Home/ Questions/Q 4530476
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T13:48:17+00:00

I have a secured METRO 2.1 web service, and I want to develop a

  • 0

I have a secured METRO 2.1 web service, and I want to develop a .NET (3.5) client that can use it. I already succeded if the WS was unsecured, but once I get

Security mechanism is Username Authentication with Symmetric Key and it’s using the Development Defaults

How do I set up security in .NET? I’ve been reading the METRO guide, but I only found broken links to the examples and the guides didn’t get me through. I successfully generated a proxy class with svcutil, but I don’T know how to use it.

svcutil warnings:

Warning 1 Custom tool warning: A security policy was imported for the endpoint. The security policy contains requirements that cannot be represented in a Windows Communication Foundation configuration. Look for a comment about the SecurityBindingElement parameters that are required in the configuration file that was generated. Create the correct binding element with code. The binding configuration that is in the configuration file is not secure.

Warning 2 Custom tool warning: The wsam:Addressing element requires a wsp:Policy child element but has no child elements.

EDIT

I’ve got really close to solving this (i think). I exported the default GlassFish certificate with keytool.exe:

keytool -exportcert -alias xws-security-server -storepass changeit -keystore keystore.jks -file server.cer 
keytool -printcert -file server.cer //This line shows it's content

I use server.cer certificate on client side:

KDTreeWSClient wsClient = new KDTreeWSClient();
X509Certificate2 server_cert = new X509Certificate2("FullPathToCertificate/server.cer", "changeit");
wsClient.ClientCredentials.ServiceCertificate.DefaultCertificate = server_cert;
wsClient.ClientCredentials.UserName.UserName = "wsitUser"; //Default GF username
wsClient.ClientCredentials.UserName.Password = "changeit"; //Default GF password

Question This results in a MessageSecurityException, because the expected DNS-identity of the endpoint is localhost, however the endpoint has xwssecurityserver. Can I set it to localhost/xwssecurityserver manually?

Any help would be appreciated!
Thanks in advance,
Daniel

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    try to set DNS identity in client application’s config file as described bellow

          <endpoint address="http://localhost:8080/SecureCalculatorApp/CalculatorWSService"
          binding="customBinding" bindingConfiguration="CalculatorWSPortBinding1"
          contract="ServiceReference3.CalculatorWS" name="CalculatorWSPort1">
        <identity>
          <dns value="{YOUR ALIAS}" />
        </identity>
      </endpoint>

    As dns value set “xwssecurityserver”. In my case it works (by the way I used your question as a base when solved this problem, so thank you for pointing the right way 🙂 )

    • 0