 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / August 2005WSE 3.0: How to Sign a SOAP Message by Using a User Name and Passw
Can someone show me how this is done in WSE 3.0 using code. I can see how this is done in numerous articles for WSE 2.0: MessageSignature sig = new MessageSignature(userToken); requestContext.Security.Elements.Add(sig); But the Security member of requestContext (SoapContext type) is obsolete & I cant get this code to work with WSE 3.0. I want to be able to sign the SOAP message so that I can exclude the password from being transmitted (PasswordOption.SendNone) while still being able to perform authentication on the Web Service. I should add I am using UsernameOverTransportAssertion so assertion.Protection.Request.SignatureOptions is not available to me either. (I am using this without SSL because I want a basic u/p authentication scheme without x509 or kerberos) > Can someone show me how this is done in WSE 3.0 using code. I can see how > this is done in numerous articles for WSE 2.0: [quoted text clipped - 7 lines] > (PasswordOption.SendNone) while still being able to perform authentication on > the Web Service. Hi Arif, The Security class is only available for security filters. If you want to add tokens or get the signature options, then you must derive your class from one of the existing security filters. How to do that: 1. Create your own security assertion, deriving from "Microsoft.Web.Services3.Design.PolicyAssertion", "Microsoft.Web.Services3.Design.SecurityPolicyAssertion" or one of the existing assertions ( In your case, UsernameOverTransportAssertion ) 2. Return your own security filters from the security assertion, deriving from "Microsoft.Web.Services3.Security.SendSecurityFilter", "Microsoft.Web.Services3.Security.ReceiveSecurityFilter" or one of the existing security filters. I recommend you to use the latest WSE version ( July CTP ), because it contains a lot of improvements regarding to security filters. If you want more information about this topic, I wrote some notes in this blog, http://weblogs.asp.net/cibrax/archive/2005/07/19/419921.aspx Regards, Pablo Cibraro www.lagashsystems.com >I should add I am using UsernameOverTransportAssertion so > assertion.Protection.Request.SignatureOptions is not available to me [quoted text clipped - 17 lines] >> authentication on >> the Web Service. So this needs to be done on the client-side? I was hoping to be able to keep it simple for the client. Do you have an example of this? Thanks. > Hi Arif, > The Security class is only available for security filters. [quoted text clipped - 42 lines] > >> authentication on > >> the Web Service. mmm, you should add the signature on the client-side and verify it on the server-side (Optional). The sample below shows how to create an assertion to add a signature (The signature doens't contain any reference to other element): public class MyAssertion : Microsoft.Web.Services3.Design.SecurityPolicyAssertion { public class MyClientSendSecurityFilter : Microsoft.Web.Services3.Security.SendSecurityFilter { public MyClientSendSecurityFilter() : base("") { } public override void SecureMessage(Microsoft.Web.Services3.SoapEnvelope envelope, Microsoft.Web.Services3.Security.Security security) { CredentialSet cs = envelope.Context.Credentials[this.GetActor(envelope.CurrentSoap)]; UsernameToken token = cs.GetClientToken<UsernameToken>(); MessageSignature signature = new MessageSignature(token); security.Elements.Add(signature); } } public override Microsoft.Web.Services3.SoapFilter CreateClientInputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return null; } public override Microsoft.Web.Services3.SoapFilter CreateClientOutputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return new MyClientSendSecurityFilter(); } public override Microsoft.Web.Services3.SoapFilter CreateServiceInputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return null; } public override Microsoft.Web.Services3.SoapFilter CreateServiceOutputFilter(Microsoft.Web.Services3.Design.FilterCreationContext context) { return null; } } Regards, Pablo Cibraro www.lagashsystems.com > So this needs to be done on the client-side? I was hoping to be able to > keep [quoted text clipped - 50 lines] >> >> authentication on >> >> the Web Service. I need to do the same thing, but I had errors on the code, can you please send me a more specific example. How I uses this class? I have problem with MyAssertion class, I get the error "cannot change access modifiers when overriding 'protected' inherited member" Than you very much!!! Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.