I have a webservice that that uses message layer security with X.509 certificates in WSE 3.0. The service uses a X509v3 policy to sign various elements in the soapheader.
I need to do some custom checks on the certificates so I've tried to implement a custom X509SecurityTokenManager and added a section in web.config.
When I call the service with my Wseproxy I would expect a error (NotImplementedException) but the call goes trough and, in the example below, "foo" is printed at the console.
The question is: What have missed? The binarySecurityTokenManager type in web.config matches the full classname of RDI.Server.X509TokenManager. X509TokenManager inherits from X509SecurityTokenManager (altough methods are just stubs).
using System;
using System.Xml;
using System.Security.Permissions;
using System.Security.Cryptography;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Security.Tokens;
namespace RDI.Server
{
[SecurityPermissionAttribute(SecurityAction.Demand,Flags = SecurityPermissionFlag.UnmanagedCode)]
public class X509TokenManager : Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager
{
public X509TokenManager() : base()
{
throw new NotImplementedException("Stub");
}
public X509TokenManager(XmlNodeList configData) : base(configData)
{
throw new NotImplementedException("Stub");
}
protected override void AuthenticateToken(X509SecurityToken token)
{
base.AuthenticateToken(token);
throw new NotImplementedException("Stub");
}
}
}
The first few lines of my web.config, edited for brevity
<?xml version="1.0"?>
<configuration><configSections><section name="microsoft.web.services3" type="..." />
</configSections><microsoft.web.services3><policy fileName="wse3policyCache.config" />
<security><binarySecurityTokenManager><add type="RDI.Server.X509TokenManager" valueType="http://docs.oasis-open.org/..." /></binarySecurityTokenManager></security></microsoft.web.services3>
(Btw, how do one format xml nicely here at stackoverflow?)
Administration.AdministrationWse test = new TestConnector.Administration.AdministrationWse();
X509Certificate2 cert = GetCert("RDIDemoUser2");
X509SecurityToken x509Token = new X509SecurityToken(cert);
test.SetPolicy("X509");
test.SetClientCredential(x509Token);
string message = test.Ping("foo");
Console.WriteLine(message);
I'm stuck at .NET 2.0 (VS2005) for the time being so I presume WCF is out of the question, otherwise interoperability isn't a problem, as I will have control of both clients and services in the system.