N
Nedu N
Hi All,
I have three questions while trying WSSE with .NET web services, and i
appreciate your help.
1). I want my web service to be configured to require usernametoken for
authentication with a receive policy file. For signing and Encryption i am
using X509 token and i am not using Usernametoken for this. i.e, I want to
use usernametoken authentication with X509 signing and X509 encryption. I am
not sure how to mention usernametoken requirment in the server side receive
and client side policy files. I want my webservice to reject web requests if
they are not coming with usernametokens for authentication. I don't want to
do this within the code creating token on client and attaching to the soap
header.
2). Also i want tweak signing and encryption for testing sake like changing
the signed message in-between and see the webservice rejecting the request
on integrity violation.I know someway using TCPMON and curious to know if
there are any other simple way to do this.
3). And same way i want to tweak and test the encryption logic somehow.
My policy file looks like following both on client side and server side.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">
<mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy">
<mapDefault policy="#policy-e0e72048-bd00-4d6a-a064-67746b005d74" />
</mappings>
<policies xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsp
olicy wsu:Id="policy-e0e72048-bd00-4d6a-a064-67746b005d74"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsse:Integrity wsp:Usage="wsp:Required"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:TokenInfo>
<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:TokenType>wsse:X509v3</wsse:TokenType>
<wsse:Claims>
<wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer</wsse:SubjectName>
</wsse:Claims>
</SecurityToken>
</wsse:TokenInfo>
<wsse:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
ageParts>
</wsse:Integrity>
<wsse:Confidentiality wsp:Usage="wsp:Required"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:KeyInfo>
<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:TokenType>wsse:X509v3</wsse:TokenType>
<wsse:Claims>
<wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer</wsse:SubjectName>
</wsse:Claims>
</SecurityToken>
</wsse:KeyInfo>
<wsse:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
ageParts>
</wsse:Confidentiality>
</wspolicy>
</policies>
</policyDocument>
I have three questions while trying WSSE with .NET web services, and i
appreciate your help.
1). I want my web service to be configured to require usernametoken for
authentication with a receive policy file. For signing and Encryption i am
using X509 token and i am not using Usernametoken for this. i.e, I want to
use usernametoken authentication with X509 signing and X509 encryption. I am
not sure how to mention usernametoken requirment in the server side receive
and client side policy files. I want my webservice to reject web requests if
they are not coming with usernametokens for authentication. I don't want to
do this within the code creating token on client and attaching to the soap
header.
2). Also i want tweak signing and encryption for testing sake like changing
the signed message in-between and see the webservice rejecting the request
on integrity violation.I know someway using TCPMON and curious to know if
there are any other simple way to do this.
3). And same way i want to tweak and test the encryption logic somehow.
My policy file looks like following both on client side and server side.
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">
<mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy">
<mapDefault policy="#policy-e0e72048-bd00-4d6a-a064-67746b005d74" />
</mappings>
<policies xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsp
olicy wsu:Id="policy-e0e72048-bd00-4d6a-a064-67746b005d74"xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">
<wsse:Integrity wsp:Usage="wsp:Required"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:TokenInfo>
<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:TokenType>wsse:X509v3</wsse:TokenType>
<wsse:Claims>
<wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer</wsse:SubjectName>
</wsse:Claims>
</SecurityToken>
</wsse:TokenInfo>
<wsse:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
ageParts>
</wsse:Integrity>
<wsse:Confidentiality wsp:Usage="wsp:Required"
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:KeyInfo>
<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:TokenType>wsse:X509v3</wsse:TokenType>
<wsse:Claims>
<wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer</wsse:SubjectName>
</wsse:Claims>
</SecurityToken>
</wsse:KeyInfo>
<wsse:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
ageParts>
</wsse:Confidentiality>
</wsp
olicy></policies>
</policyDocument>