Ted, if you use any other cert identifier than DirectReference then your server must contain the client's cert in its keystore. I'm not familiar with WSE thus I can't help you to setup the keystore at WSE. With DirectReference the request contains the cert that was used to sign the request, all other identifiers are just references to a cert in a keystore.
Regards, Werner Ted Toth wrote: > I only want to trust the server on which the web service is running but > I can't get anything to work other than signatureKeyIdentifier > DirectReference. All others > (|IssuerSerial,||X509KeyIdentifier,||SKIKeyIdentifier) result in: > <processingStep description="Exception thrown: Referenced security > token could not be retrieved"> at > Microsoft.Web.Services3.Security.MessageSignature.CheckSignature() > at Microsoft.Web.Services3.Security.Security.LoadXml(XmlElement element) > at Microsoft.Web.Services3.Security.Security.CreateFrom(SoapEnvelope > envelope, String localActor, String serviceActor) > at > Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope > envelope) > at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope > envelope)</processingStep> > > when WSE is processing the response. I am assuming that this means that > WSE can't find the matching cert to validate the signature. > > My app.config contains: > <x509 skiMode="IssuerSerial" storeLocation="CurrentUser" > allowTestRoot="true" revocationMode="Offline" > verificationMode="TrustedPeopleOnly" /> > > Yes, I've changed the skiMode to match the server wsdd for each mode. > > My CurrentUser TrustedPeople contains the cert (public key only) of the > web service server. > > Has anyone figured this out? > > Ted > > | > > ------------------------------------------------------------------------ > Yahoo! Photos – Showcase holiday pictures in hardcover > Photo Books > <http://us.rd.yahoo.com/mail_us/taglines/photobooks/*http://pa.yahoo.com/*http://us.rd.yahoo.com/mail_us/taglines/photos/evt=38088/*http://pg.photos.yahoo.com/ph//page?.file=photobook_splash.html>. > You design it and we’ll bind it! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
