 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / December 2005Upgrading WSE 1.0 to WSE 3.0
Guys, I have the following code in an app using WSE 1.0 I would like to move to WSE 3.0 and VS 2K5 as we are in the early stages of development of the application and makes more sense to upgrade now rather than later. I'm having difficulties understanding the new WSE 3.0 model and am finding it difficult to see how to upgrade. The area that I would like some help with is as follows: Public Function GetProxy() As OnCoverWS.DataServ1Wse Dim proxy As New OnCoverWS.DataServ1Wse proxy.Url = ConnectionString Dim reqCtx As SoapContext = proxy.RequestSoapContext Dim tok As New UsernameToken(UserName, Password, PasswordOption.SendHashed) reqCtx.Security.Tokens.Add(tok) reqCtx.Security.Elements.Add(New Signature(tok)) Return proxy End Function This function takes a username and password and passes it to the webservice where I implment IPassword and call the username & paswword from the database to compare the two. In the above code I am unable to find the RequestSoapContext or its new equivalent I also have problems with the userTokenName section as well. Dim requestContext As SoapContext = HttpSoapContext.RequestContext Dim userToken As UsernameToken Dim returnValue As String 'check the context of the soap meesage If requestContext Is Nothing Then Throw New SoapException("Non-Soap Message", SoapException.ClientFaultCode) End If 'find user in header For Each userToken In requestContext.Security.Tokens If TypeOf userToken Is UsernameToken Then If userToken.PasswordOption = PasswordOption.SendHashed Then Return True Exit For Else 'throw any errors to the caller Throw New SoapException("Password must be hashed", SoapException.ClientFaultCode) End If End If Next This function is in the webservice and is called each time a function of the webservice is called to ensure that the user is a valid user. I need to know how I would go about changing this or should I be doing it different in WSE3.0? A little help would be appreicated thanks. Duncan Hi Duncan, Welcome to Webservice newsgroup. From your description, you used to use the WSE1.0 to provide message level security authentication (by Username Token..) and you're wantting to upgraded the applicaiton to use the new WSE 3.0 ,yes? First, as for WSE3.0, it use the new programming model which is based on PolicyAssertion... that means each webservice from client to service endpoint can be configured to use a certain Policy Assertion. In the Policy Assertion, there defined Soap filters which will do the message processing (e.g ClientOutputFilter, ClientInputFilter, ServerInputFilter, ServerOutputFilter....). And there exists some build-in well defined PolicyAssertions in WSE 3.0 , such as: UsernameOverTransportAssertion------- this help us establishing username token based authentication and leave the message securing to the underlying transport layer protocol.... UsernameForCertificateAssertion ------Use Username Token for authentication but also help use x509 certificates for messge securing(encryting and signing...) Hi Steven Thanks for the reply, so should I be looking at "UsernameOverTransportAssertion" policy, is that similar to what I was doing in WSE 1.0? Do you know of any simple examples where this assertion is used, I've looked at the samples that come with WSE 3.0 and they look quite advanced, also are there any good books on WSE 3.0 yet that you could recommend that would give me more grounding of the new WSE model? Duncan > Hi Duncan, > [quoted text clipped - 21 lines] > but also help use x509 certificates for messge securing(encryting and > signing.. Thanks for your quick response Duncan, So far the best and most typical samples should be the ones in WSE 3.0 sdk... If you think that UsernameOverTransport example too complex, I think you can just manually create an ASP.NET webservice and use the VS2005 wse 3.0 ADD-IN configuration wizard to automatically generate a UsernameOverTransport policy..... (if you've installed WSE 3.0 sdk), just right click your application's project node in solution explorer and choose the "WSE settings 3.0...." in the bottom menu item.... That'll launch the configuration wizard, then, in the "Policy" tab, we can enable policy and add new policy ....... After that, we just need to follow the wizard to build a build-in policy assertion. Also, you can find some simple code snippet and description on these policy assertion in WSE3.0 documentation... So far since WSE 3.0 is just new released, I'm afraid there is limited books and resources over internet... and currently I think the WSE 's home site will be the best place for getting some latest informations: https://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx Thanks, Steven Cheng Microsoft Online Support  SignatureGet Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- From: "Duncan" <duncan@newsgroups.nospam> References: <#IPQG3Y#FHA.740@TK2MSFTNGP12.phx.gbl> <ToGHlSh#FHA.4000@TK2MSFTNGXA02.phx.gbl> Subject: Re: Upgrading WSE 1.0 to WSE 3.0 Date: Tue, 6 Dec 2005 08:45:46 -0000 Lines: 42 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Original Message-ID: <OjkBhFk#FHA.532@TK2MSFTNGP15.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements NNTP-Posting-Host: cou017-40873-net-adsl-02.altohiway.com 84.252.252.18 Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP15.phx.gbl Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.framework.webservices.enhancements:7853 X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements Hi Steven Thanks for the reply, so should I be looking at "UsernameOverTransportAssertion" policy, is that similar to what I was doing in WSE 1.0? Do you know of any simple examples where this assertion is used, I've looked at the samples that come with WSE 3.0 and they look quite advanced, also are there any good books on WSE 3.0 yet that you could recommend that would give me more grounding of the new WSE model? Duncan > Hi Duncan, > [quoted text clipped - 21 lines] > but also help use x509 certificates for messge securing(encryting and > signing.. Hi Steven Thanks for the reply. I've had a quick run through the wizard (I will look at it in more detail later), I assume I need to select the option secure service (rather than client) and select username? it asks for a x.509 certificate do I need to get/create one of these? Once I've gone through this wizard and it creates a policy cache.config file how do I go about wiring it up to my application, I was implementing IPasswordprovider in WSE 1.0, I guess this is now redundant? Thanks Duncan > Thanks for your quick response Duncan, > [quoted text clipped - 93 lines] >> but also help use x509 certificates for messge securing(encryting and >> signing.. Thanks for your response Duncan, As for the ============= it asks for a x.509 certificate do I need to get/create one of these? ============= This is because you've choosed to either sign or encrypte the message during the wizard..... You can choose the "none(rely on transport protection....)" so that it won't require you to provide a certificate for encrypting or signing.... To apply the policy to our service, we can use the following means: for webservice serverside service, we can use the [Policy(...)] attribute, e.g: <Policy("ServicePolicy")> _ Public Class Service Inherits System.Web.Services.WebService For client side proxy code, we can use the proxy class's SetPolicy to assign the PolicyAssertion at runtime (before invoking webmethod....) In addition, as for IPassword, as I've mentioned, it is not replaced by the new UsernameToken Manager , we need to create our custom UsernameToken Manager class if we have our own authentication mechanism..... You can refer to the following reference or your local WSE 3.0 documentation about the UsernameTokenManager..... http://www.codeproject.com/soap/WSE30UsernameAssertion.asp Thanks, Steven Cheng Microsoft Online Support SignatureGet Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- From: "Duncan" <duncan@newsgroups.nospam> References: <#IPQG3Y#FHA.740@TK2MSFTNGP12.phx.gbl> <ToGHlSh#FHA.4000@TK2MSFTNGXA02.phx.gbl> <OjkBhFk#FHA.532@TK2MSFTNGP15.phx.gbl> <H6hMXyk#FHA.3764@TK2MSFTNGXA02.phx.gbl> Subject: Re: Upgrading WSE 1.0 to WSE 3.0 Date: Tue, 6 Dec 2005 11:15:09 -0000 Lines: 125 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Original Message-ID: <#AxJ6Yl#FHA.2036@TK2MSFTNGP14.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements NNTP-Posting-Host: cou017-40873-net-adsl-02.altohiway.com 84.252.252.18 Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP14.phx.gbl Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.framework.webservices.enhancements:7857 X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements Hi Steven Thanks for the reply. I've had a quick run through the wizard (I will look at it in more detail later), I assume I need to select the option secure service (rather than client) and select username? it asks for a x.509 certificate do I need to get/create one of these? Once I've gone through this wizard and it creates a policy cache.config file how do I go about wiring it up to my application, I was implementing IPasswordprovider in WSE 1.0, I guess this is now redundant? Thanks Duncan > Thanks for your quick response Duncan, > [quoted text clipped - 17 lines] > books and resources over internet... and currently I think the WSE 's home > site will be the best place for getting some latest informations: https://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx > Thanks, > [quoted text clipped - 71 lines] >> but also help use x509 certificates for messge securing(encryting and >> signing.. Hi Steven Thanks for the reply it is now starting to make some sense, WSE 3.0 is quite different from WSE 1.0, I guess I should have got more invovled in version 2.0 maybe this might have been clearer from the start. Anyway thanks for you help it is really appreciated. I will spend some time today looking at this and see where I get to. Once again thanks Duncan > Thanks for your response Duncan, > [quoted text clipped - 178 lines] >>> but also help use x509 certificates for messge securing(encryting and >>> signing.. You're welcome Duncan, Yes, it'll be a bit more convenient if we start from WSE 2 to WSE 3. Actually, the current designing for .NET framework webservice and WSE add-on are: # if we use .net framework1.1 to create webservcie and client comsumer, we can use WSE 2.0 SP3 .... # if we use .net framework 2.0, then WSE 3.0 is the choice, which provided more simplified and flexible programming model.... Also, please feel free to post here when you need any assistance... Thanks, Steven Cheng Microsoft Online Support SignatureGet Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) -------------------- From: "Duncan" <duncan@newsgroups.nospam> References: <#IPQG3Y#FHA.740@TK2MSFTNGP12.phx.gbl> <ToGHlSh#FHA.4000@TK2MSFTNGXA02.phx.gbl> <OjkBhFk#FHA.532@TK2MSFTNGP15.phx.gbl> <H6hMXyk#FHA.3764@TK2MSFTNGXA02.phx.gbl> <#AxJ6Yl#FHA.2036@TK2MSFTNGP14.phx.gbl> <4ESWSqv#FHA.4000@TK2MSFTNGXA02.phx.gbl> Subject: Re: Upgrading WSE 1.0 to WSE 3.0 Date: Wed, 7 Dec 2005 08:45:17 -0000 Lines: 214 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 X-RFC2646: Format=Flowed; Original Message-ID: <#Fqu1pw#FHA.140@TK2MSFTNGP12.phx.gbl> Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements NNTP-Posting-Host: cou017-40873-net-adsl-02.altohiway.com 84.252.252.18 Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP12.phx.gbl Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.dotnet.framework.webservices.enhancements:7874 X-Tomcat-NG: microsoft.public.dotnet.framework.webservices.enhancements Hi Steven Thanks for the reply it is now starting to make some sense, WSE 3.0 is quite different from WSE 1.0, I guess I should have got more invovled in version 2.0 maybe this might have been clearer from the start. Anyway thanks for you help it is really appreciated. I will spend some time today looking at this and see where I get to. Once again thanks Duncan > Thanks for your response Duncan, > [quoted text clipped - 102 lines] >> home >> site will be the best place for getting some latest informations: https://msdn.microsoft.com/webservices/webservices/building/wse/default.aspx >> Thanks, >> [quoted text clipped - 69 lines] >>> but also help use x509 certificates for messge securing(encryting and >>> signing.. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.