Re: WSE 2.0 security problem

From: Michael Rodriguez (mike__at__compeat_dot_com)
Date: 02/04/05

Next message: Dave: "illegal characters"
Previous message: Nicholas Paldino [.NET/C# MVP]: "Re: Dialog inside dialog...."
In reply to: Nicholas Paldino [.NET/C# MVP]: "Re: WSE 2.0 security problem"
Next in thread: William Stacey [MVP]: "Re: WSE 2.0 security problem"
Reply: William Stacey [MVP]: "Re: WSE 2.0 security problem"
Messages sorted by: [ date ] [ thread ]

Date: Fri, 4 Feb 2005 11:49:03 -0800

Nicholas,

Thanks for the quick response. I figured out what is was. I enabled
tracing in the web.config so I could see the SOAP responses. When I looked
at those, I saw the problem was a timeout error. I had set the TimeToLive to
2 minutes, and the computer I was sending the request from was 10 minutes
behind the Web server! All I had to do was sync the time and then it worked
fine.

Thanks,

Mike Rodriguez

"Nicholas Paldino [.NET/C# MVP]" wrote:

> Michael,
>
> Are you sure that you are signing the message? The code here just adds
> some authentication, but I see nothing that loads a digital certificate (is
> that what the MessageCertificate does?).
>
> Also, if you have a certificate loaded in a store on the machine that is
> doing the signing (your dev machine), then you have to make sure that
> certificate is installed on the other machine that you installed the proxy
> on.
>
> Hope this helps.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard.caspershouse.com
>
> "Michael Rodriguez" <mike__at__compeat_dot_com> wrote in message
> news:C57EC39E-645A-4A0B-B205-C7EC27E6C1C6@microsoft.com...
> >I have a web service that I am calling by digitally signing the message
> >with
> > WSE 2.0 SP2. It runs fine on my PC. I uploaded the WS to our server, and
> > if
> > I call that from my PC that also works fine.
> >
> > The problem comes in when I try to call the WS from another machine
> > besides
> > mine or the host server. When I do that, I get "An error was discovered
> > processing the <Security> header"...
> >
> > Is there something else I need to install on other machines to get my WSE
> > security working? I installed the WSE 2.0 runtime files, that didn't
> > help.
> > Any ideas?
> >
> > Here is the client code that calls the web service:
> >
> > public CateringWS.DataServWse GetProxy()
> > {
> > CateringWS.DataServWse proxy = new CateringWS.DataServWse();
> > proxy.Url = "http://my_ip_address_here/CateringWS/DataServ.asmx";
> >
> > // Get the SoapContext for the SOAP request that is being made to the
> > Web service
> > SoapContext reqCtx = proxy.RequestSoapContext;
> >
> > // Add the UsernameToken to the WS-Security SOAP header
> > /* Help File Excerpt: The password is never sent in any form in the
> > SOAP message,
> > * but WSE does use the password to sign the SOAP message.
> > * A recipient would then need to provide a password to WSE
> > * during the signature validation stage. */
> > UsernameToken tok = new UsernameToken("mike", "amanda1",
> > PasswordOption.SendNone);
> >
> > // set the TimeToLive to 2 minutes, to prevent anyone else from
> > replaying it
> > reqCtx.Security.Timestamp.TtlInSeconds = 120;
> >
> > // Digitally sign the SOAP request by using a user name and password.
> > reqCtx.Security.Tokens.Add(tok);
> > reqCtx.Security.Elements.Add(new MessageSignature(tok));
> > // reqCtx.Security.Elements.Add(new EncryptedData(tok));
> >
> > return proxy;
> > }
> >
> > public ChartOfAccountsInfo[] GetChartOfAccounts()
> > {
> > CateringWS.DataServWse proxy = GetProxy();
> > try
> > {
> > return proxy.GetChartOfAccounts();
> > }
> > catch (Exception ex)
> > {
> > throw new ApplicationException(ex.Message);
> > }
> > }
> >
> > TIA,
> >
> > Mike Rodriguez
> >
> > --
> > To understand recursion, we must first understand recursion.
>
>
>

Next message: Dave: "illegal characters"
Previous message: Nicholas Paldino [.NET/C# MVP]: "Re: Dialog inside dialog...."
In reply to: Nicholas Paldino [.NET/C# MVP]: "Re: WSE 2.0 security problem"
Next in thread: William Stacey [MVP]: "Re: WSE 2.0 security problem"
Reply: William Stacey [MVP]: "Re: WSE 2.0 security problem"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Programmatically Signing DLL
... Authenicode signing adds ~ 1 kbyte of data, it wouldn't be a big deal to ... > What kind of certificate do we need to buy to allow programmatic ... IE5+ can properly verify the validity of an Authenticode signature (build into ... As I mentioned before, the CAPICOM install is a no-brainer, fast install, no reboot ...
(microsoft.public.security)
Re: How to deploy real cert in packaged .exe (VS 2005, .net cf 2.0 sp2, WM 5.0)
... So I get a certificate from Verisign. ... Then I install it on my development computer? ... Or do I do the signing using the the tools they send me? ... I've used certificates for signing from Verisign. ...
(microsoft.public.dotnet.framework.compactframework)
Re: signers certificate is not valid for signing (VS2008 windows forms)
... to install a certificate? ... Yes, but with a cert they can trust your company if they want, preventing ... its not a 'real' certificate? ... Apparently I am being coerced into digitally signing applications. ...
(microsoft.public.dotnet.general)
Re: OWA and SSL Problems
... Install a copy of the signing CA's certificate in the Trusted Root Store. ... It's working, but I get the initial yes/no prompt for the certificate, then I log in, then I get the certificate prompt literally about 30 times. ...
(microsoft.public.exchange.clients)