 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / December 2005Securing webmethods webservice selectively using policy files.
Hi, I am using wse3.0 to secure webservice. I have two web methods in this webservice viz. HelloWorldWithSecurity. HelloWorldWithOutSecurity. 1) Can I secure only HelloWorldWithSecurity and leave HelloWorldWithOutSecurity not secured ? Is it always necessary to specify the Policy attribute for the class in the webservice if we are using the policy method to secure webservices ? eg. [WebService(Namespace = "http://www.contoso.com/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [Policy("ServicePolicy")] // is this necessary ??? public class Service : System.Web.Services.WebService { public Service () { } [WebMethod] public string HelloWorldWithSecurity() { return "Hello World with security"; } [WebMethod] public string HelloWorldWithOutSecurity() { return "Hello World without security"; } } 2) Can requestAction attribute of the protection element be used for this ? The problem I am facing is - If i dont specify the Policy attribute for the class none of the methods are secured. If I use the policy attribute all of them are secured irrespective of the method name in the request action attribute. Can anyone help me out with this ??? Thanks. Hi swapna, You will have to separate the web methods in two different web services. The requestAction attribute doesn't work in this case because the policy applies to both webmethods. Still, you can specify different protection requeriments under the same policy with that attribute. For example, this policy doesn't work because you can't specify IncludeNone for the signature: <usernameForCertificateSecurity establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="true"> <serviceToken> <x509 storeLocation="LocalMachine" storeName="My" findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName" /> </serviceToken> <protection requestAction="HelloWorldWithSecurity"> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> </protection> <protection requestAction="HelloWorldWithOutSecurity"> <request signatureOptions="IncludeNone" encryptBody="false" /> <response signatureOptions="IncludeNone" encryptBody="false" /> <fault signatureOptions="IncludeNone" encryptBody="false" /> </protection> </usernameForCertificateSecurity> Regards, Pablo Cibraro http://weblogs.asp.net/cibrax http://www.lagash.com > Hi, > I am using wse3.0 to secure webservice. [quoted text clipped - 41 lines] > Can anyone help me out with this ??? > Thanks. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.