Submit My Question - Recent Questions - Recent Answer
Msdn Tech >> .NET Development >> ASMX Web Services and XML Serialization

Secure Conversation doesn't work with second web service

Hi everyoneBig Smile

I have a solution based on Secure Conversation using a Security Context
Token Service (which is just a web service) that gives out SCT's, a client
program gets the issued SCT. But the problem I have is can this client then
hold Secure Conversations with one or a number of other web services.

I have another web service the client signs and encrypts the message and
attempts to send the response to the web service but I get the following
error.

Error "System.Security.Cryptography.CryptographicException: WSE523: The
CipherData contents are invalid"

I have read that much between blogs and MSDN, im all read out lol, BUT! I
can call a web method within the SCTS web service from the client. From my
understanding from what I have read when the Security Context Token is cached
it is cached in the AppDomain for the SCTS web service now that explains why
I can call the Web Method from the client and it works but when I call the
second Web Service it cannot access the AppDomain cache to check the SCT.
THEREFORE through WS-SecureConversation does all your Web Methods which the
client will call and sign and encrypt messages have to reside in the SCTS Web
Service.

Or can the client call as many other Web Services that are required of
course that reside on the same Server (have seen the implementations for web
farms).

So please please put me out of my misery can a client have a
SecureConversation with more than one Web Service and if they can how?

Thanks in advance

[1655 byte] By [Cormac] at [2008-2-7]
«« missing date
»» Date picker not showing in RS2005
# 1
Follow up resolution to the problem

The key word is "AppDomain cache" (Peter Bromberg 6/21/2005 11:13:53 AM)
Whatever infrastructure you may be using, if it caches the secuity context in the AppDomain cache, then every web service you expect to use it with must reside in that appDomain.

Roughly translated, this means they all must be asmx "pages" in the same IIS application.


I posted this same question on about 15 forums including this one and the only person good enough to respond with an answer was (You guessed it) Peter Bromberg from www.eggheadcafe.com

Therefore basically you cannot implement a Secure Conversation between different virtual directories unless you use something like the MSDN solution for a web farm where you would have more than one Server. You should put all web services that will use the Security Context Token in the same virtual directory that the Security Context Token Service is in.

Thanks Pete I am still surprised that every web blog I have read and articles states post a question on the MSDN Web Services forums and you will get an answer relating to WSE, my large backside. If I didn't post the question on www.eggheadcafe.com I would never have gotton an answer.

I even sent a nice email to Keith Ballinger head of the WSE team at microsoft and never even got a reply, Im sure he gets hundreds of emails but at least someone within the Microsoft WSE team could have replied. My advice use www.eggheadcafe.com if you dont want to loose your mind waiting on an answer in this forum.

Hope this helps someone else

Cheers Cormac

Cormac at 2007-9-8 > top of Msdn Tech,.NET Development,ASMX Web Services and XML Serialization...
.NET Development
ASMX Web Services and XML Serialization

.NET Development Hot Topic

.NET Development New Topic

.NET Development

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech

Site Classified