'm trying to establish trust - in the form of a context token - using a
password based authentication and key exchange protocol. The
WS-SecureConversation spec recommends that this is done by exchanging RST and
In my case the initial RST will by unsigned. There is no initial trust - the
trust is established through the negotiation.
Please note, that my goal is to exchange these WS-* compliant messages - not
specifically to use WSE, or for that matter .Net. I am doing this as a part
of a project on password based protocols to demonstrate partical use within
The issue I have with your example is that it does not use the recommeded
RST/RSTR XML in the exchange, but instead exchanges some proprietary XML (the
serialized SCTMsg). I would have liked the information in the SCTMsg to have
been embedded in RST/RSTR messages.
I have tried to do this by extending the SecurityTokenService and
SecurityTokenServiceClient class, but as far as I can see the
SecurityTokenService class only supports signed requests ? Is that correct
A bit strange, since the clientside SecurityTokenServiceClient supports
unsigned requests ?
"William Stacey [MVP]" wrote: