I think I answered my own question. It appears that the first alternative is chosen by default, no matter what when using the MinimalAlternativeSelector
The isCompatibleWithRequest method in BaseAlternativeSelector returns true where the request == null. And it looks as though request is always null on the server side (which I guess makes sense) Now I have to figure out if i can code up a AlternativeSelector based on the content of the request information coming in from the client. Any ideas would be welcome... On Mon, Feb 4, 2013 at 11:51 AM, Jason Pell <[email protected]> wrote: > Hi, > > I would like to configure a web service which requires one of two > security mechanisms: > > 1) UsernamePassword + SSL (NOT MUTUAL) > 2) Username only + SSL with Mutual Authentication. > > I was hoping to do this via WS-Policy ExactlyOnce matching, but it > does not seem to work. > > What I was wanting to know is if I should expect it to work. I am > about to jump in and debug what is actually happening but was hoping > someone would help me before I got too far into it. > > My policy is: > > <wsp:Policy xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"; > > xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; > xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702";> > <wsp:ExactlyOne> > <wsp:All> > <sp:TransportBinding> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > > <sp:HttpsToken> > > <wsp:Policy /> > > </sp:HttpsToken> > </wsp:Policy> > </sp:TransportToken> > <sp:Layout> > <wsp:Policy> > <sp:Lax /> > </wsp:Policy> > </sp:Layout> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic128 > /> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:TransportBinding> > > <sp:SupportingTokens> > <wsp:Policy> > <sp:UsernameToken> > <wsp:Policy> > > <sp:WssUsernameToken11 /> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > > <wsp:All> > <sp:TransportBinding> > <wsp:Policy> > <sp:TransportToken> > <wsp:Policy> > > <sp:HttpsToken> > > <wsp:Policy> > > <sp:RequireClientCertificate /> > > </wsp:Policy> > > </sp:HttpsToken> > </wsp:Policy> > </sp:TransportToken> > <sp:AlgorithmSuite> > <wsp:Policy> > <sp:Basic256 > /> > </wsp:Policy> > </sp:AlgorithmSuite> > </wsp:Policy> > </sp:TransportBinding> > > <sp:SupportingTokens> > <wsp:Policy> > <sp:UsernameToken> > <wsp:Policy> > > <sp:NoPassword /> > </wsp:Policy> > </sp:UsernameToken> > </wsp:Policy> > </sp:SupportingTokens> > </wsp:All> > </wsp:ExactlyOne> > </wsp:Policy>
