<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:1175999377;
mso-list-type:hybrid;
mso-list-template-ids:1051650344 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l0:level1
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level2
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level3
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level4
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level5
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level6
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
@list l0:level7
{mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level8
{mso-level-number-format:alpha-lower;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;}
@list l0:level9
{mso-level-number-format:roman-lower;
mso-level-tab-stop:none;
mso-level-number-position:right;
text-indent:-9.0pt;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">I need to implement a SOAP API that will utilize Two-Way Certificate Authentication and encryption/decryption.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I do not know what parts of the handshaking and processing of authentication and encryption/decryption is managed by the Windows Server Operating System (and/or IIS) Environment, or which parts are managed by my Self-Hosted Windows API
SOAP Service?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My question is, given the below steps, which parts will the server manage and which parts will my C# .NET code manage.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My code is a Self-Hosted Windows Service using .NET and C#.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">My questions are which parts of the process is managed by the Windows Server environment “for” the host/client application, and which parts are managed by the host/client application (C# .NET).<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Ps… sorry if the image does not appear, the steps listed are from the image.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Here are the steps:<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<ol style="margin-top:0in" start="1" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Client requests a secure connection to the host<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Host (Windows? IIS? .NET Code?) provides public key and digital certificate to client<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Client verifies certificate with the Certificate Authority (CA)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Client provides host with a public key<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Host verifies client certificate with the Certificate Authority (CA)<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Host sends client public key<o:p></o:p></li><li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Client encrypts message using host public key and sends message to host<o:p></o:p></li></ol>
<p class="MsoListParagraph">Host decrypts client message using host’s private key<o:p></o:p></p>
<ol style="margin-top:0in" start="8" type="1">
<li class="MsoListParagraph" style="margin-left:0in;mso-list:l0 level1 lfo1">Host encrypts message using clients public key. Sends message to client<br>
Client decrypts host message using client private key<o:p></o:p></li></ol>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><img width="686" height="447" style="width:7.1458in;height:4.6562in" id="Picture_x0020_2" src="cid:image001.jpg@01D4DF01.855B46E0" alt="enter image description here"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="font-size:14.0pt;color:#5C5D60">Rudy Steinhoff<o:p></o:p></span></b></p>
<p class="MsoNormal"><b><i><span style="font-size:12.0pt;color:#5C5D60">Sr. Software Engineer<o:p></o:p></span></i></b></p>
<p class="MsoNormal"><b><span style="font-size:14.0pt;color:#5C5D60"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#5C5D60"> Direct: (847-847-3763<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#5C5D60"> Main: (847) 847.3706<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#5C5D60"> 2100 E. Lake Cook Road, Suite 1100<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#5C5D60"> Buffalo Grove, IL 60089<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#5C5D60"> </span><span style="color:#1F497D"><a href="www.GTreasury.com"><span style="font-size:10.0pt;color:blue">www.GTreasury.com</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#5C5D60"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:2.0pt"><a href="http://www.gtreasury.com/"><span style="font-size:10.0pt;color:#283A97;text-decoration:none"><img border="0" width="158" height="67" style="width:1.6458in;height:.6979in" id="Picture_x0020_4" src="cid:image002.png@01D4DF01.855B46E0" alt="GTreasury Logo Signature"></span></a><span style="font-size:10.0pt;color:#283A97"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:7.5pt;color:#5C5D60">This message contains confidential and proprietary information of the sender, and is intended only for the person(s) to whom it is addressed. Any use, distribution, copying or disclosure by any
other person is strictly prohibited. If you have received this message in error, please notify the e-mail sender immediately, and delete the original message without making a copy.
<o:p></o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="color:#1F497D">
<hr size="2" width="100%" align="center">
</span></div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>