Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / January 2006

Tip: Looking for answers? Try searching our database.

WSE 2.0 Security Policy

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
SAL - 27 Dec 2005 20:54 GMT
I need to create a policy file for my Web Service with security built-in and
I’m using VB.net and WSE 2.0 to do it.

I am new to building Web Services, so any help would be appreciated.  So
far, I know I need to add a <policy></policy> tag in the WEB.config, and
between the tags would be the name of the xml document that has the policies
in it.  Is there anything else that I should include in the Web.config file?

I have created this policyCache.xml document and added it to my project.  In
researching what needs to go in my policy I have come across many examples,
and I would like to know what each tag means and the definition on how to use
them.  Can anyone tell me where to find this information?  Below is a sample
I found that I am trying to understand.

<policyDocument>
 <mappings>
   <endpoint>
     <operation/>
     <defaultOperation>
       <request/>
       <response/>
       <fault/>
     </defaultOperation>
   </endpoint>
   <endpoint>
     <defaultOperation>
       <request/>
       <response/>
       <fault/>
     </defaultOperation>
   </endpoint>
   <defaultEndpoint>
     <defaultOperation>
       <request/>
       <response/>
       <fault/>
     </defaultOperation>
   </defaultEndpoint>
 </mappings>
 <policies>
   <wsp:Policy>
     <wssp:Confidentiality>
       <wssp:KeyInfo>
         <wssp:SecurityToken>
           <wssp:TokenType></wssp:TokenType>
         </wssp:SecurityToken>
       </wssp:KeyInfo>
       <wssp:MessageParts></wssp:MessageParts>
     </wssp:Confidentiality>
   </wsp:Policy>
   <wsp:Policy>
     <wssp:Confidentiality>
       <wssp:KeyInfo>
         <wsse:SecurityTokenReference>
           <wsse:KeyIdentifier></wsse:KeyIdentifier>
         </wsse:SecurityTokenReference>
       </wssp:KeyInfo>
       <wssp:MessageParts></wssp:MessageParts>
     </wssp:Confidentiality>
   </wsp:Policy>
   <wsp:Policy>
     <wssp:Integrity>
       <wssp:TokenInfo>
         <wssp:SecurityToken>
           <wssp:TokenType></wssp:TokenType>
         </wssp:SecurityToken>
       </wssp:TokenInfo>
       <wssp:MessageParts></wssp:MessageParts>
     </wssp:Integrity>
   </wsp:Policy>
   <wsp:Policy>
     <wssp:Integrity>
       <wssp:TokenInfo>
         <wsp:OneOrMore>
           <wssp:SecurityToken>
             <wssp:TokenType></wssp:TokenType>
           </wssp:SecurityToken>
           <wssp:SecurityToken>
             <wssp:TokenType></wssp:TokenType>
           </wssp:SecurityToken>
         </wsp:OneOrMore>
       </wssp:TokenInfo>
       <wssp:MessageParts></wssp:MessageParts>
     </wssp:Integrity>
   </wsp:Policy>
 </policies>
</policyDocument>

Thanks,
Reply to this Message
Pablo Cibraro - 28 Dec 2005 15:37 GMT
Hi SAL,
It will be better if you use the WSE configuration tool.
This tool will help you to accomplish this task since it has different
wizards to create policy files.

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

>I need to create a policy file for my Web Service with security built-in
>and
[quoted text clipped - 92 lines]
>
> Thanks,
Reply to this Message
SAL - 30 Dec 2005 19:06 GMT
Hi Pablo,

I used the WSE Configuration Tool you suggested and it creates all the tags
necessary for the Web.config file, but not the policyCache.xml which will
contain all the Web Service Policies I will use.

I have looked at the WSE 2.0 documentation, which has given me some
understanding of what the tags are for the Configuration File Schema and
Policy File Schema, but not when or why I should use them.

Correct me if my understanding of how a Web Service works, but my
understanding is:
1.    The WebApp.asp will call a WebService.asmx,
2.    The service will do it’s validation from the policyCache.xml based on the
references defined in the Web.config file.
3.    Send back a response to the WebApp.asp if it’s OK to use the service

Also, I have been looking for a tool to create X.509 Certificates but I have
not found anything.  Since I am trying to incorporate Security in my Web
Service I would like to create a Certificate.  Is there a Utility like the
WSE Configuration Tool that let’s you create a Certificate?

Thanks,

Sal

> Hi SAL,
> It will be better if you use the WSE configuration tool.
[quoted text clipped - 102 lines]
> >
> > Thanks,
Reply to this Message
RAKI - 05 Jan 2006 10:13 GMT
Hi sal

WSE only provides Test certificates. Those are WSE2QuickStartServer and
WSE2QuickStartClient. If you want to try on this test certificates....

you can find a setup.exe in this path...C:\Program Files\Microsoft
WSE\v3.0\Samples.....

You have to execute this exe file through VS studio command prompt. When
have done it will create those test certificates...

Is this what u looking for...?

> Hi Pablo,
>
[quoted text clipped - 128 lines]
> > >
> > > Thanks,
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.