I have a web service that I am calling by digitally signing the message with
WSE 2.0 SP2. It runs fine on my PC. I uploaded the WS to our server, and if
I call that from my PC that also works fine.
The problem comes in when I try to call the WS from another machine besides
mine or the host server. When I do that, I get "An error was discovered
processing the <Security> header"...
Is there something else I need to install on other machines to get my WSE
security working? I installed the WSE 2.0 runtime files, that didn't help.
Any ideas?
Here is the client code that calls the web service:
public CateringWS.Data ServWse GetProxy()
{
CateringWS.Data ServWse proxy = new CateringWS.Data ServWse();
proxy.Url = "http://my_ip_address_h ere/CateringWS/DataServ.asmx";
// Get the SoapContext for the SOAP request that is being made to the
Web service
SoapContext reqCtx = proxy.RequestSo apContext;
// Add the UsernameToken to the WS-Security SOAP header
/* Help File Excerpt: The password is never sent in any form in the
SOAP message,
* but WSE does use the password to sign the SOAP message.
* A recipient would then need to provide a password to WSE
* during the signature validation stage. */
UsernameToken tok = new UsernameToken(" mike", "amanda1",
PasswordOption. SendNone);
// set the TimeToLive to 2 minutes, to prevent anyone else from
replaying it
reqCtx.Security .Timestamp.TtlI nSeconds = 120;
// Digitally sign the SOAP request by using a user name and password.
reqCtx.Security .Tokens.Add(tok );
reqCtx.Security .Elements.Add(n ew MessageSignatur e(tok));
// reqCtx.Security .Elements.Add(n ew EncryptedData(t ok));
return proxy;
}
public ChartOfAccounts Info[] GetChartOfAccou nts()
{
CateringWS.Data ServWse proxy = GetProxy();
try
{
return proxy.GetChartO fAccounts();
}
catch (Exception ex)
{
throw new ApplicationExce ption(ex.Messag e);
}
}
TIA,
Mike Rodriguez
--
To understand recursion, we must first understand recursion.
3  5771 
Michael,
Are you sure that you are signing the message? The code here just adds
some authentication, but I see nothing that loads a digital certificate (is
that what the MessageCertific ate does?).
Also, if you have a certificate loaded in a store on the machine that is
doing the signing (your dev machine), then you have to make sure that
certificate is installed on the other machine that you installed the proxy
on.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m
"Michael Rodriguez" <mike__at__comp eat_dot_com> wrote in message
news:C5******** *************** ***********@mic rosoft.com... I have a web service that I am calling by digitally signing the message
with
WSE 2.0 SP2. It runs fine on my PC. I uploaded the WS to our server, and
if
I call that from my PC that also works fine.
The problem comes in when I try to call the WS from another machine
besides
mine or the host server. When I do that, I get "An error was discovered
processing the <Security> header"...
Is there something else I need to install on other machines to get my WSE
security working? I installed the WSE 2.0 runtime files, that didn't
help.
Any ideas?
Here is the client code that calls the web service:
public CateringWS.Data ServWse GetProxy()
{
CateringWS.Data ServWse proxy = new CateringWS.Data ServWse();
proxy.Url = "http://my_ip_address_h ere/CateringWS/DataServ.asmx";
// Get the SoapContext for the SOAP request that is being made to the
Web service
SoapContext reqCtx = proxy.RequestSo apContext;
// Add the UsernameToken to the WS-Security SOAP header
/* Help File Excerpt: The password is never sent in any form in the
SOAP message,
* but WSE does use the password to sign the SOAP message.
* A recipient would then need to provide a password to WSE
* during the signature validation stage. */
UsernameToken tok = new UsernameToken(" mike", "amanda1",
PasswordOption. SendNone);
// set the TimeToLive to 2 minutes, to prevent anyone else from
replaying it
reqCtx.Security .Timestamp.TtlI nSeconds = 120;
// Digitally sign the SOAP request by using a user name and password.
reqCtx.Security .Tokens.Add(tok );
reqCtx.Security .Elements.Add(n ew MessageSignatur e(tok));
// reqCtx.Security .Elements.Add(n ew EncryptedData(t ok));
return proxy;
}
public ChartOfAccounts Info[] GetChartOfAccou nts()
{
CateringWS.Data ServWse proxy = GetProxy();
try
{
return proxy.GetChartO fAccounts();
}
catch (Exception ex)
{
throw new ApplicationExce ption(ex.Messag e);
}
}
TIA,
Mike Rodriguez
--
To understand recursion, we must first understand recursion.
Nicholas,
Thanks for the quick response. I figured out what is was. I enabled
tracing in the web.config so I could see the SOAP responses. When I looked
at those, I saw the problem was a timeout error. I had set the TimeToLive to
2 minutes, and the computer I was sending the request from was 10 minutes
behind the Web server! All I had to do was sync the time and then it worked
fine.
Thanks,
Mike Rodriguez
"Nicholas Paldino [.NET/C# MVP]" wrote: Michael,
Are you sure that you are signing the message? The code here just adds
some authentication, but I see nothing that loads a digital certificate (is
that what the MessageCertific ate does?).
Also, if you have a certificate loaded in a store on the machine that is
doing the signing (your dev machine), then you have to make sure that
certificate is installed on the other machine that you installed the proxy
on.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m
"Michael Rodriguez" <mike__at__comp eat_dot_com> wrote in message
news:C5******** *************** ***********@mic rosoft.com...I have a web service that I am calling by digitally signing the message
with
WSE 2.0 SP2. It runs fine on my PC. I uploaded the WS to our server, and
if
I call that from my PC that also works fine.
The problem comes in when I try to call the WS from another machine
besides
mine or the host server. When I do that, I get "An error was discovered
processing the <Security> header"...
Is there something else I need to install on other machines to get my WSE
security working? I installed the WSE 2.0 runtime files, that didn't
help.
Any ideas?
Here is the client code that calls the web service:
public CateringWS.Data ServWse GetProxy()
{
CateringWS.Data ServWse proxy = new CateringWS.Data ServWse();
proxy.Url = "http://my_ip_address_h ere/CateringWS/DataServ.asmx";
// Get the SoapContext for the SOAP request that is being made to the
Web service
SoapContext reqCtx = proxy.RequestSo apContext;
// Add the UsernameToken to the WS-Security SOAP header
/* Help File Excerpt: The password is never sent in any form in the
SOAP message,
* but WSE does use the password to sign the SOAP message.
* A recipient would then need to provide a password to WSE
* during the signature validation stage. */
UsernameToken tok = new UsernameToken(" mike", "amanda1",
PasswordOption. SendNone);
// set the TimeToLive to 2 minutes, to prevent anyone else from
replaying it
reqCtx.Security .Timestamp.TtlI nSeconds = 120;
// Digitally sign the SOAP request by using a user name and password.
reqCtx.Security .Tokens.Add(tok );
reqCtx.Security .Elements.Add(n ew MessageSignatur e(tok));
// reqCtx.Security .Elements.Add(n ew EncryptedData(t ok));
return proxy;
}
public ChartOfAccounts Info[] GetChartOfAccou nts()
{
CateringWS.Data ServWse proxy = GetProxy();
try
{
return proxy.GetChartO fAccounts();
}
catch (Exception ex)
{
throw new ApplicationExce ption(ex.Messag e);
}
}
TIA,
Mike Rodriguez
--
To understand recursion, we must first understand recursion.
The one problem you still have is signing the message with the user token.
This is *not secure in the least. That password would be cracked in a few
seconds off the wire - *even if you use SendNone. Hacker just does the
dictionary attack on the signature. UsernameTokens should only be sent if
they are encrypted first - either inside an SSL session or using a
SecurityContext Token. If you use a SCT, then you don't need to send the UT
anyway. So I would use only SCTs and require on the server each message is
at *least signed with an *authenticated SCT (or a token derived from an
authenticated SCT).
See:
http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPv DxLKC6rAAhLsQ!3 03.entry
http://spaces.msn.com/members/staceyw/Blog/cns!1pnsZpX0fPv DxLKC6rAAhLsQ!2 68.entry http://msdn.microsoft.com/webservice...rnametoken.asp
--
William Stacey, MVP http://mvp.support.microsoft.com
"Michael Rodriguez" <mike__at__comp eat_dot_com> wrote in message
news:67******** *************** ***********@mic rosoft.com... Nicholas,
Thanks for the quick response. I figured out what is was. I enabled
tracing in the web.config so I could see the SOAP responses. When I
looked at those, I saw the problem was a timeout error. I had set the TimeToLive
to 2 minutes, and the computer I was sending the request from was 10 minutes
behind the Web server! All I had to do was sync the time and then it
worked fine.
Thanks,
Mike Rodriguez
"Nicholas Paldino [.NET/C# MVP]" wrote:
Michael,
Are you sure that you are signing the message? The code here just
adds some authentication, but I see nothing that loads a digital certificate
(is that what the MessageCertific ate does?).
Also, if you have a certificate loaded in a store on the machine
that is doing the signing (your dev machine), then you have to make sure that
certificate is installed on the other machine that you installed the
proxy on.
Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard. caspershouse.co m
"Michael Rodriguez" <mike__at__comp eat_dot_com> wrote in message
news:C5******** *************** ***********@mic rosoft.com...I have a web service that I am calling by digitally signing the message
with
WSE 2.0 SP2. It runs fine on my PC. I uploaded the WS to our server,
and if
I call that from my PC that also works fine.
The problem comes in when I try to call the WS from another machine
besides
mine or the host server. When I do that, I get "An error was
discovered processing the <Security> header"...
Is there something else I need to install on other machines to get my
WSE security working? I installed the WSE 2.0 runtime files, that didn't
help.
Any ideas?
Here is the client code that calls the web service:
public CateringWS.Data ServWse GetProxy()
{
CateringWS.Data ServWse proxy = new CateringWS.Data ServWse();
proxy.Url = "http://my_ip_address_h ere/CateringWS/DataServ.asmx";
// Get the SoapContext for the SOAP request that is being made to
the Web service
SoapContext reqCtx = proxy.RequestSo apContext;
// Add the UsernameToken to the WS-Security SOAP header
/* Help File Excerpt: The password is never sent in any form in
the SOAP message,
* but WSE does use the password to sign the SOAP message.
* A recipient would then need to provide a password to WSE
* during the signature validation stage. */
UsernameToken tok = new UsernameToken(" mike", "amanda1",
PasswordOption. SendNone);
// set the TimeToLive to 2 minutes, to prevent anyone else from
replaying it
reqCtx.Security .Timestamp.TtlI nSeconds = 120;
// Digitally sign the SOAP request by using a user name and
password. reqCtx.Security .Tokens.Add(tok );
reqCtx.Security .Elements.Add(n ew MessageSignatur e(tok));
// reqCtx.Security .Elements.Add(n ew EncryptedData(t ok));
return proxy;
}
public ChartOfAccounts Info[] GetChartOfAccou nts()
{
CateringWS.Data ServWse proxy = GetProxy();
try
{
return proxy.GetChartO fAccounts();
}
catch (Exception ex)
{
throw new ApplicationExce ption(ex.Messag e);
}
}
TIA,
Mike Rodriguez
--
To understand recursion, we must first understand recursion.
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: grahamd |
last post by:
Who are the appropriate people to report security problems to
in respect of a module included with the Python distribution?
I don't feel it appropriate to be reporting it on general mailing
lists.
|
by: Alistair |
last post by:
hello again oh knowledgable ones
Today I took the plunge (more like a hell-hole dive) and upgraded to windows
XP Pro..
and as I expected things are slightly different...
what I didn't expect was for things to be so damn complicated!!
I'm having trouble with my local DB sites. I keep getting "the file is read
|
by: craig |
last post by:
I am working on my first .NET development project that involves custom
role-based security per the project requirements. This lead to a general
design issue this week that really caused us some concern. I have described
the situation below because we are very curious to see what other, more
experienced, developers might suggest. The specific...
|
by: A.M. |
last post by:
Hi at all,
how can I do to insert into a HTML page a file .txt stored in the same
directory of the server where is the html file that must display the text
file.txt?
Thank you very much
P.Pietro
|
by: Mike MacSween |
last post by:
S**t for brains strikes again!
Why did I do that? When I met the clients and at some point they vaguely
asked whether eventually would it be possible to have some people who could
read the data and some who couldn't but that it wasn't important right now.
And I said, 'sure, we can do that later'.
So now I've developed an app without any...
| | |
by: Chua Wen Ching |
last post by:
Hi there,
I had applied this security permissions in my class library based on fxcop
standards.
Before namespace:
using System.Runtime.InteropServices;
using System.Security.Permissions;
|
by: Earl Teigrob |
last post by:
Background:
When I create a ASP.NET control (User or custom), it often requires security to be set for certain functionality with the control. For example, a news release user control that is comprised of a DataGrid may have separate permissions for adding, deleting and updating a news item.
Problem
Up until now, I have been implementing...
|
by: Norsoft |
last post by:
I have a .Net 1.1 application which is downloaded into an aspx page. It is a
dll which inherits from System.Windows.Forms.UserControl. It works fine on a
PC with only the 1.1 Framework. However, the control will not load on a PC
with the 2.0 Framework installed. I know that IE will use the newest
framework so I assume it is a security issue.
...
|
by: Jay C. |
last post by:
Jay
3 Jan. 11:38 Optionen anzeigen
Newsgroups: microsoft.public.dotnet.framework.webservices.enhancements
Von: "Jay" <p.brunm...@nusurf.at> - Nachrichten dieses Autors suchen
Datum: 3 Jan 2006 02:38:30 -0800
Lokal: Di 3 Jan. 2006 11:38
Betreff: Referenced security token could not be retrieved
Antworten | Antwort an Autor | Weiterleiten...
|
by: =?Utf-8?B?TWFuanJlZSBHYXJn?= |
last post by:
Hi,
I created a web service and hosted it in Windows Services. It is working
fine. Now I am trying to implement the X509 certificates for message layer
security. But it is throwing the following exception:
An unhandled exception of type
'System.ServiceModel.Security.SecurityNegotiationException' occurred in
mscorlib.dll
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it. ...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert...
| | |
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
| |
