473,889 Members | 1,426 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

(WS-Security): Soap Header and Security elements missing in the SoapRequest.

1 New Member
Hello,

I am creating a webservice that collects user information and stores it in a database. Since the user information contains sensitive data like SSN I am planning to use WS-Security (WSE 2.0) in my WebService to digitally sign and encrypt the data.

Here are the steps I followed to digitally sign the message:


1) I created a X.509 certificate using Certification Services in Windows Server 2003.

2) I installed the certificate on my development machine in 'Local Computer' Store and 'Current User' Store using MMC

3) Using X.509 Certification tool , I granted full control access to ASPNET machine account on the certificates.

4) I created a test WebService.

5) I created a client that sends in some test data to the Service. On the client side I retrieved the certificate from the 'Local Computer' store and used it to digitally sign the request.(Reques tSoapContext) .

6) On the Service side I implemented SoapExtension to trap the incoming XML (SoapRequest).

Client side code:

SoapContext context = proxy.RequestSo apContext;

X509Certificate Store store = X509Certificate Store.LocalMach ineStore(X509Ce rtificateStore. MyStore);
if(store.OpenRe ad())
{
X509Certificate Collection certs = store.FindCerti ficateByKeyIden tifier(Convert. FromBase64Strin g(keyIdentifier ));
if(certs.Count > 0)
{
X509SecurityTok en token = new X509SecurityTok en(certs[0]);
if(token != null)
{
context.Securit y.Tokens.Add(to ken);
context.Securit y.Elements.Add( new MessageSignatur e(token));
}
}
}

Response.Text = proxy.HelloWorl d("Hello World");


When I run the application, the client side seems to retrieve the certificate and add the appropriate objects to Tokens and Security collections of the RequestSoapCont ext.

But when I check the XML (SoapRequest) on the Services side using SoapExtension, I do not see the <Soap:Header> and <wsse:Securit y> elements in SoapRequest.

**** - Before DeSerialize: (SoapRequest) ****

<soap:Envelop e
xmlns:soap="htt p://schemas.xmlsoap .org/soap/envelope/"
xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:wsa="http ://schemas.xmlsoap .org/ws/2004/03/addressing"
xmlns:wsse="htt p://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http ://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<soap:Body wsu:Id="Id-bb057f21-19f8-4804-a49f-d952affa4020">
<HelloWorld xmlns="http://tempuri.org/">
<name>Hello World</name>
</HelloWorld>
</soap:Body>
</soap:Envelope>


I do not know what I am doing wrong. As far as I know when I add a 'MessageSignatu re' object to the 'Security' collection of RequestSoapCont ext a <Header> and <Security> element should be created and the digital signature of the message should be placed in that. I can see some wsu:Id="Id-bb057f21-19f8-4804-a49f-d952affa4020 in the message but I don't understand what that means.

Note:

1) I am retrieving the XML (SoapRequest) before DeSerialization on the Service side.
2) There is no problem on the Webservice response. The client receives a valid response and displays it on the form.

Any help would be greatly appreciated.

Thanks,
Sep 17 '07 #1
1 6100
kalasivakumar
1 New Member
Hi,

Create a Trace in Web.Config/App.config then you can see the full header in the inputTrace.webi nfo.

Use WSE Setting 2.0 to add it automatically.
<microsoft.web. services2>
<diagnostics>
<trace enabled="true" input="InputTra ce.webinfo" output="OutputT race.webinfo" />
</diagnostics>
</microsoft.web.s ervices2>


Siva


Hello,

I am creating a webservice that collects user information and stores it in a database. Since the user information contains sensitive data like SSN I am planning to use WS-Security (WSE 2.0) in my WebService to digitally sign and encrypt the data.

Here are the steps I followed to digitally sign the message:


1) I created a X.509 certificate using Certification Services in Windows Server 2003.

2) I installed the certificate on my development machine in 'Local Computer' Store and 'Current User' Store using MMC

3) Using X.509 Certification tool , I granted full control access to ASPNET machine account on the certificates.

4) I created a test WebService.

5) I created a client that sends in some test data to the Service. On the client side I retrieved the certificate from the 'Local Computer' store and used it to digitally sign the request.(Reques tSoapContext) .

6) On the Service side I implemented SoapExtension to trap the incoming XML (SoapRequest).

Client side code:

SoapContext context = proxy.RequestSo apContext;

X509Certificate Store store = X509Certificate Store.LocalMach ineStore(X509Ce rtificateStore. MyStore);
if(store.OpenRe ad())
{
X509Certificate Collection certs = store.FindCerti ficateByKeyIden tifier(Convert. FromBase64Strin g(keyIdentifier ));
if(certs.Count > 0)
{
X509SecurityTok en token = new X509SecurityTok en(certs[0]);
if(token != null)
{
context.Securit y.Tokens.Add(to ken);
context.Securit y.Elements.Add( new MessageSignatur e(token));
}
}
}

Response.Text = proxy.HelloWorl d("Hello World");


When I run the application, the client side seems to retrieve the certificate and add the appropriate objects to Tokens and Security collections of the RequestSoapCont ext.

But when I check the XML (SoapRequest) on the Services side using SoapExtension, I do not see the <Soap:Header> and <wsse:Securit y> elements in SoapRequest.

**** - Before DeSerialize: (SoapRequest) ****

<soap:Envelop e
xmlns:soap="htt p://schemas.xmlsoap .org/soap/envelope/"
xmlns:xsi="http ://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http ://www.w3.org/2001/XMLSchema"
xmlns:wsa="http ://schemas.xmlsoap .org/ws/2004/03/addressing"
xmlns:wsse="htt p://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http ://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

<soap:Body wsu:Id="Id-bb057f21-19f8-4804-a49f-d952affa4020">
<HelloWorld xmlns="http://tempuri.org/">
<name>Hello World</name>
</HelloWorld>
</soap:Body>
</soap:Envelope>


I do not know what I am doing wrong. As far as I know when I add a 'MessageSignatu re' object to the 'Security' collection of RequestSoapCont ext a <Header> and <Security> element should be created and the digital signature of the message should be placed in that. I can see some wsu:Id="Id-bb057f21-19f8-4804-a49f-d952affa4020 in the message but I don't understand what that means.

Note:

1) I am retrieving the XML (SoapRequest) before DeSerialization on the Service side.
2) There is no problem on the Webservice response. The client receives a valid response and displays it on the form.

Any help would be greatly appreciated.

Thanks,
Oct 3 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

6
20315
by: john deviney | last post by:
I have a C#/.Net 1.1 client talking to a Java based web service. I need to insert a soap header on the client side which is expected on the server side. Currently, the Java ws provider, Axis, does not support automatic wsdl generation of custom headers so the wsdl has no information regarding the required header. I've read through a lot of material and managed to get a workable solution but it is far from ideal. I created a new...
0
4675
by: Daniel Thune, MCSE | last post by:
I am having a problem with formatting a SOAP Header in a .Net client. The client calls a Java Axis 1.1 based web service. In order to authenticate the caller, the web service call is intercepted by another web service that validates a security token in the header. I have pasted my current SOAP message that my code sends as captured from a trace function that I added. Below that is a sample SOAP message that the developer of the web...
6
43083
by: Peter van der veen | last post by:
Hi I have the following problem. I'm calling a webservice from within a VB.net 2005 Windows program. For this i got a WSDL file and loaded that in VB. Until now i just call the webservice and everything works OK. Now i need to add an extra attribute/header element to the SOAP header before i contact the webservice.
4
2491
by: Joseph Geretz | last post by:
We use a Soap Header to pass a token class (m_Token) back and forth with authenticated session information. Given the following implementation for our Logout method, I vastly prefer to simply code m_Token = null in order to destroy the session token when the user logs out. However, I'm finding that setting class instance to null results in no header being sent back to the client, with the result that the client actually remains with an...
6
46816
by: John | last post by:
I'm trying to call a Webservice (Non-.NET) That requires the insertion of security credentials into the SOAP header. Up until know I've been creating Dynamic proxy classes to call web services and not been dealing with the inner workings of SOAP. Looks Like I need to learn a little about soap and Manually calling Web Services..... Any help will be very appreciated !!!
1
5115
by: dalh | last post by:
Hi all, I'm developing an asp.net app that connect to a webservice. - I've installed an P7k certificate in the IIS-website configuration. When running my code, I have following error: System.Web.Services.Protocols.SoapHeaderException: com.sun.xml.wss.XWSSecurityException: Message does not conform to configured policy : No Security Header found; nested exception is com.sun.xml.wss.XWSSecurityException:
0
1279
by: sskvp | last post by:
There are millions of samples in the internet explain how to insert a multi node SOAP Header. What I mean is that there are plenty of examples in the internet show how to do the following: <SOAP-ENV:Header> < Security > <Username>AUSER</Username> < Password >APassword</Password> </Security> </SOAP-ENV:Header> But what I want to do is ,
0
1362
by: sskvp | last post by:
There are millions of samples in the internet that explains how to insert a multi node SOAP Header. What I mean is that there are plenty of examples in the internet show how to do the following: <SOAP-ENV:Header> < Security > <Username>AUSER</Username> < Password >APassword</Password> </Security> </SOAP-ENV:Header>
0
2528
by: pcsharpuser | last post by:
I'm using webservices written in java from a C#.net application. For this I have referenced the Microsoft.Web.Services3 dll. I have added the username token to this using the below code. NewClass.NewClassServiceWse ws = new NewClass.NewClassServicewse(); Microsoft.Web.Services3.Security.Tokens.UsernameToken UToken = new Microsoft.Web.Services3.Security.Tokens.UsernameToken(UserName, UserPwd,...
0
9961
marktang
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
0
9805
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
11187
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10784
jinu1996
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
1
10887
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
0
9602
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
1
7991
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
1
4642
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
3
3252
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.