Submit My Question - Recent Questions - Recent Answer

Msdn Tech >> Software Development for Windows Vista >> Windows CardSpace (InfoCard)

CardSpace requestIssue message

Hi all,

Can anyone explain what is sent by CardSpaceUI to the STS server?

That request is encrypted or is a plain message?

Im trying to get the content of the message, but it seems impossible... Sad

Thanks alot!

[322 byte] By [alex842007] at [2008-1-4]

«« Error while Running Load Test
»» Generated proxy classes of custom object

# 1

There a couple knobs the Relying Party can tweak to determine what gets sent.

First of all, the claim(s) request is sent with a list of claims. The identity of the RP may or may not be sent depending of if the STS requires it and/or the RP wants it to be or not.

A good document to read over if you're interested in the messages would be:
http://www.identityblog.com/wp-content/resources/profile/Infocard-Profile-v1-TechRef.pdf

The request is encrypted based on the encryption method specified by the STS.

As for getting the content of the message, it may be easier to do so on the STS side.

//Toland

TolandHon-MSFT at 2007-10-11 >

top of Msdn Tech,Software Development for Windows Vista,Windows CardSpace (InfoCard)...

# 2

Thanks for your response,

However, my question focus more on C# .. ...

For the class Message in System.ServiceModel.Channels, when the CardSpaceUI makes a request to STS, it generates a message, right?

So, my question is, "is that message encrypted over the internet connection ?" Since I try to catch the value of the message (should be in SOAP format) but impossible..

If it is encrypted, how can we decrypt it? If not so, how can we catch the message..

Regards,
Alex

alex842007 at 2007-10-11 >

# 3

I would suggest to play with the Simple STS sample and it should give you enough insight to continue. The content sent between CardSpace and the STS is encrypted and and the encryption/decryption process depends on how it's defined by the policy.

//Toland

TolandHon-MSFT at 2007-10-11 >

# 4

what is the MexAddress used for ?

alex842007 at 2007-10-11 >

# 5

that points to the mex of your STS so applications connecting to it will its policy and what it supports.

//Toland

TolandHon-MSFT at 2007-10-11 >

# 6

Is it encrypted ?

Since it is a kind of message, what is the format of the message sent from mexAddress?

alex842007 at 2007-10-11 >

# 7

It's encrypted with the https protocol, but otherwise it's pretty much open.

You can take a look at:

https://sts.labs.live.com/identity/ws/mex

Everything else about the mex, you'd probably have to read it in the documentation.

//Toland

TolandHon-MSFT at 2007-10-11 >

# 8

Thanks Hon,

However, the link seems to be inaccessible, the error is : the requested site is unavailable or can not be found..

alex842007 at 2007-10-11 >

# 9

try opening that in a different browser or use wget or curl. ie seems to automatically redirect to a non-existing page for some reason.

//Toland

TolandHon-MSFT at 2007-10-11 >

# 10

i also recommend taking a look at the site https://infocard.pingidentity.com/cardspace. you can get an use a managed card, and look at the messages sent to and from CardSpace. the decrypted RST and the RSTR as particulary useful.

CalebBaker-MSFT at 2007-10-11 >

Software Development for Windows Vista Hot Topic

Software Development for Windows Vista New Topic

Software Development for Windows Vista

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech