 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / November 2005Problem in securing webmethod Wse 2.0 sp3
Hi, I am trying to implement webservice security , with x509 tokens, By signing the message with x509 tokens and encrypting them, the performance of the websvc becomes poor. I want to implement it for specific methods.. There is a requestAction attribute in the operations element with the help of which we can specify the name of the webmethod, I am signing the request with x509 token on the client I am attaching the policy files for u'r ref. my service side policy is as follows <?xml version="1.0" encoding="utf-8"?> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings> <endpoint uri="http://localhost/PartialTrustSvc/Service1.asmx"> <operation requestAction="http://localhost/PartialTrustSvc/HelloWorld"> <request policy="" /> <response policy="#signed-body-x509" /> <fault policy="" /> </operation> <!--<defaultOperation> <request policy="" /> <response policy="#signed-body-x509" /> <fault policy="" /> </defaultOperation>--> </endpoint> </mappings> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wssc="http://schemas.xmlsoap.org/ws/2004/04/sc" xmlns:rp="http://schemas.xmlsoap.org/rp"> <!--This policy requires that the body be digitally signed by an X509 security token.--> <wsp:Policy wsu:Id="signed-body-x509"> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartServer</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">bBwPfItvKp3b6TNDq+14qs58VJQ=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts xmlns:rp="http://schemas.xmlsoap.org/rp" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts> </wssp:Integrity> </wsp:Policy> </policies> </policyDocument> server side code.. [WebMethod] public string HelloWorld() { return "Hello World"; } my client side policy is as follows <?xml version="1.0" encoding="utf-8"?> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings> <endpoint uri="http://localhost/PartialTrustSvc/Service1.asmx"> <operation requestAction="http://localhost/PartialTrustSvc/HelloWorld"> <request policy="#signed-body-x509" /> <response policy="" /> <fault policy="" /> </operation> <!--<defaultOperation> <request policy="#signed-body-x509" /> <response policy="" /> <fault policy="" /> </defaultOperation>--> </endpoint> </mappings> <policies xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing" xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy" xmlns:wssc="http://schemas.xmlsoap.org/ws/2004/04/sc" xmlns:rp="http://schemas.xmlsoap.org/rp"> <!--This policy requires that the body be digitally signed by an X509 security token.--> <wsp:Policy wsu:Id="signed-body-x509"> <wssp:Integrity wsp:Usage="wsp:Required"> <wssp:TokenInfo> <wssp:SecurityToken> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X 509v3</wssp:TokenType> <wssp:TokenIssuer>CN=Root Agency</wssp:TokenIssuer> <wssp:Claims> <!--By specifying the SubjectName claim, the policy system can look for a certificate with this subject name in the certificate store indicated in the application's configuration, such as LocalMachine or CurrentUser. The WSE X.509 Certificate Tool is useful for finding the correct values for this field.--> <wssp:SubjectName MatchType="wssp:Exact">CN=WSE2QuickStartClient</wssp:SubjectName> <wssp:X509Extension OID="2.5.29.14" MatchType="wssp:Exact">gBfo0147lM6cKnTbbMSuMVvmFY4=</wssp:X509Extension> </wssp:Claims> </wssp:SecurityToken> </wssp:TokenInfo> <wssp:MessageParts xmlns:rp="http://schemas.xmlsoap.org/rp" Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body() wse:Timestamp() wse:Addressing()</wssp:MessageParts> </wssp:Integrity> </wsp:Policy> </policies> </policyDocument> client side code WSESvc.Service1Wse obj= new WSESvc.Service1Wse(); Console.WriteLine(obj.HelloWorld()); i m a getting the following error {"WSE464: No policy could be found for this message." } Microsoft.Web.Services2.Policy.PolicyEnforcementException: WSE464: No policy cou ld be found for this message. at Microsoft.Web.Services2.Policy.SimplePolicyEnforcer.Enforce(SoapEnvelope m essage) at Microsoft.Web.Services2.Policy.PolicyManager.Enforce(SoapEnvelope message) at Microsoft.Web.Services2.Policy.PolicyEnforcementOutputFilter.ProcessMessag e(SoapEnvelope envelope) at Microsoft.Web.Services2.Pipeline.ProcessOutputMessage(SoapEnvelope envelop e) at Microsoft.Web.Services2.OutputStream.Close() at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodN ame, Object[] parameters) at PartialTrustClient.WSESvc.Service1Wse.HelloWorld() in D:\WSEPOCs\PartialTr ustClient\Web References\WSESvc\Reference.cs:line 37 at PartialTrustClient.Class1.Main(String[] args) in d:\wsepocs\partialtrustcl ient\class1.cs:line 27 Where am i going wrong ? Thanks, Swapna Hi, I think the request action specified in the policy is wrong. It will be better if you specify the soap action in the service in order to use the same action as the policy. [WebMethod] [SoapDocumentMethodAttribute("http://localhost/PartialTrustSvc/HelloWorld")] public string HelloWorld() { return "Hello World"; } Regards, Pablo Cibraro http://weblogs.asp.net/cibrax http://www.lagash.com > Hi, > [quoted text clipped - 174 lines] > Thanks, > Swapna Thanx for the reply. I tried using the [SoapDocumentMethodAttribute("http://localhost/PartialTrustSvc/HelloWorl d")] as u suggested and replacing the operation element to defaultOperation on both client and server side policy files. This gives me the following exception "System.Web.Services.Protocols.SoapHeaderException: Server unavailable, please try later ---> System.ApplicationException: An error occured processing an outgoing fault response How should i specify the method to be secured in the requestAction of the operation element ? -- Sent via .NET Newsgroups http://www.dotnetnewsgroups.com Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.