I am trying to get my app to use the Web Services SDK with C# .NET and having issues with SSO. Using Holder of Key User Credentials authentication and following the LoginByToken example in the SDK document zip file.
It keeps failing with a "signingKey is not loaded" exception in the "VMware.Binding.WsTrust" namespace Utilities class and ComputeSignature method.. I exported the Root certificates from vCenter and loaded them in my workstations Trusted Certificate store.
In the sample doc SamlTokenHelper class and GetCertificate method, I am loading the exported root certificate (.cer file) successfully. It is not returning a private key though which I think is the issue. Here is the GetCertificate method I am implementing:
public static X509Certificate2 GetCertificate(
{
string workingDirectory = AppDomain.CurrentDomain.BaseDirectory;
X509Certificate2 signingCertificate = new X509Certificate2();
string certificateFile = workingDirectory + "\\Cert\\" + ConfigurationManager.AppSettings["PfxCertificateFile"];
signingCertificate.Import(certificateFile, "", X509KeyStorageFlags.MachineKeySet);
return signingCertificate;
}
Mostly used what was in the sample application, just modified the certificate file path. I do notice in the import() method call, the sample is not specifying a private key password. In the WsTrustClientMessageInspector class, it is calling the ComputeSignature method and passing the private key as one of the parameters which is null in my case.
// Compute the signature on the timestamp and body elements.
var signature = Util.ComputeSignature(soapRequest, keyIdentifier, _certificateToken.Certificate.PrivateKey, bodyId, wsSecurityHeader.Timestamp.Id);
I know cer files don't store the private key and need to use pfx files, however, that is not an option if I try to export the root certs from MMC.
I very well may not be understanding what cert to use or something along the lines.
Anyone have any input?