Based on Chintana's comments below " Is there any way we can include the certificate (private key) used by PHP into .Net order processor service?"
I've tried to get PHP->DOTNET_OPSSEC working all day. I can't seem to get it to work. 1. I tried adding the encodedValue to the serviceEndpoints identity tag and that didn't work 2. I tried adding the bob.cert thumbprint to the OrderProcessorImplementation\CustomCertValidator 3. I even tried Chintana's recommendation of exporting the .NET OPS Cert and replacing bob.cert with that. That didn't work. Chintana, is that what you meant? Which cert do I export/replace, can you send it to the list? I'm going to continue to work on this tomorrow. I'm wondering whether I should hold up the interop document until this works? Also, should this affect our M1 date? -Ben -----Original Message----- From: Chintana Wilamuna [mailto:[email protected]] Sent: Wednesday, April 29, 2009 8:19 AM To: [email protected] Subject: Testing PHP BS -> .Net OPSSEC Hi, When trying to get PHP client -> PHP BS -> .Net OPSSEC to work, the following custom binding had to be introduced to App.config in OrderProcessor, <customBinding> <binding name="Host_CustomHttpBinding_M_Security_OPS"> <textMessageEncoding /> <security defaultAlgorithmSuite="Basic256" authenticationMode="AnonymousForCertificate" requireDerivedKeys="false" securityHeaderLayout="Lax" includeTimestamp="true" keyEntropyMode="CombinedEntropy" messageProtectionOrder="SignBeforeEncrypt" messageSecurityVersion="Default" requireSignatureConfirmation="true" > <localClientSettings cacheCookies="true" detectReplays="true" replayCacheSize="900000" maxClockSkew="00:05:00" maxCookieCachingTime="05:05:00" replayWindow="00:05:00" sessionKeyRenewalInterval="10:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" timestampValidityDuration="00:05:00" cookieRenewalThresholdPercentage="60" /> <localServiceSettings detectReplays="true" issuedCookieLifetime="10:00:00" maxStatefulNegotiations="128" replayCacheSize="900000" maxClockSkew="00:05:00" negotiationTimeout="00:01:00" replayWindow="00:05:00" inactivityTimeout="00:02:00" sessionKeyRenewalInterval="15:00:00" sessionKeyRolloverInterval="00:05:00" reconnectTransportOnFailure="true" maxPendingSessions="128" maxCachedCookies="1000" timestampValidityDuration="00:05:00" /> <secureConversationBootstrap /> </security> <httpTransport /> </binding> </customBinding> then in Program.cs, .. CustomBinding customBinding = new CustomBinding("Host_CustomHttpBinding_M_Security_OPS"); ... host.AddServiceEndpoint(typeof(IOrderProcessor), customBinding, "cesm"); After this, the program did not work because .Net didn't have the key to decrypt the message sent by PHP. As I understand, PHP and .Net is using different certificates. After using the same cert as the .Net one, it worked. Since PHP doesn't make any assumptions about the end point, doing this is frowned upon in a loosely coupled application. Even in the .Net business service, it's checking the type of service (whether it's .Net/PHP or WSAS) and then select the certificate. Is there any way we can include the certificate (private key) used by PHP into .Net order processor service? Thoughts? Bye, -Chintana -- http://engwar.com/
