Quantcast
Channel: VMware Communities : All Content - vSphere Management SDK
Viewing all articles
Browse latest Browse all 1860

SSO Issue with C# .Net

$
0
0

I am trying to get my app to use the Web Services SDK with C# .NET and having issues with SSO. Using Holder of Key User Credentials authentication and following the LoginByToken example in the SDK document zip file.

 

It keeps failing with a "signingKey is not loaded" exception in the "VMware.Binding.WsTrust" namespace Utilities class and ComputeSignature method.. I exported the Root certificates from vCenter and loaded them in my workstations Trusted Certificate store.

 

In the sample doc SamlTokenHelper class and GetCertificate method, I am loading the exported root certificate (.cer file) successfully. It is not returning a private key though which I think is the issue. Here is the GetCertificate method I am implementing:

 

         public static X509Certificate2 GetCertificate(
        {
            string workingDirectory = AppDomain.CurrentDomain.BaseDirectory;
            X509Certificate2 signingCertificate = new X509Certificate2();

            string certificateFile = workingDirectory + "\\Cert\\" + ConfigurationManager.AppSettings["PfxCertificateFile"];

            signingCertificate.Import(certificateFile, "", X509KeyStorageFlags.MachineKeySet);

            return signingCertificate;

        }

 

Mostly used what was in the sample application, just modified the certificate file path. I do notice in the import() method call, the sample is not specifying a private key password. In the WsTrustClientMessageInspector class, it is calling the ComputeSignature method and passing the private key as one of the parameters which is null in my case.

 

                // Compute the signature on the timestamp and body elements.

                var signature = Util.ComputeSignature(soapRequest, keyIdentifier, _certificateToken.Certificate.PrivateKey, bodyId, wsSecurityHeader.Timestamp.Id);

 

I know cer files don't store the private key and need to use pfx files, however, that is not an option if I try to export the root certs from MMC.

 

I very well may not be understanding what cert to use or something along the lines.

 

Anyone have any input?


Viewing all articles
Browse latest Browse all 1860

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>