Hi,
I have a web service which uses WSE 3 security features. Both the client and service are WSE enabled. (Signing,encryption and encryting signature). I have two machines Windows 2000 Pro and Windows XP Home. If I run both client and service on either of the machine everything works fine. But If I move Service on Windows 2000 Pro( Under IIS) and try to access it from Windows XP Home I get following error message
unsupported signature or encryption algorithm was used
WSE3002: The receiver is expecting the key wrapping algorithm to be http://www.w3.org/2001/04/xmlenc#rsa-1_5, but the incoming message used http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p. You can change the key wrapping algorithm through configuring security token manager.
This trace is produced by the Web service. and I get exception on the client.
My questions are:
1) Is the receiver here Web service
2) How can I set in the policies (If possible, both on client and service) to force which encryption algorithm to use.
3) I read somewhere that RSAOAEP method cannot be used in clients prior to Windows XP
Thanks
Message encryption question (Any body knows ???)
Philippe Trottier
Anybody knows about this problem. I am stuck. I want to mention in policy file which algorithm to use for encryption.
aggieben
Configuration is scoped to the AppDomain. Unfortunately, you can only configure your executable, not the individual DLLs.
Daniel Roth
mccloed
That is too bad. This means if I have to use any third party DLL which makes access to Web service then I have to copy/paste all the settings from the dll config files(Which were set in the dll project) to my main exe config file.
Then VS2005 should not even allow to add web reference to DLL projects or make dll project WSE enabled
I feel this is a design flaw in the WSE framework. (Based on the assumption that I cannot apply WSE settings in the dll config files.)
KDV
JoeJeff
Thank you very much. It works but I have another question
In order to make it work I have to put this configuration in my client's executable configuration file (Say Client.exe.config). Actually the webservice is accessed thorugh a DLL and its configuration file is (Say Mycomponent.dll.config). Is it possible to put this configuration in the dll config file. It does not work. I see that WSE loads configuration either from web.config (on webservice side) or from app.config of exe file. If I have to follow this logic then I have to change configuration files of all my clients exes which are using the dll.
Any suggestion
Thanks once again
abi
Hi,
You are seeing this problem because on WinXP, the default key wrapping algorithm is RSAOAEP on Windows XP and Windows 2003 (b/c it is better), and since RSAOAEP is not supported on Windows 2000, the default here is RSA15
You will likely only see this problem if you are using X509 Security tokens to encrypt your message, and in order to get around this problem, you would have to configure your client (on WinXP) to contain the following:
<configuration>
<microsoft.web.services3>
<security>
<binarySecurityTokenManager>
<add valueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
<keyAlgorithm name="RSA15"/>
</add>
</binarySecurityTokenManager>
</security>
</microsoft.web.services3>
</configuration>
Let me know if this works!
Thanks,
Sidd Shenoy
WSE Team