Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / January 2006

Tip: Looking for answers? Try searching our database.

How to decrypt soap envelop at the client side

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
RAKI - 03 Jan 2006 17:06 GMT
Hi guys

I am working with WSE 3.0 and VS 2005. I got a problem while working with
encryption and decryption. I am following the quick sample provided with the
WSE 3.0 documentation

i will explain in steps

1. I am encrypting the soap envelope with server x509securitytoken in client
output filter.

2. When soap envelope reaches the service input filter WSE automatically
decrypting the message and calling the web Method and generating the response

3. When the response passes the service output filter then am trying to
encrypt the soap envelope with the client x509 securitytoken.

4. Finally when the message reaches the client input filter WSE can not
automatically decrypt the message and the envelope holds the cipher data and
values elements and etc

all the security tokens are placed in .. envelope.context.operationstate.

my question is---- how can i decrypt the soap envelop at the client input
filter.

Thaking u
rakesh
Reply to this Message
Pablo Cibraro - 03 Jan 2006 20:08 GMT
Hi rakesh,
The procedure that you are using is correct.
Perhaps, you are not using the right certificate or token to encrypt the
response message. Could you post the code used by your custom assertion ?

Regards,
Pablo Cibraro
http://weblogs.asp.net/cibrax
http://www.lagash.com

> Hi guys
>
[quoted text clipped - 28 lines]
> Thaking u
> rakesh
Reply to this Message
RAKI - 03 Jan 2006 21:39 GMT
here is my four filters code

class ClientInputFilter : ReceiveSecurityFilter
   {
       public ClientInputFilter(CustomFilters filter)
           : base(filter.ClientActor,true) { }

       public override void ValidateMessageSecurity(SoapEnvelope envelope,
Security security)
       {
           bool signed = false;
           bool encrypted = false;

           RequestState state =
envelope.Context.OperationState.Get<RequestState>();

           foreach (ISecurityElement elem in security.Elements)
           {
               if (elem is MessageSignature)
               {
                   MessageSignature sig = elem as MessageSignature;
                   if (sig.SigningToken.Equals(state.ServerToken))
                       signed = true;
                   else
                       throw new ApplicationException("invalid serverToken
token");
               }

               if (elem is EncryptedData)
               {
                   EncryptedData enc = elem as EncryptedData;
                   if (enc.SecurityToken.Equals(state.ClientToken))
                   {
                       XmlElement eleme = enc.TargetElement;
                       encrypted = true;
                   }
                   else
                       throw new ApplicationException("invalid encryption
security token");
               }
           }
           envelope.Save("c://Test/Clientsoapin.xml");

           if (!signed || !encrypted)
               throw new ApplicationException("soap does not contain the
security requirements");
       }
   }

   class ClinetOutputFilter : SendSecurityFilter
   {
       SecurityToken clientToken = null;
       SecurityToken serverToken = null;

       public ClinetOutputFilter(CustomFilters filter)
           : base(filter.ClientActor, true) {
               // Get the client security token.
               clientToken =
X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My,
"CN=WSE2QuickStartClient");

               // Get the server security token.
               serverToken =
X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My,
"CN=WSE2QuickStartServer");    
       }

       public override void SecureMessage(SoapEnvelope envelope, Security
security)
       {
           security.Tokens.Add(clientToken);
           security.Elements.Add(new MessageSignature(clientToken));
           EncryptedData ed = new EncryptedData(serverToken);
           security.Elements.Add(ed);
           
           ed.Encrypt(envelope);
         
           envelope.Save("c://Test/Clientsoapout.xml");
           //security.Elements.Add(new EncryptedData(serverToken, "#" +
clientToken.Id));
           

           RequestState state = new RequestState(clientToken, serverToken);
           envelope.Context.OperationState.Set(state);
           
       }
   }

   class ServerInputFilter : ReceiveSecurityFilter
   {
       X509SecurityToken clientToken;
       X509SecurityToken serverToken;

       public ServerInputFilter(CustomFilters filter)
           : base(filter.ServiceActor, false)
       {
           clientToken =
X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My,
"CN=WSE2QuickStartClient");
           serverToken =
X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My,
"CN=WSE2QuickStartServer");  
       }

       public override void ValidateMessageSecurity(SoapEnvelope envelope,
Security security)
       {

           bool signed = false;
           bool encrypted = false;
           //RequestState state =
envelope.Context.OperationState.Get<RequestState>();

           foreach (ISecurityElement elem in security.Elements)
           {
               if (elem is MessageSignature)
               {
                   MessageSignature sig = elem as MessageSignature;
                   if (sig.SigningToken.Equals(clientToken))
                       signed = true;
                   else
                       throw new ApplicationException("invalid signing
client token");
               }

               if( elem is EncryptedData )
               {
                   EncryptedData enc = elem as EncryptedData;
                   if (enc.SecurityToken.Equals(serverToken))
                   {
                       encrypted = true;
                   }
                   else
                       throw new ApplicationException("invalid encryption
security token");
               }
           }

           envelope.Save("c://Test/Serversoapin.xml");
           if (!signed || !encrypted)
               throw new ApplicationException("soap does not contain the
security requirements");

           RequestState state = new RequestState(clientToken, serverToken);
           envelope.Context.OperationState.Set(state);
       }
   }

   class ServerOutputFilter : SendSecurityFilter
   {
       public ServerOutputFilter(CustomFilters filter)
           : base(filter.ServiceActor, false) { }

       public override void SecureMessage(SoapEnvelope envelope, Security
security)
       {
           RequestState state =
envelope.Context.OperationState.Get<RequestState>();

           security.Tokens.Add(state.ServerToken);
           security.Elements.Add(new MessageSignature(state.ServerToken));
           EncryptedData ed = new EncryptedData(state.ClientToken);
           security.Elements.Add(ed);
           ed.Encrypt(envelope);
           envelope.Save("c://Test/Serversoapout.xml");
       }
   }

I have studied the documentation. But while implementation lots of
confusion..am just beginner.. Gimme suggestiions...

By
Rakesh,

> Hi rakesh,
> The procedure that you are using is correct.
[quoted text clipped - 38 lines]
> > Thaking u
> > rakesh
Reply to this Message
RAKI - 04 Jan 2006 17:06 GMT
Hi again

I cant figure whts the actual problem is ... please anybody help in this
issue.

WSE is not decrypting the soap message at the client side. And anybody tell
me how x509securitytokens will work in client side.

Thanks in advance
rakesh

> here is my four filters code
>
[quoted text clipped - 212 lines]
> > > Thaking u
> > > rakesh
Reply to this Message
RAKI - 04 Jan 2006 21:52 GMT
Hi again

Do i have to manually decrypt the message at the client side or what?......

looking for solutions

Thks in advance
Rakesh

> Hi again
>
[quoted text clipped - 223 lines]
> > > > Thaking u
> > > > rakesh
Reply to this Message
RAKI - 05 Jan 2006 12:36 GMT
Hi...

I solved the problem myself...

I have placed server and client x509 certificates in respective trusted
people zones...

Tak

> Hi again
>
[quoted text clipped - 232 lines]
> > > > > Thaking u
> > > > > rakesh
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.