Re: Help with Setting Policy Programmatically in WSE 3.0
- From: "Techno_Dex" <nospamchurst@xxxxxxxxxxxx>
- Date: Wed, 3 Jan 2007 17:19:41 -0600
This might help
// A policy is simply a collection of assertions,
// in this case there's only one.
Policy pPolicy = new Policy();
AuthorizationAssertion aaAuthAssertion = new AuthorizationAssertion();
MutualCertificate11Assertion mc11aCertAssertion = new
MutualCertificate11Assertion();
RequireActionHeaderAssertion rahaActionHeaderAssertion = new
RequireActionHeaderAssertion();
//mc11aCertAssertion.ClientX509TokenProvider = new
X509TokenProvider(StoreLocation.CurrentUser, StoreName.My, "<Base64 String
here>", X509FindType.FindBySubjectKeyIdentifier);
//mc11aCertAssertion.ServiceX509TokenProvider = new
X509TokenProvider(StoreLocation.CurrentUser, StoreName.AddressBook, "<Base64
String here>", X509FindType.FindBySubjectKeyIdentifier);
mc11aCertAssertion.ClientX509TokenProvider =
RetrieveTokenFromStore2("AddressBook", StoreLocation.CurrentUser,
"CN=WSE2QuickStartServer");
mc11aCertAssertion.ServiceX509TokenProvider = RetrieveTokenFromStore2("My",
StoreLocation.CurrentUser, "CN=WSE2QuickStartClient");
EndpointProtectionRequirements epr = mc11aCertAssertion.Protection;
// require signature and encryption for outgoing requests
epr.Request.SignatureOptions = SignatureOptions.IncludeAddressing |
SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody;
epr.Request.EncryptBody = true;
// require signature and encryption for incoming response
epr.Response.SignatureOptions = SignatureOptions.IncludeAddressing |
SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody;
epr.Response.EncryptBody = true;
// require signature only for incoming faults
epr.Fault.SignatureOptions = SignatureOptions.IncludeAddressing |
SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody;
epr.Fault.EncryptBody = false;
mc11aCertAssertion.EstablishSecurityContext = true;
mc11aCertAssertion.RenewExpiredSecurityContext = true;
mc11aCertAssertion.RequireSignatureConfirmation = true;
mc11aCertAssertion.MessageProtectionOrder =
MessageProtectionOrder.SignBeforeEncrypt;
//The default value is false
mc11aCertAssertion.RequireDerivedKeys = false;
//The default value is 5 min = 300 sec...
mc11aCertAssertion.TtlInSeconds = 300;
pPolicy.Assertions.Add(mc11aCertAssertion);
pPolicy.Assertions.Add(rahaActionHeaderAssertion);
serviceProxy.SetPolicy(pPolicy);
<garyrg9@xxxxxxxxx> wrote in message
news:1166645372.643779.41710@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The service is setting the policy with the config file.
The Client used to work when set with the config file. Now I am trying
to implement it with code.
/////////////////////////////////
//Test Set By Config THIS WORKED
// Set the ClientPolicy onto the proxy
//serviceProxy.SetPolicy("ClientPolicy");
/////////////////////////////////
//Test Set By Code DOES NOT WORK first error is that signature cannot
be nul
X509SecurityToken oX509CT = RetrieveTokenFromStore2("My",
StoreLocation.CurrentUser, "CN=WSE2QuickStartClient");
MessageSignature oSignature = new MessageSignature(oX509CT);
serviceProxy.RequestSoapContext.Security.Elements.Add(oSignature);
serviceProxy.SetClientCredential(oX509CT);
X509SecurityToken oX509CTS =
RetrieveTokenFromStore2("AddressBook", StoreLocation.CurrentUser,
"CN=WSE2QuickStartServer");
EncryptedData oEncryptedData = new EncryptedData(oX509CTS);
serviceProxy.RequestSoapContext.Security.Elements.Add(oEncryptedData);
serviceProxy.SetServiceCredential(oX509CTS);
// Create a new policy.
Policy oWebServiceClientPolicy = new Policy();
// Specify that the policy uses the MutualCertificate11 turnkey
security assertion.
MutualCertificate11Assertion oMCA = new
MutualCertificate11Assertion();
oMCA.EstablishSecurityContext = false;
oMCA.RenewExpiredSecurityContext = true;
oMCA.RequireSignatureConfirmation = true;
oMCA.MessageProtectionOrder =
MessageProtectionOrder.SignBeforeEncrypt;
oMCA.RequireDerivedKeys = false;
oMCA.TtlInSeconds = 300;
oMCA.Protection.Request.SignatureOptions =
SignatureOptions.IncludeAddressing
|
SignatureOptions.IncludeTimestamp
|
SignatureOptions.IncludeSoapBody;
oMCA.Protection.Request.EncryptBody = true;
oMCA.Protection.Response.SignatureOptions =
SignatureOptions.IncludeAddressing
|
SignatureOptions.IncludeTimestamp
|
SignatureOptions.IncludeSoapBody;
oMCA.Protection.Response.EncryptBody = true;
oWebServiceClientPolicy.Assertions.Add(oMCA);
// Apply the policy to the SOAP message exchange.
serviceProxy.SetPolicy(oWebServiceClientPolicy);
//End Test Set By Code
/////////////////////////////////
String[] symbols = {"FABRIKAM", "CONTOSO"};
StockQuote[] quotes =
serviceProxy.StockQuoteRequest(symbols);
I would appreciate any help!
Gary
.
- Prev by Date: WSE 2.0 w/ WS-Security 1.0 (AKA Mutual Certificate Authentication 1.0)
- Next by Date: Hosting a Web Service in a Windows Service
- Previous by thread: WSE 2.0 w/ WS-Security 1.0 (AKA Mutual Certificate Authentication 1.0)
- Next by thread: Hosting a Web Service in a Windows Service
- Index(es):
Relevant Pages
|
Loading
