473,394 Members | 1,778 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,394 software developers and data experts.

Weblogic WebService and .NET Client: Interoper (with Security) issue

The issue involves the following technologies: -

1. .NET 2.0 Framework

2. WSE2.0 (WS-Security)

3. X.509 certificates

4. BEA Weblogic 8.1.5


The issue is as follows: -

We need to achieve interoperability between .NET and Java web services that implement WS-Security using X.509 certificates. The scenarios are: -

a. Java Weblogic Client (website) consuming a .NET Web Service
b. .NET Client (website) consuming a Java Weblogic Web Service

A. Java Weblogic Client consuming a .NET Web Service

The Java web service must implement security features – Signing, Encryption using X.509 certificates and must also use Username tokens for authentication.

Expected behavior: The client must send Signed and Encrypted soap Requests using X.509 certificates and must also attach the Username token.The Service processes the requests and sends the Response which is also signed and encrypted using X.509 certificates.

Behavior encountered: The .Net Web Service is unable to understand the Signed and Encrypted Request sent by the Java client.

The article Web Services Security Interoperability Using WSE 2.0 SP3 and WebLogic Workshop 8.1.4 talks about the Different EncryptedData element Types to be the reason for this: -

“The security policy for the Math service specifies that the Body of the message must be encrypted. This is designated in the policy file by the wsp:Body() message part selection function (used with the http://schemas.xmlsoap.org/2002/12/wsse#part dialect). Appendix II of the WS-PolicyAssertions specification indicates that wsp:Body identifies the "Body" of the message. Strictly speaking, what WebLogic is doing is encrypting the first child of the Body element (not the contents of the entire Body). In this particular case this is effectively the same as the .NET generated message. However, in the general case they are not equivalent (consider the case where the Body has multiple children). Since the WSE policy checker is looking for the contents of the entire body to be encrypted (as called for by WS-PolicyAssertions), the policy check fails.”

B. .NET Client consuming a Java Weblogic Web Service

The .NET web service must implement security features – Signing, Encryption using X.509 certificates and must also use Username tokens for authentication.

Expected behavior: The client must send Signed and Encrypted soap Requests using X.509 certificates and must also attach the Username token.The Service processes the requests and sends the Response which is also signed and encrypted using X.509 certificates.

Behavior encountered: The .NET client Signs and Encrypts the Request and attaches the Username Token and forwards the request to the Java Web Service. The Web Service is able to understand the Request and hence, processes the requests and sends the response back to the client after signing and encrypting the same. However, the client is unable to understand the response and gives an error as “The signature or decryption was invalid”.

(Note: - the same .NET client is able to understand the response from the Web Service incase we are not encrypting it at the web service)

The article Web Services Security Interoperability Using WSE 2.0 SP3 and WebLogic Workshop 8.1.4 talks about the Response Encryption Failure to be the reason for this: -

“The problem is that WebLogic encrypts the response in such a way that the WSE client can't properly decrypt it (and so it throws an exception). The problem is the reference to the key in the header. WSE's reference is an X.509 subject key identifier. The WebLogic reference is a KeyName. With this issue such as it is, it's impossible for a WebLogic Web service to encrypt a response message and have it processed by a WSE client.”

We are expecting any workaround for this issue.

Thanks in advance ....Kuldeep
Sep 15 '06 #1
1 3385
Hello Kuldeep, We are also facing the same issue and have found solutions for the problem. If so can you please let us know. It will be very helpful?
Jan 25 '07 #2

Sign in to post your reply or Sign up for a free account.

Similar topics

0
by: Per-Christian Engdal | last post by:
Hi, I have built a cocoon.war file, and deployed it on my BEA Weblogic 8.1 Sp2 (Windows 2000) installation. The deployment works without exceptions, but when I try to access cocoon through...
6
by: Davie | last post by:
I want to authorise a user of a web service by using the AuthHeaderValue for some reason I keep getting a null reference exception when I try to run the following code: It seems to work fine on a...
8
by: Topper | last post by:
Hello. I have simple web folders structure: -ROOT - BIN WebService.dll WebService.asmx I need to use my WebService.dll not in bin folder - for example, in ROOT. How do i this? How can i do...
18
by: A.M | last post by:
Hi, Is there any way to call a WSS web service method by using browser and see the XML result in browser as well? I have been told that there is query string syntax for calling...
7
by: Nalaka | last post by:
Hi, I created a sinple web service that returns a dataSet. Then I created a client program that uses this web service (that returns the Dataset). My question is, how did the client figure...
5
by: AliR | last post by:
Hi Everyone, I have a Visual C++ MFC program, and I am trying to use a webservice written in C#. When I add the webservice to my project using Add Web Reference the sproxy compiler complains...
5
by: | last post by:
Hi, How long do webservice objects live for? In particular, if i have static variables filled with data from a static constructor in a webservice, how long will that data persist? thxs
0
by: manauwaralam | last post by:
javax.naming.NameNotFoundException: While trying to lookup 'weblogic.jdbc.jts.vdmsPool' didn't find subcontext 'jdbc' Resolved weblogic; remaining name 'jdbc/jts/vdmsPool' at...
0
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
0
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
0
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
0
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
0
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.