Transport/Certificate Authentication and Party Resolution

I recently worked on a solution where partners would call web services, and “transport security” (SSL) would be used for confidentiality and client authentication. In this solution, partner information, like agreement ID, should be looked up. Wouldn’t it be nice if data from the client certificate used for authentication could be used in party resolution? Yes, but I haven’t found a way to make it work.

If I look at the context properties written by the WCF adapter, there are no certificate related. (In ASP and ASP.NET, you can use the CERT_SUBJECT or CERT_SERIALNUMBER server variables.) In other words, it is not even possible to write a custom party resolution component to do the party resolution.

With the SOAP adapter, it is the same story, but there you could at least set up certificate to user mapping in IIS. If you do that, the Windows user ID ends up in the WindowsUser context property, and the built-in party resolution component works. This mapping technique doesn’t seem to work with the WCF adapter, though. The only workaround I can come up with is to use message security instead, where the signature and certificate is part of the SOAP header.

If anyone has another idea, I would be glad to hear it.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.