I did wcf username/password authentication to my SOA application. Security model is Message, and

Question

0

Asked: May 24, 20262026-05-24T07:19:53+00:00 2026-05-24T07:19:53+00:00

I did wcf username/password authentication to my SOA application. Security model is Message, and

0

I did wcf username/password authentication to my SOA application. Security model is Message, and the key is a x509 certificate encrypted RSA 4096 bits. Every client has the same key in config file

<certificate encodedValue="VeryVeryBigRsaKey />

I am curious if for example one application user, having the VeryVeryBigRsaKey can sniff the packets of other users, that share the same key (VeryVeryBigRsaKey). If yes i think is a very serious issue, and i have to change the security model to TransportWithMessageCredential.
EDIT:
I generated my key using pluralsight self cert, and exported it into a *.cer file with Base 64 encoding. And opened generated *.cer with notepad, and that gave me the rsa key (VeryVeryBigRsaKey) 🙂

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-24T07:19:54+00:00

Editorial Team

2026-05-24T07:19:54+00:00Added an answer on May 24, 2026 at 7:19 am

I think you mean you use the UserName credential type and the < certificate > is used to identify the server so that client can trust it gets the message from the correct server.

if another user wants to sniff the package, he needs the server certificate that can only be owned by the real server.

Therefore, your concern is no reason.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I did wcf username/password authentication to my SOA application. Security model is Message, and

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply