Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / November 2005

Tip: Looking for answers? Try searching our database.

EstablishSecurityContext problem

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Pravin Patil - 16 Nov 2005 12:53 GMT
Hi,

I was trying to assign a code-based policy to the service.
It works fine.
But if I add following line, the service gets failed.
assertion.EstablishSecurityContext = true;

Please suggest.

My Service policy is as follows

public MyPolicy()
{
   // use a turnkey assertion to get us started
   UsernameForCertificateAssertion assertion =
       new UsernameForCertificateAssertion();

   // select the server's X509 certificate
   assertion.X509TokenProvider =
       new X509TokenProvider(StoreLocation.LocalMachine,
                               StoreName.My,
                               "CN=WSE2QuickStartServer",
                               X509FindType.FindBySubjectDistinguishedName);
   EndpointProtectionRequirements epr = assertion.Protection;

   // require signature and encryption for incoming requests
   epr.Request.SignatureOptions =
       SignatureOptions.IncludeAddressing |
       SignatureOptions.IncludeTimestamp |
       SignatureOptions.IncludeSoapBody;
   epr.Request.EncryptBody = true;

   // include signature and encryption for outgoing response
   epr.Response.SignatureOptions =
       SignatureOptions.IncludeAddressing |
       SignatureOptions.IncludeTimestamp |
       SignatureOptions.IncludeSoapBody;
   epr.Response.EncryptBody = true;

   // don't encrypt faults, just sign
   epr.Fault.SignatureOptions =
       SignatureOptions.IncludeAddressing |
       SignatureOptions.IncludeTimestamp |
       SignatureOptions.IncludeSoapBody;
   epr.Fault.EncryptBody = false;

   assertion.MessageProtectionOrder =
MessageProtectionOrder.SignBeforeEncrypt;
   assertion.RequireDerivedKeys = true;

/* The below statement raise a error.  */
   assertion.EstablishSecurityContext = true;

   this.Assertions.Add(assertion);
}

Error details -
{Microsoft.Web.Services3.ResponseProcessingException: WSE910: An error
happened during the processing of a response message, and you can find the
error in the inner exception.  You can also find the response message in the
Response property. ---> System.InvalidOperationException: Security
requirements are not satisfied because the security header is not present in
the incoming message.
  at
Microsoft.Web.Services3.Security.SecureConversationClientReceiveSecurityFilter.ValidateMessageSecurity(SoapEnvelope envelope, Security security)
  at
Microsoft.Web.Services3.Security.ReceiveSecurityFilter.ProcessMessage(SoapEnvelope envelope)
  at Microsoft.Web.Services3.Pipeline.ProcessInputMessage(SoapEnvelope
envelope)
  at
Microsoft.Web.Services3.Xml.SoapEnvelopeReaderWrapper..ctor(SoapClientMessage
message, String messageContentType)
  --- End of inner exception stack trace ---
  at
Microsoft.Web.Services3.Xml.SoapEnvelopeReaderWrapper..ctor(SoapClientMessage
message, String messageContentType)
  at
Microsoft.Web.Services3.WebServicesClientProtocol.GetReaderForMessage(SoapClientMessage message, Int32 bufferSize)
  at
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall)
  at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
  at services.SecureInvoiceServiceWse.ViewInvoices() in
C:\Pravin\Projects\WSE\3.0\Hands On Lab -
Security\CS\Advanced\Part1\after\SecureInvoiceClient\Web
References\services\Reference.cs:line 94
  at SecureInvoiceClient.InvoiceManagerForm.ViewInvoices() in
C:\Pravin\Projects\WSE\3.0\Hands On Lab -
Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line 158
  at SecureInvoiceClient.InvoiceManagerForm.btnView_Click(Object sender,
EventArgs e) in C:\Pravin\Projects\WSE\3.0\Hands On Lab -
Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line 186}

Signature

------------------------
Pravin Patil

Reply to this Message
Pablo Cibraro - 16 Nov 2005 13:30 GMT
Hi Pravin,
Have you set the "EstablishSecurityContext" to true in the service policy ?.
(That attribute must have the same value in both endpoints)

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> Hi,
>
[quoted text clipped - 97 lines]
> Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line
> 186}
Reply to this Message
Pravin Patil - 16 Nov 2005 14:56 GMT
Yes, I did that. Still the problem has not been resolved. :-(

------------------------
Pravin Patil

> Hi Pravin,
> Have you set the "EstablishSecurityContext" to true in the service policy ?.
[quoted text clipped - 106 lines]
> > Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line
> > 186}
Reply to this Message
Pablo Cibraro - 17 Nov 2005 14:43 GMT
The error "System.InvalidOperationException: Security  requirements are not
satisfied because the security header is not present." happens when the soap
envelope for the request doesn't contain the security header.
For some reason, WSE is not adding that header in the client. Are you
applying that policy to the service proxy ?

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> Yes, I did that. Still the problem has not been resolved. :-(
>
[quoted text clipped - 117 lines]
>> > Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line
>> > 186}
Reply to this Message
Pravin Patil - 17 Nov 2005 15:41 GMT
Yes, Pablo,

I do apply this Policy to Service as written below.
[Policy(typeof(MyPolicy))]
public class SecureInvoiceService : System.Web.Services.WebService
{
}

Thanks for the quick response.

------------------------
Pravin Patil

> The error "System.InvalidOperationException: Security  requirements are not
> satisfied because the security header is not present." happens when the soap
[quoted text clipped - 128 lines]
> >> > Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line
> >> > 186}
Reply to this Message
Pablo Cibraro - 18 Nov 2005 14:08 GMT
Hi Pravin,
That is the web service. Have you applied the same policy to service proxy
?.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> Yes, Pablo,
>
[quoted text clipped - 149 lines]
>> >> > Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line
>> >> > 186}
Reply to this Message
Pravin Patil - 18 Nov 2005 17:00 GMT
Yes, I have written a  user defined policy assertion for Client app. And
assigned that assertion policy to Service proxy in the client app.
Policy Code:-

public class UsernameClientAssertion : SecurityPolicyAssertion
   {
      UserCredentials userCredentials;

       public UsernameClientAssertion(UserCredentials userCredentials)
       {
           this.userCredentials = userCredentials;
           ...
           this.RequireSignatureConfirmation = true;
           this.RequireDerivedKeys = true;
           this.EstablishSecurityContext = true;
           this.RenewExpiredSecurityContext = true;
           this.ClientActor = "";

       }

       #region ClientOutputFilter
       class ClientOutputFilter : SendSecurityFilter
       {
           UsernameClientAssertion parentAssertion;
           FilterCreationContext filterContext;

           public ClientOutputFilter(UsernameClientAssertion
parentAssertion, FilterCreationContext filterContext)
               : base(parentAssertion.ServiceActor, false,
parentAssertion.ClientActor)
           {
               this.parentAssertion = parentAssertion;
               this.filterContext = filterContext;
           }

           public override void SecureMessage(SoapEnvelope envelope,
Security security)
           {
               UsernameToken userToken = new UsernameToken(
                   parentAssertion.userCredentials.UserName,
                   parentAssertion.userCredentials.Password,
                   PasswordOption.SendNone); // we don't send password over
network
               // but we just use username/password to sign/encrypt message
                             
               
               // Add the token to the SOAP header.
               security.Tokens.Add(userToken);

               // encrypt BODY
               EncryptedData data = new EncryptedData(userToken);

               // encrypt custom headers

               // add ancrypted data to the security context
               security.Elements.Add(data);
           }
       }
       #endregion
   }

Code :-
UsernameClientAssertion assert = new
UsernameClientAssertion(this.userCredentials);
Policy policy = new Policy();
policy.Assertions.Add(assert);
service.SetPolicy(policy);

------------------------
Pravin Patil

> Hi Pravin,
> That is the web service. Have you applied the same policy to service proxy
[quoted text clipped - 158 lines]
> >> >> > Security\CS\Advanced\Part1\after\SecureInvoiceClient\InvoiceManagerForm.cs:line
> >> >> > 186}
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.