Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / ASP.NET / Web Services / January 2007

Tip: Looking for answers? Try searching our database.

wse custom headers

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Martin Kulov [MVP] - 27 Dec 2006 20:15 GMT
Hi guys,

Is there a way to encrypt custom header using the web service policy file?
I am aware of the signedHeader element which specifies which custom headers
to be signed but I do not see any way to encrypt headers with policy. I only
found that encrypting custom headers is possible with creating custom class
that overrides SecurityPolicyAssertion. In WSE 2.0 this was possible by
setting up the header id in the policy elements.

Second question: Does the only way to create custom header use
SecurtyPolicyAssertion? Adding new custom header is not very security
related and it is a little unnatural to use SecurityPolicyAssertion. I guess
that there are also other situations in which the same question may apply.

Merry Christmas and Happy New Year,

Signature

Martin Kulov
http://www.codeattest.com/blogs/martin

MVP, MCT, MCSD, MCPD

Reply to this Message
Luke Zhang [MSFT] - 28 Dec 2006 06:57 GMT
Hello Martin,

Here is an article may be helpful on your question, you may take a look:

http://www.codeproject.com/soap/WSE30UsernameAssertion.asp

Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Reply to this Message
Martin Kulov [MVP] - 29 Dec 2006 09:10 GMT
> Hello Martin,
>
> Here is an article may be helpful on your question, you may take a look:
>
> http://www.codeproject.com/soap/WSE30UsernameAssertion.asp

Luke,

Indeed this is the one resource in the Internet I can find at all on how to
use custom headers.
However the article shows how to create custom assertion, but my question
actually was is how to encrypt headers using policy config file. This was
possible with WSE 2.0 using the Confidentiality and MessageParts elements.
Is there a similiar way of encrypting custom headers in WSE 3.0?

My second question was:
Does the only way to create custom header use SecurtyPolicyAssertion? Adding
new custom header is not very security related and it is a little unnatural
to use SecurityPolicyAssertion. I guess that there are also other situations
in which the same question may apply.

I have some thoughts on how accurate this article may be given this code
example:

----
// create web service proxy
// NOTE!!! When updating web reference in Visual Studio,
// don't forget to change its base class
// to Microsoft.Web.Services3.WebServicesClientProtocol then
WseSample.Service srv = new WseSample.Service();
----

The author should have been used the new class WseSample.ServiceWse that is
created when you enable WSE support in your project and update web reference
client.

Thanks,

Signature

Martin Kulov
http://www.codeattest.com/blogs/martin

MVP, MCT, MCSD, MCPD

Reply to this Message
Luke Zhang [MSFT] - 02 Jan 2007 09:55 GMT
I found a sample on code project which provide a way to encrypt custom SOAP
headers with Username token. You may take a look:

http://www.codeproject.com/soap/WSE30UsernameAssertion.asp?df=100&forumid=23
1872&exp=0&select=1806252

Also, WS-I Basic Security Profile :

http://msdn.microsoft.com/practices/default.aspx?pull=/library/en-us/dnpag2/
html/MSWSIBSP.asp

Sincerely,

Luke Zhang

Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.


Reply to this Message
Martin Kulov [MVP] - 05 Jan 2007 02:24 GMT
>I found a sample on code project which provide a way to encrypt custom SOAP
> headers with Username token. You may take a look:
[quoted text clipped - 6 lines]
> http://msdn.microsoft.com/practices/default.aspx?pull=/library/en-us/dnpag2/
> html/MSWSIBSP.asp

Luke,

there is no need to repost your answer.

thanks anyway,

Martin
Reply to this Message
Pablo Cibraro [MVP] - 08 Jan 2007 17:43 GMT
Hi Martin,

WSE 3.0 does not allow to encrypt custom headers by default. As you said, it
only allows to sign them.
If you want to encrypt custom headers, you will have to create a custom
security assertion or override one of the existing assertions. We had to do
something like that for the WS-I Basic Security Profile project,  our custom
assertion is available there,
http://msdn.microsoft.com/practices/default.aspx?pull=/library/en-us/dnpag2/html
/MSWSIBSP.asp

Regards,
Pablo.

>>I found a sample on code project which provide a way to encrypt custom
>>SOAP
[quoted text clipped - 15 lines]
>
> Martin
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2008 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.