Re: signing message element by id / no namespace

From: Stewart Bourke (stewartbourke_nospam_at_eircom_dotnet)
Date: 07/16/04

• Next message: casey chesnut: "ANN: WSE 2.0 from the Compact Framework"
• Previous message: morten: "Re: Calling an ASMX web service (with WSE 2.0) using SoapClient proxy"
• In reply to: Lucien: "Re: signing message element by id / no namespace"
• Next in thread: Lucien: "Re: signing message element by id / no namespace"
• Reply: Lucien: "Re: signing message element by id / no namespace"
• Messages sorted by: [ date ] [ thread ]

---

Date: Fri, 16 Jul 2004 09:40:20 +0100

Interesting approach.

In fact I do need to sign two sections - one in the header and one on the
body - would this still work?

The soap message I need to send is:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<soap:Header>
<Operation Id="MsgOperation"
xmlns="http://www.ros.ie/schemas/service/">Inbox/List</Operation>
</soap:Header>

<soap:Body Id="MsgOperation" >
<DocumentSearch xmlns="http://www.ros.ie/schemas/inbox/" />
</soap:Body>
</soap:Envelope>

The two IDs = MsgOperation and MsgBody need to be signed, and they both must
not have any prefixes?

Would your suggested approach work in this case?

Thanks...

"Lucien" <*lucien*@MicrosoftAccount.com> wrote in message
news:e1UDl3qaEHA.2388@TK2MSFTNGP11.phx.gbl...
> Of course you can set the namespace for the header Id attribute yourself
but
> not Id attributes created by WSE 2.0.
> However using the old utility namespace would cause WSE 2.0 not to find
this
> attribute and it would fail unless you use no namespace at all for this
> attribute.
>
> Actually if you would add a second Id attribute with your namespace for
that
> header it should work (provided you're not signing any other elements that
> also need to be changed this way).
>
>
> "Stewart Bourke" <stewartbourke_nospam_at_eircom_dotnet> wrote in message
> news:%23ut8J$paEHA.2844@TK2MSFTNGP12.phx.gbl...
> > The namespace change is actually my problem here - can I use the old
wse1
> > namespaces in wse2?
> >
> > Thanks,
> >
> > Stewart Bourke
> >
> > "Lucien" <*lucien*@MicrosoftAccount.com> wrote in message
> > news:%238SQIdoaEHA.1652@TK2MSFTNGP09.phx.gbl...
> > > Sorry wasn't aware this was V1.0. I think this was a change in v2 to
> > default
> > > to unqualified attribute if Id is not found.
> > >
> > > The namespace changed for wsu to
> > >
> >
>
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1
.0.xsd
> > > (not for the CanonicalizationMethod).
> > >
> > >
> > > "Stewart Bourke" <stewartbourke_nospam_at_eircom_dotnet> wrote in
> message
> > > news:O$q5E4naEHA.3016@tk2msftngp13.phx.gbl...
> > > > Lucien,
> > > >
> > > > I tried leaving out the NS and I gat a 'malformed reference' when
> trying
> > > to
> > > > sign.
> > > >
> > > > 1. I am using wse1 - did you try this in wse1 or 2?
> > > >
> > > > 2. The reason I want to stay with wse1 is the security namespaces I
> > need
> > > to
> > > > refer to - dy you know if it is, for example,
> > > > xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility" and
> > > > <CanonicalizationMethod
> > > Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
> > > > /> etc..
> > > >
> > > > Is this possible with wse2?
> > > >
> > > > Also, would it be possible to send you a mail directly, as I would
> like
> > to
> > > > have a very brief conversation offline?
> > > >
> > > > Thanks,
> > > >
> > > > Stewart Bourke = email: Stewart_at_eircom.net (replace _at_ with
@)
> > > >
> > > >
> > > >
> > > >
> > > > "Lucien" <*lucien*@MicrosoftAccount.com> wrote in message
> > > > news:OLhoKxfaEHA.1000@TK2MSFTNGP12.phx.gbl...
> > > > > I tried and it worked for me: the only change I made was to remove
> > > > namespace
> > > > > in the header definition:
> > > > >
> > > > > public class OrderTimeHeader :
> > System.Web.Services.Protocols.SoapHeader
> > > > > {
> > > > > [XmlAttribute("Id")]
> > > > > public String Id;
> > > > > ...
> > > > >
> > > > > I didn't change the client code:
> > > > > serviceProxy.OrderTimeHeaderValue = header;
> > > > > SignatureReference soapRef = new
> > > > > SignatureReference("#Id:05d2518d-d6db-481f-846d-2e8872b6e56d");
> > > > > soapRef.AddTransform(new XmlDsigExcC14NTransform());
> > > > > MessageSignature s = new MessageSignature( token );
> > > > > s.AddReference(soapRef);
> > > > > serviceProxy.RequestSoapContext.Security.Elements.Add( s );
> > > > > ...
> > > > >
> > > > > On the wire I did see now no namespace for the Id attribute.
> > > > >
> > > > >
> > > > > "Stewart Bourke" <stewartbourke_nospam_at_eircom_dotnet> wrote in
> > > message
> > > > > news:Ol37CIfaEHA.524@TK2MSFTNGP09.phx.gbl...
> > > > > > Unfortunately I get 'malformed reference' when I try to add the
> > > > attribute
> > > > > > without a namespace.
> > > > > >
> > > > > > Maybe I am misunderstanding what you are suggesting. What do
you
> > > mean
> > > > > > 'xmlns='''.. In the class defintion - in my proxy code?
> > > > > >
> > > > > > Thanks,
> > > > > >
> > > > > > Stewart Bourke
> > > > > >
> > > > > >
> > > > > > "Lucien" <*lucien*@MicrosoftAccount.com> wrote in message
> > > > > > news:u90MlseaEHA.2908@TK2MSFTNGP10.phx.gbl...
> > > > > > > Try without namespace. I think it still will locate it (if it
> > can't
> > > > find
> > > > > > > with namespace I believe it defaults to unqualified Id
> attribute).
> > > > > > > Another way is to use xmlns=""...
> > > > > > >
> > > > > > > "Stewart Bourke" <stewartbourke_nospam_at_eircom_dotnet> wrote
> in
> > > > > message
> > > > > > > news:ueNAc9CaEHA.3596@tk2msftngp13.phx.gbl...
> > > > > > > > I take it that this is not possible with wse...
> > > > > > > >
> > > > > > > > "Stewart Bourke" <stewartbourke_nospam_at_eircom_dotnet>
wrote
> > in
> > > > > > message
> > > > > > > > news:uKXJadZZEHA.2840@TK2MSFTNGP11.phx.gbl...
> > > > > > > > > wse 1.01, vs.net 2003 c#
> > > > > > > > >
> > > > > > > > > IS it possible to sign an element of a soap message using
an
> > Id
> > > > > > > attribute
> > > > > > > > > without prefixing the Id attribute with a namespace. wse
> > seems
> > > to
> > > > > > call
> > > > > > > > for
> > > > > > > > > a namespace referring to ws-utility, but I need to be able
> to
> > > sign
> > > > > the
> > > > > > > Id
> > > > > > > > > without the namespace - as the webservice I am consuming
> will
> > > not
> > > > > > accept
> > > > > > > > the
> > > > > > > > > Id with a NS prefix:
> > > > > > > > >
> > > > > > > > > Currently I have:
> > > > > > > > >
> > > > > > > > > <soap:Header>
> > > > > > > > > <Operation d3p1:Id="MsgOperation"
> > > > > > > > > xmlns:d3p1="http://schemas.xmlsoap.org/ws/2002/07/utility"
> > > > > > > > >
> > > xmlns="http://www.ros.ie/schemas/service/">Inbox/List</Operation>
> > > > > > > > > </soap:Header>
> > > > > > > > > <soap:Body wsu:Id="MsgBody"
> > > > > > > > > xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
> > > > > > > > > <DocumentSearch
> xmlns="http://www.ros.ie/schemas/inbox/"
> > > />
> > > > > > > > > </soap:Body>
> > > > > > > > >
> > > > > > > > > but I need:
> > > > > > > > >
> > > > > > > > > <soap:Header>
> > > > > > > > > <Operation Id="MsgOperation"
> > > > > > > > >
> > > xmlns="http://www.ros.ie/schemas/service/">Inbox/List</Operation>"
> > > > > > > > > </soap:Header>
> > > > > > > > > <soap:Body Id="MsgBody" >
> > > > > > > > > <DocumentSearch
> xmlns="http://www.ros.ie/schemas/inbox/"
> > > />
> > > > > > > > > </soap:Body>
> > > > > > > > >
> > > > > > > > > Thanks,
> > > > > > > > >
> > > > > > > > > Stewart Bourke
> > > > > > > > >
> > > > > > > > >
> > > > > > > >
> > > > > > > >
> > > > > > >
> > > > > > >
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

---

• Next message: casey chesnut: "ANN: WSE 2.0 from the Compact Framework"
• Previous message: morten: "Re: Calling an ASMX web service (with WSE 2.0) using SoapClient proxy"
• In reply to: Lucien: "Re: signing message element by id / no namespace"
• Next in thread: Lucien: "Re: signing message element by id / no namespace"
• Reply: Lucien: "Re: signing message element by id / no namespace"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Flat File Problem ... It was the namespace I was using to ... When I debug the orchestration the RecCount variable is null. ... Have you deployed the Biztalk Assembly that contains the property schema ... And you can promote properties from the Header into the message context, ... (microsoft.public.biztalk.general) Re: namespace and c++ headers in wince ... I have used an external header and cpp file which uses namespace std ... Namespaces are fine with the compiler and your code is ... (microsoft.public.windowsce.app.development) Re: location of using, include, and namespaces statement ... > directive now apply to the client's source file, too, if he ever ... > And would it help or hurt to put the 'using' directives inside ... your'e quite right - if namespace pollution is a concern [I suppose it ... > the header when you're not looking. ... (alt.comp.lang.learn.c-cpp) Re: Newbie and seventy-two-bie, please help. ... are using or bring the names into the global namespace. ... Prefer putting each declaration on its own line and adding a comment for ... definition goes into a header file called for example pool.h and rest goes ... mainalways returns an int. ... (alt.comp.lang.learn.c-cpp) Re: Visibility inside a colon definition ... That namespace can be in the same memory allocated ... SMUDGE bit means that the traditional four types of header ... ... (comp.lang.forth)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(17)