 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / September 2006Policies an Services
hello, i am working with wse 3.0. you can assign a policy to a webservice by adding e.g. [Policy("ServerPolicy")] to the Class of the Webservices. Every method in this class will be handled with this policy now. what can i do if some methods of this class sould use no policy or another policy? i whant to decide for each method in the class what policy should be used. any suggestions? greetings from germany stefan Hi Stefan, Unfortunately, WSE does not support a way to specify different policies to the same web service class (A different policy for each web method). The only way to solve that problem is separating the web methods in different classes. Regards, Pablo. > hello, > [quoted text clipped - 10 lines] > greetings from germany > stefan hi pablo thak you for your answer. but this are not good news. with wse 2.0 this was no problem to use different security levels for each methods in one class. can i solve my problem whithout policies? can i do it programmaticaly? regards stefan > Hi Stefan, > [quoted text clipped - 21 lines] >> greetings from germany >> stefan Hi Stefan, WSE 3.0 still offers a way to specify different security levels for different methods, but the same policy applies to all of them. For Example, <policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy"> <policy name="ClientPolicy"> <mutualCertificate11Security establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="true" messageProtectionOrder="SignBeforeEncrypt" requireDerivedKeys="false" ttlInSeconds="300"> <clientToken> <x509 storeLocation="CurrentUser" storeName="My" findValue="CN=WSE2QuickStartClient" findType="FindBySubjectDistinguishedName" /> </clientToken> <serviceToken> <x509 storeLocation="CurrentUser" storeName="AddressBook" findValue="CN=WSE2QuickStartServer" findType="FindBySubjectDistinguishedName" /> </serviceToken> <protection requestAction="MyMethod1"> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="true" /> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> </protection> <protection requestAction="MyMethod2"> <request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> <response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> <fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody" encryptBody="false" /> </protection> </mutualCertificate11Security> <requireActionHeader /> </policy> </policies> Different protection elements in the same policy, the requestAction attribute specifies the Soap Action. If you want to use different assertions or no policy at all, you have to develop a custom security assertion. (Programmaticaly). WSE provides a nice sample for that, you can find it in the following folder C:\Program Files\Microsoft WSE\v3.0\Samples\CS\QuickStart\Advanced\CustomSecurityPolicyAssertion I hope this can help you. Regards, Pablo Cibraro http://weblogs.asp.net/cibrax > hi pablo > [quoted text clipped - 30 lines] >>> greetings from germany >>> stefan Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.