RE: Web Method Parameters
From: Dan Rogers (danro_at_microsoft.com)
Date: 11/19/04
- Next message: Dan Rogers: "RE: use a com objet in a webservice"
- Previous message: Dan Rogers: "RE: The root element is missing and soapExtension"
- In reply to: JMZ: "RE: Web Method Parameters"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 19 Nov 2004 19:02:14 GMT
Do you know which parameter is causing the null reference exception? Is it
possible that the string is NOT an XML element (this would be unusual,
since XML is not strings...
Dan
--------------------
>Thread-Topic: Web Method Parameters
>thread-index: AcTMvGZLFb7UH/vjS7eCjt8MSvPOtA==
>X-WBNR-Posting-Host: 164.156.210.1
>From: =?Utf-8?B?Sk1a?= <JMZ@discussions.microsoft.com>
>References: <C386F1F8-95FB-406C-B369-0E54F39A83EE@microsoft.com>
<HLDuDDEzEHA.1884@cpmsftngxa10.phx.gbl>
>Subject: RE: Web Method Parameters
>Date: Wed, 17 Nov 2004 07:45:01 -0800
>Lines: 90
>Message-ID: <FE60BE19-CA3E-4AC7-9FA4-D0794908D084@microsoft.com>
>MIME-Version: 1.0
>Content-Type: text/plain;
> charset="Utf-8"
>Content-Transfer-Encoding: 7bit
>X-Newsreader: Microsoft CDO for Windows 2000
>Content-Class: urn:content-classes:message
>Importance: normal
>Priority: normal
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
>NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>Xref: cpmsftngxa10.phx.gbl
microsoft.public.dotnet.framework.aspnet.webservices:26668
>X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
>
>Dan,
>
>Thanks very much for the info.
>
>Maybe you can also explain why the GetBodyObject() method gives me
trouble.
>After having used SetBodyObject to serialize a string into the body (after
>calling CreateBody), my web service throws a null reference excpetion when
>calling GetBodyObject to get the string back out.
>
>Any ideas?
>
>Thanks again.
>
>"Dan Rogers" wrote:
>
>> Hi,
>>
>> When you call a web service using WSE and WS-Security, you specify which
>> fields are included in the signature. Since a request message body is
>> entirely the parameters, the answer that will put your fears to rest is
>> that yes, the body is what gets signed, typically. To test this, you
can
>> keep a trace of a message that you send normally, save it, alter the
data
>> in the parameters being sent, and test for whether the signed request
(with
>> altered content) makes it thru to your service without detection when
you
>> play the message back via a playback tool (raw TCP/IP or HTTP Post will
do
>> in most cases).
>>
>> If you are conducting your transaction over SSL, you'll have to capture
the
>> payload before it gets encrypted on the wire to verify this, as the SSL
>> encryption will prevent capture/alteration/playback quite effectively
all
>> by itself.
>>
>> I hope this helps,
>>
>> Dan Rogers
>> Microsoft Corporation
>> --------------------
>> >Thread-Topic: Web Method Parameters
>> >thread-index: AcTMPHA4RwNPnbjcSEqMwujN648X3w==
>> >X-WBNR-Posting-Host: 164.156.210.1
>> >From: =?Utf-8?B?Sk1a?= <JMZ@discussions.microsoft.com>
>> >Subject: Web Method Parameters
>> >Date: Tue, 16 Nov 2004 16:29:02 -0800
>> >Lines: 23
>> >Message-ID: <C386F1F8-95FB-406C-B369-0E54F39A83EE@microsoft.com>
>> >MIME-Version: 1.0
>> >Content-Type: text/plain;
>> > charset="Utf-8"
>> >Content-Transfer-Encoding: 7bit
>> >X-Newsreader: Microsoft CDO for Windows 2000
>> >Content-Class: urn:content-classes:message
>> >Importance: normal
>> >Priority: normal
>> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
>> >Newsgroups: microsoft.public.dotnet.framework.aspnet.webservices
>> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.1.29
>> >Path: cpmsftngxa10.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
>> >Xref: cpmsftngxa10.phx.gbl
>> microsoft.public.dotnet.framework.aspnet.webservices:26637
>> >X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.webservices
>> >
>> >I know the parameters for a web method call get serialized into the
SOAP
>> >message when the call is made, but what I need to know is:
>> >
>> >If the SOAP message includes a digital signature (from an
>> >X509SecurityToken), are the parameters signed as well? That is, if one
of
>> >the parameters was tampered with during transit, would WSE detect it
when
>> it
>> >verifies the signature during its CheckSignature call?
>> >
>> >The reason I need to know is that our web service is our portal for
>> >sensitive file uploads, and we use X509Certificates from the
CurrentUser
>> >store for the signature. But, I am having great difficulty in
retrieving
>> the
>> >body XmlElement with the GetBodyObject() method, after having
successfully
>> >serialized the file contents into it with the SetBodyObject() method in
>> the
>> >client. Every attempt to get the body element throws an exception.
>> >
>> >However, seeing that the parameters get serialized into the SOAP
message
>> >automatically (and deserialized in the web service), if the parameters
are
>> >getting signed with the rest of the SOAP message, then there's no point
in
>> >using the SetBodyObject() method.
>> >
>> > We are conducting the transaction over SSL, as well.
>> >
>> >Thanks in advance.
>> >
>>
>>
>
- Next message: Dan Rogers: "RE: use a com objet in a webservice"
- Previous message: Dan Rogers: "RE: The root element is missing and soapExtension"
- In reply to: JMZ: "RE: Web Method Parameters"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
