Re: Encrypt a UsernameToken Authenticated WSE Response

OK i got it :) Will make an articel about that soon

"AndiRudi" wrote:

> Thanks,
>
> meanwhile i tried the Examples in the WSE2 Documentation named "Encrypt (or
> Decrypt) a SOAP Message by Using a Username and Password". I send my Password
> hashed and also habe a working AuthenticateUser method overwritten und
> registered in web.config. But when I start my Client Application and call my
> HelloWorld() method i get an Exception... Mutable Security Token has to be
> added into the tokens collection. I even have no Trace thats a big problem.
> I've switched on the Trace in both projects and have set all Directory write
> accesses but there are still no trace files.
>
> Codes: (http://localhost/WSETest/service1.asmx and my client app is in
> wwroot/wseclient)
>
> client:
> WSEClient.localhost.Service1Wse proxy = new localhost.Service1Wse();
> UsernameToken userToken = new UsernameToken("Andreas",
> "test",PasswordOption.SendHashed);
> EncryptedData encrypt = new EncryptedData(userToken);
> proxy.RequestSoapContext.Security.Elements.Add(encrypt);
> proxy.RequestSoapContext.Security.Timestamp.TtlInSeconds = 300;
> MessageBox.Show(proxy.HelloWorld());
>
> clientpolicy:
> <?xml version="1.0" encoding="utf-8"?>
> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy";>
> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy";>
> <endpoint uri="http://localhost/WSETests/Service1.asmx";>
> <defaultOperation>
> <request policy="#policy-c0a22319-6b89-49ff-9b82-bdbac5f04618" />
> <response policy="" />
> <fault policy="" />
> </defaultOperation>
> </endpoint>
> </mappings>
> <policies
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
> <wsp:Policy wsu:Id="policy-c0a22319-6b89-49ff-9b82-bdbac5f04618"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";>
> <wssp:Confidentiality wsp:Usage="wsp:Required"
> xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext";>
> <wssp:KeyInfo>
> <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext";>
>
> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
> <wssp:Claims>
> <wssp:UsePassword Type="wssp:PasswordDigest"
> wsp:Usage="wsp:Required" />
> </wssp:Claims>
> </SecurityToken>
> </wssp:KeyInfo>
> <wssp:MessageParts
> Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>
> wsp:Body()
> </wssp:MessageParts>
> </wssp:Confidentiality>
> </wsp:Policy>
> </policies>
> </policyDocument>
>
> service:
> [WebMethod]
> public string HelloWorld()
> {
> //Get the current soap context
> SoapContext ctxt = RequestSoapContext.Current;
> if (ctxt == null) { return "Please format the request as a SOAP
> request and try again.";
> }
>
> //Iterate through all Security tokens
> foreach(SecurityToken tok in ctxt.Security.Tokens){
> if (tok is UsernameToken) {
> UsernameToken user = (UsernameToken)tok;
> return "Hello Authenticated user " + user.Username;
> }
> }
> return "Hello Liar";
> }
>
> ServicePolicy:
> <?xml version="1.0" encoding="utf-8"?>
> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy";>
> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy";>
> <endpoint uri="http://localhost/WSETests/Service1.asmx";>
> <defaultOperation>
> <request policy="#policy-c0a22319-6b89-49ff-9b82-bdbac5f04618" />
> <response policy="" />
> <fault policy="" />
> </defaultOperation>
> </endpoint>
> </mappings>
> <policies
> xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";>
> <wsp:Policy wsu:Id="policy-c0a22319-6b89-49ff-9b82-bdbac5f04618"
> xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy";
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing";>
> <wssp:Confidentiality wsp:Usage="wsp:Required"
> xmlns:wssp="http://schemas.xmlsoap.org/ws/2002/12/secext";>
> <wssp:KeyInfo>
> <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext";>
>
> <wssp:TokenType>http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#UsernameToken</wssp:TokenType>
> <wssp:Claims>
> <wssp:UsePassword Type="wssp:PasswordDigest"
> wsp:Usage="wsp:Required" />
> </wssp:Claims>
> </SecurityToken>
> </wssp:KeyInfo>
> <wssp:MessageParts
> Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part";>
> wsp:Body()
> </wssp:MessageParts>
> </wssp:Confidentiality>
> </wsp:Policy>
> </policies>
> </policyDocument>
>
> Maybe you or anyone see's the failure.
> Thanks, trying that for 3 days now...
>
>
>
>
> "casey chesnut" wrote:
>
> > you can encrypt with a UsernameToken too.
> > both the client and the server know the password,
> > so that is used to generate a key to encrypt with.
> >
> > on the client Request you add something like this line:
> > serviceProxy.RequestSoapContext.Security.Elements.Add(new
> > EncryptedData(token));
> >
> > the server Response adds something like this :
> > ResponseSoapContext.Current.Security.Tokens.Add(usernameToken);
> > ResponseSoapContext.Current.Security.Elements.Add(new
> > MessageSignature(usernameToken));
> > ResponseSoapContext.Current.Security.Elements.Add(new
> > EncryptedData(usernameToken));
> >
> > Thanks,
> > casey
> > http://www.brains-N-brawn.com
> >
> >
> > "AndiRudi" <AndiRudi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> > news:B7D49B82-C019-4262-BC3C-D8E3B97C8EB2@xxxxxxxxxxxxxxxx
> > > Is there any other possibility than x509 to enrcypt a Response. Something
> > > symmetic would be nice.
> >
> >
> >
.

Relevant Pages

  • Re: WSE 3.0 + UserNameToken without X.509 Cert/Kerberos + Signing + Encryption How?
    ... message security and thefore it does not encrypt the message. ... You need to combine this assertion with a secure transport like SSL if you ... between client and server using a UserNameToken that passes the UserName ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Encrypt a UsernameToken Authenticated WSE Response
    ... username and passwort und the data is symmetric encrypted, ... >> Decrypt) a SOAP Message by Using a Username and Password". ... But when I start my Client Application and call my ... >>> so that is used to generate a key to encrypt with. ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Encrypt a UsernameToken Authenticated WSE Response
    ... Decrypt) a SOAP Message by Using a Username and Password". ... hashed and also habe a working AuthenticateUser method overwritten und ... But when I start my Client Application and call my ... EncryptedData encrypt = new EncryptedData; ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Ordering of Signatures and Encryption
    ... the service to send back the Username token you might want to do it using a ... > we modifed the Policy Assertions to Encrypt the UsernameToken with X509 ... > 3) The UsernameToken will then be sent back from the Service to the client ...
    (microsoft.public.dotnet.framework.webservices.enhancements)
  • Re: Can web site data be protected from access by the webmasters?
    ... > little about web site design or internet security. ... > Canceling a contract can be an expensive hassle. ... > The client contacted me after the fact of contract signing. ... SSL does nothing but encrypt the stream ...
    (microsoft.public.sqlserver.security)
Loading