472,802 Members | 1,406 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > microsoft webservice security problem

Join Bytes to post your question to a community of 472,802 software developers and data experts.

Microsoft Webservice Security Problem

Hello,
I am trying to secure a webservice using WSE 3.0 and the turnkey
usernameForCertificateSecurity profile. I am passing a valid username
token, and on the server I have overridden the Authenticate token
call
and it is being called. My ASP.NET service has a Login() method and
it is being called during client application startup. Both the client
and service have matching policy config files. Once authentication
occurs I want to obtain a SCT to use as a session token.

But the first call returns with an exception although it successfully
returns from the Login() call.
I get a "ResponseProcessingException" on the client when calling my
Login() method.
It has the following inner exception:
InnerException {"WSE2005: Protection requirements in
UsernameForCertificateAssertion are not satisfied."}
The strange thing is that there is no further information on the
above
exceptions. What requirements are not being met?

If I drill down into the exception stack I do see a
GenericParameterAttribute and
GenericParameterPosition exception, they both throw a
System.InvalidException on the parameters to
ClientInputFilter.ValidateMessageSecurity(). But this is deep within
WSE and out of my control.

I originally thought this may be a library mismatch with the parameter
types but I have
successfully ran the WSE 3.0 sample applications that should be using
the same libraries. What could possibly alter the parameters to this
call? The only real difference is in the "real" webservice I am
trying
to call versus the "sample" webservice that works.

Also note that the "real" webservice project was created prior to
adding WSE support to it. Perhaps there is a step missing in this
scenario?
I have tracing turned on and here are the results of a single call to
my Login() method:

OutputTrace.webinfo:
xml version="1.0" encoding="utf-8"?>
<log>
<outputMessage utc="10/29/2008 1:38:38 AM"
messageId="urn:uuid:d07b96ee-9882-4303-8d17-3996e928e364">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<LoginResponse xmlns="http://localhost/
NetTiersPayrollWebServices">
<LoginResult>Pass</LoginResult>
</LoginResponse>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Processed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://localhost/NetTiersPayrollWebServices/
LoginResponse</wsa:Action>
<wsa:MessageID>urn:uuid:d07b96ee-9882-4303-8d17-3996e928e364</
wsa:MessageID>
<wsa:RelatesTo>urn:uuid:55cc02b2-
b8e4-4ecc-973f-64fa047abdcc</wsa:RelatesTo>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/
role/anonymous</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-
b96e5653-4fc6-4f6d-944a-0984d06c49d6">
<wsu:Created>2008-10-29T01:38:38Z</wsu:Created>
<wsu:Expires>2008-10-29T01:53:38Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<LoginResponse xmlns="http://localhost/
NetTiersPayrollWebServices">
<LoginResult>Pass</LoginResult>
</LoginResponse>
</soap:Body>
</soap:Envelope>
</processingStep>
</outputMessage>
</log>
************************************************** **************************
****************************************
InputTrace.webinfo
<?xml version="1.0" encoding="utf-8"?>
<log>
<inputMessage utc="10/29/2008 1:38:09 AM" messageId="urn:uuid:
55cc02b2-b8e4-4ecc-973f-64fa047abdcc">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-68723008-2e19-429f-90cc-
b60854083f76">http://localhost/NetTiersPayrollWebServices/Login</
wsa:Action>
<wsa:MessageID wsu:Id="Id-8a252441-
bfb4-404a-89fe-436f5e7baa83">urn:uuid:55cc02b2-
b8e4-4ecc-973f-64fa047abdcc</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-f8dac67d-9ed9-4a7a-
ba68-15843d3ac661">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/
addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-4b502a5c-8b18-4bc9-
bca8-1c6f8713810d">http://localhost/NetTiersPayrollWebServices/
EasePayrollServices.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-6e434b43-
cbc2-4d8b-8d09-1597b9e46f63">
<wsu:Created>2008-10-29T01:37:40Z</wsu:Created>
<wsu:Expires>2008-10-29T01:42:40Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="SecurityToken-6783d606-38ad-4895-
a83f-40054c4e47e8" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/
2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/
xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-
open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-
soap-message-
security-1.0#Base64Binary">bOSPmOcGQlCm8L0A110A1piq5ss=</
wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>p42Ckf
+vVhlF5S0rnFd9FnxeCJ2d9kOu9xucKaTFrTYVdTjQoIz3ycZh MgiukywOPvZqcgp17B1IBRCId*
neFRdvhPOn7gletDs8j63BujYtoeEoydmB89CdBIDrn5mBLC4x f2+sub8+nOfMo4X700HDnwfE6*
zTxSUsGar1NebtE=</
xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<wssc:DerivedKeyToken
wsu:Id="SecurityToken-78c6f480-4f00-4a55-ab2b-7578d1393ff7"
Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1"
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-6783d606-38ad-4895-
a83f-40054c4e47e8" ValueType="http://docs.oasis-open.org/wss/oasis-
wss-
soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>32</wssc:Length>
<wssc:Label>WS-SecureConversationWS-
SecureConversation</
wssc:Label>
<wssc:Nonce>LRZoEDWOiuFaPEoEcNZkew==</wssc:Nonce>
</wssc:DerivedKeyToken>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/
2001/04/
xmlenc#">
<xenc:DataReference
URI="#Enc-43bf8398-6a11-44a5-9f4b-4ec86072f1a7" />
<xenc:DataReference
URI="#Enc-54b1428c-06dc-4026-9261-5f8e51887606" />
</xenc:ReferenceList>
<xenc:EncryptedData
Id="Enc-43bf8398-6a11-44a5-9f4b-4ec86072f1a7" Type="http://
www.w3.org/
2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/
xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/
2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-78c6f480-4f00-4a55-ab2b-7578d1393ff7"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>yf2TTGTWpTzWf7uqJm7QT9OF/
mxe15V7xmjVqm9gkKMdIIyvPfSYJ+2ei/+DWMgdEGKiHpWc3dw7//
Zg6BXy2G8samYKoTx3EO0NaSkq17bQMhJm0/Z+bIEh6lJJX5rCNmeGRb+8CUN1wIhXe/
IH18cdlMd7UKnSXKIFaTonHBhwn92UDhFeDl8HF0lqmpzHqiRt tpHtMXwys3r5N
+ivoGq16eENuedETev6xaJx6tfaybglPafIwSgqTpJZYPaMrig NrRwhG8wCdD4V1s35ptFcTzEx*
peiOZn8KmL/
GMuJrJJshmzi1KxtI2HSHEOczMc7aR9vQZDHbyBm1HAgu9q970 l9TeDJ139rSTFUeIO7q97WpZp*
bFGtym5zP8tntkh19XlXOIJHDwVmzAnOnDVPQO0FnJr1PsvM5+ kEKIGNmOeFwaaWekcGd548UyA*
Azi0gjG8EPPk5jz4ENyPGua/
xMg+AXuTy8GVIkyaKCFt5UV
+g1h65+FovY5Qk4YM772ojNvQPUN2cf3NRKA3yIn4xgj3r0oI3 QpZRwiKovGPe5aOKyWKTqvwDo*
nWQ6I1RdlZn6n1dARU4D3jqKDrJh35ST0pYT5H80jn22TuQzvz 2xsnfWB9ejZcb03rqInnmumWT*
VkjDqgwCalHn9NRfLdq/
BIUDVCY+rIKPMRQrydidR/ZNnb8tOkFCtBb3awMiJ7G7fHh8twliDErGH8IPFbRMn5gW/
uHBzMmmi0t2x9j/nukUfF4PpCB
+0L09kSWtbYrpE0hIvc4oJzlQUNwF77UMaWwK1kwVqP0SN8yft VH83VJVwO9JAee4fsgS0xPmQp*
</
xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<wssc:DerivedKeyToken wsu:Id="SecurityToken-c6292af7-
c89b-4c89-a45f-4a3e5dc36f8a" Algorithm="http://schemas.xmlsoap.org/
ws/
2005/02/sc/dk/p_sha1" xmlns:wssc="http://schemas.xmlsoap.org/ws/
2005/02/sc">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-6783d606-38ad-4895-
a83f-40054c4e47e8" ValueType="http://docs.oasis-open.org/wss/oasis-
wss-
soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>24</wssc:Length>
<wssc:Label>WS-SecureConversationWS-
SecureConversation</
wssc:Label>
<wssc:Nonce>sMBbG/szCbOaObxHATB5bA==</wssc:Nonce>
</wssc:DerivedKeyToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://
www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/
2000/09/
xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/
2000/09/
xmldsig#hmac-sha1" />
<Reference URI="#SecurityToken-
ddbe03d7-4aef-46fe-97d5-7932b13e058f">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>umNbubjBpIc2DVgi2WZvhqwneko=</
DigestValue>
</Reference>
<Reference URI="#Id-68723008-2e19-429f-90cc-
b60854083f76">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>Y78aZjdWsViQl3v+akyPU9LBhzo=</
DigestValue>
</Reference>
<Reference URI="#Id-8a252441-
bfb4-404a-89fe-436f5e7baa83">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>whjNXB7TFArfY359/a4MuX80C9Y=</
DigestValue>
</Reference>
<Reference URI="#Id-f8dac67d-9ed9-4a7a-
ba68-15843d3ac661">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>wsHjgZEa4JyNvwgy34gP9AeBKu4=</
DigestValue>
</Reference>
<Reference URI="#Id-4b502a5c-8b18-4bc9-
bca8-1c6f8713810d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>ASzsIfuwwRXTt/VWglZUOYpJQaA=</
DigestValue>
</Reference>
<Reference URI="#Timestamp-6e434b43-
cbc2-4d8b-8d09-1597b9e46f63">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>iuCJFGlTwKwNkURTuulrDqM7Mzs=</
DigestValue>
</Reference>
<Reference
URI="#Id-6b1345f0-29d1-4b7b-8848-2405ff747eb3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>osc5rYeQV3x611/OIGK2GxkaEgM=</
DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Ax8CX4YIdpxKeMa0bF4/KhxCWXw=</
SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c6292af7-
c89b-4c89-a45f-4a3e5dc36f8a" ValueType="http://schemas.xmlsoap.org/
ws/
2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-6b1345f0-29d1-4b7b-8848-2405ff747eb3">
<xenc:EncryptedData
Id="Enc-54b1428c-06dc-4026-9261-5f8e51887606" Type="http://
www.w3.org/
2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/
xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/
2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-78c6f480-4f00-4a55-
ab2b-7578d1393ff7" ValueType="http://schemas.xmlsoap.org/ws/2005/02/
sc/
dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>qSXdqTbXDVBeKxItQJRCwHVBWHflXz7Y wZwF
+bOlgK9rSSiWsMGy1pXKu1VmnLKRotEsaDdI0EZBt++YERpvK7 TWWsV78G6a
+0rvxVGqbXM=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Processed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header />
<soap:Body wsu:Id="Id-6b1345f0-29d1-4b7b-8848-2405ff747eb3">
<Login xmlns="http://localhost/
NetTiersPayrollWebServices" /


</soap:Body>
</soap:Envelope>
</processingStep>
</inputMessage>
</log>

Does anything look out of place? I know it's hard to tell off hand,
but in the output trace file there is no SOAP fault or anything that
points a finger at the cause of this problem.
Any help will be greatly appreciated.
Thanks,
V. Grippi
Oct 29 '08 #1
5 2677
"VictorG" <gr**************@yahoo.comwrote in message
news:49**********************************@x1g2000p rh.googlegroups.com...
Hello,
I am trying to secure a webservice using WSE 3.0
....

Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer

Oct 29 '08 #2
On Oct 29, 1:40*pm, "John Saunders" <n...@dont.do.that.comwrote:
"VictorG" <grippiconsult...@yahoo.comwrote in message

news:49**********************************@x1g2000p rh.googlegroups.com...
Hello,
I am trying to secure a webservice using WSE 3.0

...

Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer

Thanks for the reply John.

How much refactoring is involved porting an existing ASP.NET Web
Service and client to WCF?

We are using NetTiers templates to auto generate the Web service
methods that are based on a SQL schema. I'm not sure if NetTiers
supports WCF.

-Victor
Oct 29 '08 #3
"VictorG" <gr**************@yahoo.comwrote in message
news:13**********************************@a29g2000 pra.googlegroups.com...
On Oct 29, 1:40 pm, "John Saunders" <n...@dont.do.that.comwrote:
>"VictorG" <grippiconsult...@yahoo.comwrote in message

news:49**********************************@x1g2000 prh.googlegroups.com...
Hello,
I am trying to secure a webservice using WSE 3.0

...

Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as
it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer


Thanks for the reply John.

How much refactoring is involved porting an existing ASP.NET Web
Service and client to WCF?

We are using NetTiers templates to auto generate the Web service
methods that are based on a SQL schema. I'm not sure if NetTiers
supports WCF.
Your first step, even if you don't move to WCF today, would be to make sure
that NetTiers supports WCF. It's been out for two years - they would have no
excuse for not supporting it by now.

If they don't support WCF, then the ease of porting would depend on how they
generate their code. If it's all monolithic classes, then you would have an
issue. If they generate separate classes for the resultsets, then you may be
able to reuse those, at least if you stick with the XML Serializer. Again,
depending on how they generate the code that accesses the database, you may
be able to reuse that as well.

But if you didn't know that WSE is long dead, you really need to ask
yourself why you didn't know that - and what else you might have missed in
the same way.

In a case like this, I often ask people if they think their competitors are
making the same mistakes.
--
John Saunders | MVP - Connected System Developer

Oct 29 '08 #4
On Oct 29, 2:43*pm, "John Saunders" <n...@dont.do.that.comwrote:
"VictorG" <grippiconsult...@yahoo.comwrote in message

news:13**********************************@a29g2000 pra.googlegroups.com...


On Oct 29, 1:40 pm, "John Saunders" <n...@dont.do.that.comwrote:
"VictorG" <grippiconsult...@yahoo.comwrote in message
>news:49**********************************@x1g2000 prh.googlegroups.com....
Hello,
I am trying to secure a webservice using WSE 3.0
...
Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as
it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer
Thanks for the reply John.
How much refactoring is involved porting an existing ASP.NET Web
Service and client to WCF?
We are using NetTiers templates to auto generate the Web service
methods that are based on a SQL schema. I'm not sure if NetTiers
supports WCF.

Your first step, even if you don't move to WCF today, would be to make sure
that NetTiers supports WCF. It's been out for two years - they would haveno
excuse for not supporting it by now.

If they don't support WCF, then the ease of porting would depend on how they
generate their code. If it's all monolithic classes, then you would have an
issue. If they generate separate classes for the resultsets, then you maybe
able to reuse those, at least if you stick with the XML Serializer. Again,
depending on how they generate the code that accesses the database, you may
be able to reuse that as well.

But if you didn't know that WSE is long dead, you really need to ask
yourself why you didn't know that - and what else you might have missed in
the same way.

In a case like this, I often ask people if they think their competitors are
making the same mistakes.
--
John Saunders | MVP - Connected System Developer- Hide quoted text -

- Show quoted text -

John,

Thanks again for your reply.

WCF is not an option for my project at this time. We have existing
NetTiers templates (CodeSmith generated) that we do not have time to
refactor. NetTiers does have a patch that will allow access to the
data layer through WCF, however it is not an option for us at this
time, and has not been fully released into their build. I was brought
in late in the game to add security, to this project, and although
this is not an optimal situation, either is security in general with
web services, (all of it was added after the fact)

Many like myself are starting to use WSE because it is still available
for download, is still on the MSDN, and in many articles on-line or
otherwise. Just do a search for securing web services or SOA security.
The other alternative is for me to "roll my own" and add a handler to
inject my own token in the SOAP header. (I may have to do this)

With that said, there must be a solution to add security to an
existing web services project using VS2008. I have been able to get
everything to work except for the exception in the first post. The WSE
3.0 quick start samples all work in VS2008, after conversion, so it
should be a viable solution.

This leaves me at the original question of what could cause a
GenericParameterAttribute and GenericParameterPosition exception, they
both throw a System.InvalidException on the parameters in the call to
ClientInputFilter.ValidateMessageSecurity().

Thanks,
Victor
Oct 30 '08 #5
"VictorG" <gr**************@yahoo.comwrote in message
news:ae**********************************@d36g2000 prf.googlegroups.com...
On Oct 29, 2:43 pm, "John Saunders" <n...@dont.do.that.comwrote:
>"VictorG" <grippiconsult...@yahoo.comwrote in message
....
Many like myself are starting to use WSE because it is still available
for download, is still on the MSDN, and in many articles on-line or
otherwise. Just do a search for securing web services or SOA security.
I hope this teaches you and many others a lesson about depending on Google
or the equivalent to make your decisions for you. There's all sorts of crap
that you will find in an Internet search. Just because you can find it
doesn't mean it's any good. It _could_ just mean that nobody has bothered to
remove the article. Search MSDN and you'll find some very old information -
I easily found stuff from 1998.

I have spoken to Microsoft about better adjusting the search on the MSDN
site to be more relevant. I gave them the specific example of searching for
"web service security". I intend to keep following up on that. This won't
help people who use a different search engine.
The other alternative is for me to "roll my own" and add a handler to
inject my own token in the SOAP header. (I may have to do this)

With that said, there must be a solution to add security to an
existing web services project using VS2008.
There is - use WCF or roll your own, or depend on SSL.

I characterize WSE as obsolete for this reason alone. If it has not been
updated to "WSE 3.1" to support Visual Studio 2008, then that should tell
you something very important about continuing to use WSE. BTW, have you seen
any hot fixes for WSE lately? I don't know anything official, but I'd be
surprised to learn that anything other than the most critical security bugs
would be fixed.
>I have been able to get
everything to work except for the exception in the first post. The WSE
3.0 quick start samples all work in VS2008, after conversion, so it
should be a viable solution.

This leaves me at the original question of what could cause a
GenericParameterAttribute and GenericParameterPosition exception, they
both throw a System.InvalidException on the parameters in the call to
ClientInputFilter.ValidateMessageSecurity().
I hope you find an answer. If you do, then please post it here so that
others who find this conversation in the future will benefit from it.

--
John Saunders | MVP - Connected System Developer

Oct 30 '08 #6
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
2nd Repost: Problem Retrieving DataSet Returned By A WebService... anyone from Microsoft or anyone with solution?
by: Programatix | last post by:
Hi, I'm working on a project which includes WebServices and Windows Form application. The Windows Form application will call the WebServices to retrieve data from database. The data will be...
.NET Framework
4
Client side HttpRequest or Call WebService.
by: Rajesh.V | last post by:
I looked up the following.... 1. mshtml activex object which letts us do http request thru js. But the browser security has to be adjusted so not possible. 2. Htc behaviours enable calling...
ASP.NET
2
Determine which WebService class serves the request
by: Sergi Adamchuk | last post by:
I need determine which web service (class WebService or its inheritors) serveces current request (I need Type instance of class that serves request). For example you wrote your own WebService: ...
ASP.NET
3
problem Calling webservice from client side javascript
by: Merav Orion via .NET 247 | last post by:
I have a problem calling webservice from client side javascript. The javascript call the settimeout() method. when the user press submit button it ignore the press and keep refreshing the page. it...
.NET Framework
2
Microsoft webswervices : Office
by: Sonia | last post by:
Hi all, I have couple of questions on MS Webservices : Do they have some published webservices : Like a webservice to convert an excel or .mpp into xml ? If yes where to locate them and how...
.NET Framework
2
Webservice fails when called remotely, error in <Security> header
by: Naeem Sarfraz | last post by:
Any advice for the following situation? I've deployed my webservice on a remote server, e.g. http://mywebservice.co.uk/summary.asmx. The windows clients attempts to access this webservice and...
.NET Framework
4
consuming webservice trough proxy
by: Boni | last post by:
I want consuming a webserivce trough a proxy. I use this code. myService s = new myService (); System.Net.WebProxy proxyObject = new System.Net.WebProxy("http://proxyhost:8080"); s.Proxy =...
.NET Framework
0
HttpClientCertificate not available in webservice
by: Daniel Knöpfel | last post by:
Hi We have developed a webservice that was accessed by a fat windows client. A security requirement was that the client authenticates itself by using by providing a client certificate. The...
ASP.NET
0
WebService Setting Credentials
by: Bob1 | last post by:
Hi all, I have a situation where I have a client calling into a webservice. I am trying to change the security context of the client before I make the call to the webservice. I've got...
.NET Framework
0
linyimin
Speedup your spring application
by: linyimin | last post by:
Spring Startup Analyzer generates an interactive Spring application startup report that lets you understand what contributes to the application startup time and helps to optimize it. Support for...
General
0
Steps manually installing IntelliJ IDEA.
by: erikbower65 | last post by:
Here's a concise step-by-step guide for manually installing IntelliJ IDEA: 1. Download: Visit the official JetBrains website and download the IntelliJ IDEA Community or Ultimate edition based on...
General
2
isladogs
Access Europe meeting on Wed 6 Sept - Database Analyzer and other tools
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Sept 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
Microsoft Access / VBA
0
How to insert a new record in a database
by: Taofi | last post by:
I try to insert a new record but the error message says the number of query names and destination fields are not the same This are my field names ID, Budgeted, Actual, Status and Differences ...
DB2 Database
14
DJRhino1175
Cancel Print Action if Sub form has No Records
by: DJRhino1175 | last post by:
When I run this code I get an error, its Run-time error# 424 Object required...This is my first attempt at doing something like this. I test the entire code and it worked until I added this - If...
Microsoft Access / VBA
5
To verify entry of a dropdown
by: DJRhino | last post by:
Private Sub CboDrawingID_BeforeUpdate(Cancel As Integer) If = 310029923 Or 310030138 Or 310030152 Or 310030346 Or 310030348 Or _ 310030356 Or 310030359 Or 310030362 Or...
Microsoft Access / VBA
0
React to native button blinking effect
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
Software Development
0
How does React native implement an English player?
by: lllomh | last post by:
How does React native implement an English player?
Mobile Development
2
Windows 11 and Access Combo Box Issue
by: DJRhino | last post by:
Was curious if anyone else was having this same issue or not.... I was just Up/Down graded to windows 11 and now my access combo boxes are not acting right. With win 10 I could start typing...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!