Re: Encrypt a UsernameToken Authenticated WSE Response

---

• From: "AndiRudi" <AndiRudi@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 30 Mar 2005 13:31:10 -0800

---

Thanks,

meanwhile i tried the Examples in the WSE2 Documentation named "Encrypt (or
Decrypt) a SOAP Message by Using a Username and Password". I send my Password
hashed and also habe a working AuthenticateUser method overwritten und
registered in web.config. But when I start my Client Application and call my
HelloWorld() method i get an Exception... Mutable Security Token has to be
added into the tokens collection. I even have no Trace thats a big problem.
I've switched on the Trace in both projects and have set all Directory write
accesses but there are still no trace files.

Codes: (http://localhost/WSETest/service1.asmx and my client app is in
wwroot/wseclient)

client:
WSEClient.localhost.Service1Wse proxy = new localhost.Service1Wse();
UsernameToken userToken = new UsernameToken("Andreas",
"test",PasswordOption.SendHashed);
EncryptedData encrypt = new EncryptedData(userToken);
proxy.RequestSoapContext.Security.Elements.Add(encrypt);
proxy.RequestSoapContext.Security.Timestamp.TtlInSeconds = 300;
MessageBox.Show(proxy.HelloWorld());

clientpolicy:
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy";>
<mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy";>
<endpoint uri="http://localhost/WSETests/Service1.asmx";>
<defaultOperation>
<request policy="#policy-c0a22319-6b89-49ff-9b82-bdbac5f04618" />
<response policy="" />
<fault policy="" />
</defaultOperation>
</endpoint>
</mappings>
<policies
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsp:Policy wsu:Id="policy-c0a22319-6b89-49ff-9b82-bdbac5f04618"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";>
<wssp:Confidentiality wsp:Usage="wsp:Required"
xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext";>
<wssp:KeyInfo>
<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext";>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
<wssp:Claims>
<wssp:UsePassword Type="wssp:PasswordDigest"
wsp:Usage="wsp:Required" />
</wssp:Claims>
</SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>
wsp:Body()
</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
</policies>
</policyDocument>

service:
[WebMethod]
public string HelloWorld()
{
//Get the current soap context
SoapContext ctxt = RequestSoapContext.Current;
if (ctxt == null) { return "Please format the request as a SOAP
request and try again.";
}

//Iterate through all Security tokens
foreach(SecurityToken tok in ctxt.Security.Tokens){
if (tok is UsernameToken) {
UsernameToken user = (UsernameToken)tok;
return "Hello Authenticated user " + user.Username;
}
}
return "Hello Liar";
}

ServicePolicy:
<?xml version="1.0" encoding="utf-8"?>
<policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy";>
<mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy";>
<endpoint uri="http://localhost/WSETests/Service1.asmx";>
<defaultOperation>
<request policy="#policy-c0a22319-6b89-49ff-9b82-bdbac5f04618" />
<response policy="" />
<fault policy="" />
</defaultOperation>
</endpoint>
</mappings>
<policies
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
<wsp:Policy wsu:Id="policy-c0a22319-6b89-49ff-9b82-bdbac5f04618"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";>
<wssp:Confidentiality wsp:Usage="wsp:Required"
xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext";>
<wssp:KeyInfo>
<SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext";>

<wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
<wssp:Claims>
<wssp:UsePassword Type="wssp:PasswordDigest"
wsp:Usage="wsp:Required" />
</wssp:Claims>
</SecurityToken>
</wssp:KeyInfo>
<wssp:MessageParts
Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>
wsp:Body()
</wssp:MessageParts>
</wssp:Confidentiality>
</wsp:Policy>
</policies>
</policyDocument>

Maybe you or anyone see's the failure.
Thanks, trying that for 3 days now...




"casey chesnut" wrote:

> you can encrypt with a UsernameToken too.
> both the client and the server know the password,
> so that is used to generate a key to encrypt with.
>
> on the client Request you add something like this line:
> serviceProxy.RequestSoapContext.Security.Elements.Add(new
> EncryptedData(token));
>
> the server Response adds something like this :
> ResponseSoapContext.Current.Security.Tokens.Add(usernameToken);
> ResponseSoapContext.Current.Security.Elements.Add(new
> MessageSignature(usernameToken));
> ResponseSoapContext.Current.Security.Elements.Add(new
> EncryptedData(usernameToken));
>
> Thanks,
> casey
> http://www.brains-N-brawn.com
>
>
> "AndiRudi" <AndiRudi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:B7D49B82-C019-4262-BC3C-D8E3B97C8EB2@xxxxxxxxxxxxxxxx
> > Is there any other possibility than x509 to enrcypt a Response. Something
> > symmetic would be nice.
>
>
>
.

---

• Follow-Ups:
  • Re: Encrypt a UsernameToken Authenticated WSE Response
    • From: AndiRudi

• References:
  • Encrypt a UsernameToken Authenticated WSE Response
    • From: AndiRudi
  • Re: Encrypt a UsernameToken Authenticated WSE Response
    • From: casey chesnut

• Prev by Date: WSE2 TCP Transport replies using anonymous endpoint (backchannel?)
• Next by Date: Re: Encrypt a UsernameToken Authenticated WSE Response
• Previous by thread: Re: Encrypt a UsernameToken Authenticated WSE Response
• Next by thread: Re: Encrypt a UsernameToken Authenticated WSE Response
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: WSE 3.0 + UserNameToken without X.509 Cert/Kerberos + Signing + Encryption How? ... message security and thefore it does not encrypt the message. ... You need to combine this assertion with a secure transport like SSL if you ... between client and server using a UserNameToken that passes the UserName ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: Encrypt a UsernameToken Authenticated WSE Response ... username and passwort und the data is symmetric encrypted, ... >> Decrypt) a SOAP Message by Using a Username and Password". ... But when I start my Client Application and call my ... >>> so that is used to generate a key to encrypt with. ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: Encrypt a UsernameToken Authenticated WSE Response ... > Decrypt) a SOAP Message by Using a Username and Password". ... But when I start my Client Application and call my ... >> you can encrypt with a UsernameToken too. ... (microsoft.public.dotnet.framework.webservices.enhancements) Re: Strange Problem with Authentication Has anyone ever run across ... Thank you VERY VERY VERY Much for your Help Anthony. ... workgroup, or from another domain, or with a different account - for example ... You might try rejoining the client to the domain, ... Some Drives Map the one on the Main DC does not but promps for username ... (microsoft.public.windows.server.general) Re: Strange Problem with Authentication Has anyone ever run across ... No General client problems. ... Some Drives Map the one on the Main DC does not but promps for username ... on the Share permissions Administrators Full Control, ... Anthony, http://www.airdesk.com ... (microsoft.public.windows.server.general)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)