WS-Security with soap.tcp

Thread view:

Enable EMail Alerts

Start New Thread

Thread rating:

Michael Riggio - 11 Aug 2004 00:09 GMT

Hi,
I'm just getting started with all this wse 2.0 stuff so hopefully I'm
not too lost with terminology. First, I created a console app derived from
SoapServer that has a soap.tcp endpoint. I then created a second console
app derived from SoapClient that will connect to the SoapServer. This works
fine, but now I want to add some WS-Security stuff to it.

I looked at some samples and they all seem to use a web service proxy.
Well, my SoapServer application isn't using a web service (soap.tcp), so I
can't create the proxy in order to set the Security properties. So, with
that being said, how do I go about setting the security properties without
having a proxy?

Do I need to apply Security stuff to the SoapEnvelope when I call
SendOneWay??

Any advice would be greatly appreciated.
-Mike

Reply to this Message

Softwaremaker - 11 Aug 2004 00:17 GMT

I have a blog here that has a simple explanation on how to write security
headers into the soap envelope without the use of any wse proxy classes that
inherits from Microsoft.Web.Services2.WebServicesClientProtocol namespaces.

You basically use the Microsoft.Web.Services2.Security.Security namespace to
add security into your soap headers.
http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/08/21447.aspx

hth

Signature

Thank you very much

Warmest Regards,
Softwaremaker
Architect | Evangelist | Consultant

+++++++++++++++++++++++++++++++++

> Hi,
> I'm just getting started with all this wse 2.0 stuff so hopefully I'm
[quoted text clipped - 14 lines]
> Any advice would be greatly appreciated.
> -Mike

Reply to this Message

Michael Riggio - 11 Aug 2004 00:47 GMT

I guess I'm a little confused. I have something like this:
SoapEnvelope se = new SoapEnvelope();

se.Context.Security.Tokens.Add(this.UserToken);

se.Context.Security.Elements.Add(new MessageSignature(this.UserToken));

se.Context.Security.Elements.Add(new EncryptedData(this.UserToken));

this.SendOneWay("SayHi", se);

The client executes this properly and I expect the SayHi method to get
control in my SoapServer application; however, it never gets control. If I
comment out all the lines except for the SendOneWay statement then SayHi
does get control.

Am I missing a key concept?

> I have a blog here that has a simple explanation on how to write security
> headers into the soap envelope without the use of any wse proxy classes that
> inherits from Microsoft.Web.Services2.WebServicesClientProtocol namespaces.
>
> You basically use the Microsoft.Web.Services2.Security.Security namespace to
> add security into your soap headers.

http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/08/21447.aspx

> hth
> > Hi,
[quoted text clipped - 18 lines]
> > Any advice would be greatly appreciated.
> > -Mike

Reply to this Message

Softwaremaker - 11 Aug 2004 01:41 GMT

Ah, OK. I misunderstood what you meant ;)

The concept goes something like this:
Dim env As New SoapEnvelope
env.SetBodyObject(sID)
env.Context.Security.Tokens.Add(New UsernameToken("Username",
"Password", PasswordOption.SendHashed))
MyBase.SendOneWay("GetStudentByID", env.GetBodyObject(GetType(String)))

where sID is a parameter of string type I am passing into the webMethod.
After adding the Context.Tokens into the headers, the SendOneWay is
basically a method that calls a webService Method and the parameter.type I
passed in. In my case, it is a string type.

hth.

~Softwaremaker.

=======================================================

> I guess I'm a little confused. I have something like this:
> SoapEnvelope se = new SoapEnvelope();
[quoted text clipped - 54 lines]
> > > Any advice would be greatly appreciated.
> > > -Mike

Reply to this Message

Softwaremaker - 11 Aug 2004 16:13 GMT

Hi,

There are a couple of questions I need to ask to clarify my doubts.

1) Is your "SayHi" webMethod a parameterLESS call ?

2) > The client executes this properly and I expect the SayHi method to get

> control in my SoapServer application; however, it never gets control. If I
> comment out all the lines except for the SendOneWay statement then SayHi
> does get control.

When you say "Get Control", what exactly do you mean ? Did you check the
input Trace files on the SoapServer application and see if a call was
actually made ?
Was the connection made and the message sent to the SoapServer ?

AFAIK,
Dim env As New SoapEnvelope
'If there is some sort of a parameter, the uncomment the below 2 lines
'someStringParameter = "SDDS"
'env.SetBodyObject(someStringParameter)
env.Context.Security.Tokens.Add(New UsernameToken(Username, Password,
PasswordOption.SendPlainText))
MyBase.SendOneWay(SoapMethodName, env)

I have tried this and the receiving SoapServer receives both input traces
fine, with and without the string parameters.
Without any parameter, the input SoapMessage looks something like this:

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act
ion>

<wsa:MessageID>uuid:28d37a7b-61ab-491a-a30a-40799e56ec78</wsa:MessageID>
<wsa:To>soap://www.softwaremaker.net/SomeRPCService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-0757c6b4-bfbe-4540-8b8b-0e22e6b1be63">
<wsu:Created>2004-08-11T13:55:27Z</wsu:Created>
<wsu:Expires>2004-08-11T14:00:27Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-b9482177-331c-4c7b-b742-abb330ecbf14">
<wsse:Username>Username</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password</wsse:Password>
<wsse:Nonce>wfj1hUZazQfBJUpYPmi3tQ==</wsse:Nonce>
<wsu:Created>2004-08-11T13:55:27Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body />
</soap:Envelope>
</log>

With a single String parameter, it looks like this:

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act
ion>

<wsa:MessageID>uuid:45b69f19-da12-43fb-826c-fe694e527321</wsa:MessageID>
<wsa:To>soap://www.softwaremaker.net/SomeRPCService</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-401e83aa-1e90-4b69-bcb4-9b224409b683">
<wsu:Created>2004-08-11T15:12:12Z</wsu:Created>
<wsu:Expires>2004-08-11T15:17:12Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-a41e800d-e4d9-4201-89bd-4234eb5609a3">
<wsse:Username>Username</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password</wsse:Password>
<wsse:Nonce>GzJ01SQL/IvolzcV5yXeZQ==</wsse:Nonce>
<wsu:Created>2004-08-11T15:12:12Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<string xmlns="http://tempuri.org/">SomeStringParameter</string>
</soap:Body>
</soap:Envelope>
</log>

Do let me know if this helps...

Good Luck.

~Softwaremaker.

==================================================

> I guess I'm a little confused. I have something like this:
> SoapEnvelope se = new SoapEnvelope();
[quoted text clipped - 23 lines]
> to
> > add security into your soap headers.

http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/08/21447.aspx

> > hth
> message
[quoted text clipped - 24 lines]
> > > Any advice would be greatly appreciated.
> > > -Mike

Reply to this Message

Michael Riggio - 11 Aug 2004 16:32 GMT

First, thanks for following up, your help is greatly appreciated.

Answers to your questions:

1) The server's SayHi() looks like this:
[SoapMethod("SayHi")]
public void SayHi()
{
Console.WriteLine("SayHi()");
}

2) When my clients wants to call the SayHi method its calls the following
method:
public void CallSayHi()
{
this.SendOneWay("SayHi", new SoapEnvelope());
}

This version works (i.e. if I set a breakpoint in my Server's SayHi() method
it gets hit).
However, if I change my client's code to look like this:
public void CallSayHi()
{
SoapEnvelope se = new SoapEnvelope();
se.Context.Security.Tokens.Add(this.UserToken);
se.Context.Security.Elements.Add(new MessageSignature(this.UserToken));
se.Context.Security.Elements.Add(new EncryptedData(this.UserToken));
this.SendOneWay("SayHi", se);
}

With this version the breakpoint in the Server's SayHi() method never gets
hit. I'm not sure how do check the logs you indicated, so I'm not sure what
the data looks like.

BTW, this.UserToken is initialized in my constructor like so:
this.UserToken = new UsernameToken("mike", "mike",
PasswordOption.SendHashed);

Thanks again for all your help.

> Hi,
>
[quoted text clipped - 30 lines]
> <soap:Envelope
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

> ty-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> y-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act

> ion>
>
[quoted text clipped - 7 lines]
> </wsu:Timestamp>
> <wsse:UsernameToken

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> y-utility-1.0.xsd"
> wsu:Id="SecurityToken-b9482177-331c-4c7b-b742-abb330ecbf14">
> <wsse:Username>Username</wsse:Username>
> <wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

> -profile-1.0#PasswordText">Password</wsse:Password>
> <wsse:Nonce>wfj1hUZazQfBJUpYPmi3tQ==</wsse:Nonce>
[quoted text clipped - 12 lines]
> <soap:Envelope
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

> ty-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> y-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> <soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act

> ion>
>
[quoted text clipped - 7 lines]
> </wsu:Timestamp>
> <wsse:UsernameToken

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> y-utility-1.0.xsd"
> wsu:Id="SecurityToken-a41e800d-e4d9-4201-89bd-4234eb5609a3">
> <wsse:Username>Username</wsse:Username>
> <wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

> -profile-1.0#PasswordText">Password</wsse:Password>
> <wsse:Nonce>GzJ01SQL/IvolzcV5yXeZQ==</wsse:Nonce>
[quoted text clipped - 46 lines]
> > to
> > > add security into your soap headers.

http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/08/21447.aspx

> > > hth
> > message
[quoted text clipped - 26 lines]
> > > > Any advice would be greatly appreciated.
> > > > -Mike

Reply to this Message

Michael Riggio - 11 Aug 2004 16:44 GMT

I don't know what I did, but everything works now, just as you indicated it
should. I did find the trace settings in the WSE 2 properties and can now
see the information being passed back and forth.

You have been most helpful. I'm sure I'm not the only one on this board
that appreciates your time and knowledge.

Thanks again,
-Mike

> First, thanks for following up, your help is greatly appreciated.
>
[quoted text clipped - 71 lines]
> > <soap:Envelope
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

> > ty-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > y-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> > <soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act

> > ion>
> >
[quoted text clipped - 7 lines]
> > </wsu:Timestamp>
> > <wsse:UsernameToken

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > y-utility-1.0.xsd"
> > wsu:Id="SecurityToken-b9482177-331c-4c7b-b742-abb330ecbf14">
> > <wsse:Username>Username</wsse:Username>
> > <wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

> > -profile-1.0#PasswordText">Password</wsse:Password>
> > <wsse:Nonce>wfj1hUZazQfBJUpYPmi3tQ==</wsse:Nonce>
[quoted text clipped - 12 lines]
> > <soap:Envelope
> > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

> > ty-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > y-utility-1.0.xsd" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> > <soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act

> > ion>
> >
[quoted text clipped - 7 lines]
> > </wsu:Timestamp>
> > <wsse:UsernameToken

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > y-utility-1.0.xsd"
> > wsu:Id="SecurityToken-a41e800d-e4d9-4201-89bd-4234eb5609a3">
> > <wsse:Username>Username</wsse:Username>
> > <wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

> > -profile-1.0#PasswordText">Password</wsse:Password>
> > <wsse:Nonce>GzJ01SQL/IvolzcV5yXeZQ==</wsse:Nonce>
[quoted text clipped - 51 lines]
> > > to
> > > > add security into your soap headers.

http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/08/21447.aspx

> > > > hth
> > > message
[quoted text clipped - 30 lines]
> > > > > Any advice would be greatly appreciated.
> > > > > -Mike

Reply to this Message

Softwaremaker - 11 Aug 2004 23:29 GMT

You are very welcomed, Michael. Thank you for your compliments.

Signature

Thank you very much

Warmest Regards,
Softwaremaker
Architect | Evangelist | Consultant

Microsoft Regional Director
http://www.microsoft.com/rd

+++++++++++++++++++++++++++++++++

> I don't know what I did, but everything works now, just as you indicated it
> should. I did find the trace settings in the WSE 2 properties and can now
[quoted text clipped - 86 lines]
> > > <soap:Envelope
> > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

> > > ty-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > > y-utility-1.0.xsd"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> > > <soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act

> > > ion>

<wsa:MessageID>uuid:28d37a7b-61ab-491a-a30a-40799e56ec78</wsa:MessageID>

> > > <wsa:To>soap://www.softwaremaker.net/SomeRPCService</wsa:To>
> > > <wsse:Security soap:mustUnderstand="1">
[quoted text clipped - 4 lines]
> > > </wsu:Timestamp>
> > > <wsse:UsernameToken

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > > y-utility-1.0.xsd"
> > > wsu:Id="SecurityToken-b9482177-331c-4c7b-b742-abb330ecbf14">
> > > <wsse:Username>Username</wsse:Username>
> > > <wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

> > > -profile-1.0#PasswordText">Password</wsse:Password>
> > > <wsse:Nonce>wfj1hUZazQfBJUpYPmi3tQ==</wsse:Nonce>
[quoted text clipped - 12 lines]
> > > <soap:Envelope
> > > xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"

xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri

> > > ty-secext-1.0.xsd"

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > > y-utility-1.0.xsd"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
> > > <soap:Header>

<wsa:Action>http://www.softwaremaker.net/SomeRPCService/SomeRequest</wsa:Act

> > > ion>

<wsa:MessageID>uuid:45b69f19-da12-43fb-826c-fe694e527321</wsa:MessageID>

> > > <wsa:To>soap://www.softwaremaker.net/SomeRPCService</wsa:To>
> > > <wsse:Security soap:mustUnderstand="1">
[quoted text clipped - 4 lines]
> > > </wsu:Timestamp>
> > > <wsse:UsernameToken

xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit

> > > y-utility-1.0.xsd"
> > > wsu:Id="SecurityToken-a41e800d-e4d9-4201-89bd-4234eb5609a3">
> > > <wsse:Username>Username</wsse:Username>
> > > <wsse:Password

Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

> > > -profile-1.0#PasswordText">Password</wsse:Password>
> > > <wsse:Nonce>GzJ01SQL/IvolzcV5yXeZQ==</wsse:Nonce>
[quoted text clipped - 53 lines]
> > > > to
> > > > > add security into your soap headers.

http://dotnetjunkies.com/WebLog/softwaremaker/archive/2004/08/08/21447.aspx

> > > > > hth
> > > > message
[quoted text clipped - 31 lines]
> > > > > > Any advice would be greatly appreciated.
> > > > > > -Mike

Reply to this Message

Michael Riggio - 11 Aug 2004 21:29 GMT

Actually, I did get this to work, but when I create a UsernameToken and use:
PasswordOption.SendHashed

I get the following error:

An unhandled exception of type 'System.Web.Services.Protocols.SoapException'
occurred in microsoft.web.services2.dll

Additional information: The security token could not be authenticated or
authorized

I don't get this exception when I use:

PasswordOption.SendPlainText

Any advice?

Thanks,

-Mike