loosely coupled application." Do you mean we need to generalize the dotnet service to not make assumptions about the end point? We should address the issue of PHP certificate. But if we include the PHP certificate on dotnet will this be hiding a real interoperability issue or solving one? Thanks! Drew ________________________________________ From: Chintana Wilamuna [[email protected]] Sent: Wednesday, April 29, 2009 5:19 AM To: [email protected] Subject: Testing PHP BS -> .Net OPSSEC Hi, When trying to get PHP client -> PHP BS -> .Net OPSSEC to work, the following custom binding had to be introduced to App.config in OrderProcessor, <customBinding> <binding name="Host_CustomHttpBinding_M_Security_OPS"> <textMessageEncoding /> <security defaultAlgorithmSuite="Basic256" authenticationMode="AnonymousForCertificate" requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="Default" requireSignatureConfirmation="true" > <localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="05:05:00" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" /> <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" /> <secureConversationBootstrap /> </security> <httpTransport /> </binding> </customBinding> then in Program.cs, .. CustomBinding customBinding = new CustomBinding("Host_CustomHttpBinding_M_Security_OPS"); ... host.AddServiceEndpoint(typeof(IOrderProcessor), customBinding, "cesm"); After this, the program did not work because .Net didn't have the key to decrypt the message sent by PHP. As I understand, PHP and .Net is using different certificates. After using the same cert as the .Net one, it worked. Since PHP doesn't make any assumptions about the end point, doing this is frowned upon in a loosely coupled application. Even in the .Net business service, it's checking the type of service (whether it's .Net/PHP or WSAS) and then select the certificate. Is there any way we can include the certificate (private key) used by PHP into .Net order processor service? Thoughts? Bye, -Chintana -- http://engwar.com/
