By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,825 Members | 1,697 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,825 IT Pros & Developers. It's quick & easy.

Microsoft Webservice Security Problem

P: n/a
Hello,
I am trying to secure a webservice using WSE 3.0 and the turnkey
usernameForCertificateSecurity profile. I am passing a valid username
token, and on the server I have overridden the Authenticate token
call
and it is being called. My ASP.NET service has a Login() method and
it is being called during client application startup. Both the client
and service have matching policy config files. Once authentication
occurs I want to obtain a SCT to use as a session token.

But the first call returns with an exception although it successfully
returns from the Login() call.
I get a "ResponseProcessingException" on the client when calling my
Login() method.
It has the following inner exception:
InnerException {"WSE2005: Protection requirements in
UsernameForCertificateAssertion are not satisfied."}
The strange thing is that there is no further information on the
above
exceptions. What requirements are not being met?

If I drill down into the exception stack I do see a
GenericParameterAttribute and
GenericParameterPosition exception, they both throw a
System.InvalidException on the parameters to
ClientInputFilter.ValidateMessageSecurity(). But this is deep within
WSE and out of my control.

I originally thought this may be a library mismatch with the parameter
types but I have
successfully ran the WSE 3.0 sample applications that should be using
the same libraries. What could possibly alter the parameters to this
call? The only real difference is in the "real" webservice I am
trying
to call versus the "sample" webservice that works.

Also note that the "real" webservice project was created prior to
adding WSE support to it. Perhaps there is a step missing in this
scenario?
I have tracing turned on and here are the results of a single call to
my Login() method:

OutputTrace.webinfo:
xml version="1.0" encoding="utf-8"?>
<log>
<outputMessage utc="10/29/2008 1:38:38 AM"
messageId="urn:uuid:d07b96ee-9882-4303-8d17-3996e928e364">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Body>
<LoginResponse xmlns="http://localhost/
NetTiersPayrollWebServices">
<LoginResult>Pass</LoginResult>
</LoginResponse>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Processed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>http://localhost/NetTiersPayrollWebServices/
LoginResponse</wsa:Action>
<wsa:MessageID>urn:uuid:d07b96ee-9882-4303-8d17-3996e928e364</
wsa:MessageID>
<wsa:RelatesTo>urn:uuid:55cc02b2-
b8e4-4ecc-973f-64fa047abdcc</wsa:RelatesTo>
<wsa:To>http://schemas.xmlsoap.org/ws/2004/08/addressing/
role/anonymous</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-
b96e5653-4fc6-4f6d-944a-0984d06c49d6">
<wsu:Created>2008-10-29T01:38:38Z</wsu:Created>
<wsu:Expires>2008-10-29T01:53:38Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<LoginResponse xmlns="http://localhost/
NetTiersPayrollWebServices">
<LoginResult>Pass</LoginResult>
</LoginResponse>
</soap:Body>
</soap:Envelope>
</processingStep>
</outputMessage>
</log>
************************************************** **************************
****************************************
InputTrace.webinfo
<?xml version="1.0" encoding="utf-8"?>
<log>
<inputMessage utc="10/29/2008 1:38:09 AM" messageId="urn:uuid:
55cc02b2-b8e4-4ecc-973f-64fa047abdcc">
<processingStep description="Unprocessed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-68723008-2e19-429f-90cc-
b60854083f76">http://localhost/NetTiersPayrollWebServices/Login</
wsa:Action>
<wsa:MessageID wsu:Id="Id-8a252441-
bfb4-404a-89fe-436f5e7baa83">urn:uuid:55cc02b2-
b8e4-4ecc-973f-64fa047abdcc</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-f8dac67d-9ed9-4a7a-
ba68-15843d3ac661">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/
addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-4b502a5c-8b18-4bc9-
bca8-1c6f8713810d">http://localhost/NetTiersPayrollWebServices/
EasePayrollServices.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp wsu:Id="Timestamp-6e434b43-
cbc2-4d8b-8d09-1597b9e46f63">
<wsu:Created>2008-10-29T01:37:40Z</wsu:Created>
<wsu:Expires>2008-10-29T01:42:40Z</wsu:Expires>
</wsu:Timestamp>
<xenc:EncryptedKey Id="SecurityToken-6783d606-38ad-4895-
a83f-40054c4e47e8" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/
2001/04/xmlenc#rsa-oaep-mgf1p">
<ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/
xmldsig#" Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
</xenc:EncryptionMethod>
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:KeyIdentifier ValueType="http://docs.oasis-
open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-
soap-message-
security-1.0#Base64Binary">bOSPmOcGQlCm8L0A110A1piq5ss=</
wsse:KeyIdentifier>
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>p42Ckf
+vVhlF5S0rnFd9FnxeCJ2d9kOu9xucKaTFrTYVdTjQoIz3ycZh MgiukywOPvZqcgp17B1IBRCId*
neFRdvhPOn7gletDs8j63BujYtoeEoydmB89CdBIDrn5mBLC4x f2+sub8+nOfMo4X700HDnwfE6*
zTxSUsGar1NebtE=</
xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedKey>
<wssc:DerivedKeyToken
wsu:Id="SecurityToken-78c6f480-4f00-4a55-ab2b-7578d1393ff7"
Algorithm="http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1"
xmlns:wssc="http://schemas.xmlsoap.org/ws/2005/02/sc">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-6783d606-38ad-4895-
a83f-40054c4e47e8" ValueType="http://docs.oasis-open.org/wss/oasis-
wss-
soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>32</wssc:Length>
<wssc:Label>WS-SecureConversationWS-
SecureConversation</
wssc:Label>
<wssc:Nonce>LRZoEDWOiuFaPEoEcNZkew==</wssc:Nonce>
</wssc:DerivedKeyToken>
<xenc:ReferenceList xmlns:xenc="http://www.w3.org/
2001/04/
xmlenc#">
<xenc:DataReference
URI="#Enc-43bf8398-6a11-44a5-9f4b-4ec86072f1a7" />
<xenc:DataReference
URI="#Enc-54b1428c-06dc-4026-9261-5f8e51887606" />
</xenc:ReferenceList>
<xenc:EncryptedData
Id="Enc-43bf8398-6a11-44a5-9f4b-4ec86072f1a7" Type="http://
www.w3.org/
2001/04/xmlenc#Element" xmlns:xenc="http://www.w3.org/2001/04/
xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/
2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-78c6f480-4f00-4a55-ab2b-7578d1393ff7"
ValueType="http://schemas.xmlsoap.org/ws/2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>yf2TTGTWpTzWf7uqJm7QT9OF/
mxe15V7xmjVqm9gkKMdIIyvPfSYJ+2ei/+DWMgdEGKiHpWc3dw7//
Zg6BXy2G8samYKoTx3EO0NaSkq17bQMhJm0/Z+bIEh6lJJX5rCNmeGRb+8CUN1wIhXe/
IH18cdlMd7UKnSXKIFaTonHBhwn92UDhFeDl8HF0lqmpzHqiRt tpHtMXwys3r5N
+ivoGq16eENuedETev6xaJx6tfaybglPafIwSgqTpJZYPaMrig NrRwhG8wCdD4V1s35ptFcTzEx*
peiOZn8KmL/
GMuJrJJshmzi1KxtI2HSHEOczMc7aR9vQZDHbyBm1HAgu9q970 l9TeDJ139rSTFUeIO7q97WpZp*
bFGtym5zP8tntkh19XlXOIJHDwVmzAnOnDVPQO0FnJr1PsvM5+ kEKIGNmOeFwaaWekcGd548UyA*
Azi0gjG8EPPk5jz4ENyPGua/
xMg+AXuTy8GVIkyaKCFt5UV
+g1h65+FovY5Qk4YM772ojNvQPUN2cf3NRKA3yIn4xgj3r0oI3 QpZRwiKovGPe5aOKyWKTqvwDo*
nWQ6I1RdlZn6n1dARU4D3jqKDrJh35ST0pYT5H80jn22TuQzvz 2xsnfWB9ejZcb03rqInnmumWT*
VkjDqgwCalHn9NRfLdq/
BIUDVCY+rIKPMRQrydidR/ZNnb8tOkFCtBb3awMiJ7G7fHh8twliDErGH8IPFbRMn5gW/
uHBzMmmi0t2x9j/nukUfF4PpCB
+0L09kSWtbYrpE0hIvc4oJzlQUNwF77UMaWwK1kwVqP0SN8yft VH83VJVwO9JAee4fsgS0xPmQp*
</
xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
<wssc:DerivedKeyToken wsu:Id="SecurityToken-c6292af7-
c89b-4c89-a45f-4a3e5dc36f8a" Algorithm="http://schemas.xmlsoap.org/
ws/
2005/02/sc/dk/p_sha1" xmlns:wssc="http://schemas.xmlsoap.org/ws/
2005/02/sc">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-6783d606-38ad-4895-
a83f-40054c4e47e8" ValueType="http://docs.oasis-open.org/wss/oasis-
wss-
soap-message-security-1.1#EncryptedKey" />
</wsse:SecurityTokenReference>
<wssc:Generation>0</wssc:Generation>
<wssc:Length>24</wssc:Length>
<wssc:Label>WS-SecureConversationWS-
SecureConversation</
wssc:Label>
<wssc:Nonce>sMBbG/szCbOaObxHATB5bA==</wssc:Nonce>
</wssc:DerivedKeyToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://
www.w3.org/2001/10/xml-exc-c14n#" xmlns:ds="http://www.w3.org/
2000/09/
xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/
2000/09/
xmldsig#hmac-sha1" />
<Reference URI="#SecurityToken-
ddbe03d7-4aef-46fe-97d5-7932b13e058f">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>umNbubjBpIc2DVgi2WZvhqwneko=</
DigestValue>
</Reference>
<Reference URI="#Id-68723008-2e19-429f-90cc-
b60854083f76">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>Y78aZjdWsViQl3v+akyPU9LBhzo=</
DigestValue>
</Reference>
<Reference URI="#Id-8a252441-
bfb4-404a-89fe-436f5e7baa83">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>whjNXB7TFArfY359/a4MuX80C9Y=</
DigestValue>
</Reference>
<Reference URI="#Id-f8dac67d-9ed9-4a7a-
ba68-15843d3ac661">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>wsHjgZEa4JyNvwgy34gP9AeBKu4=</
DigestValue>
</Reference>
<Reference URI="#Id-4b502a5c-8b18-4bc9-
bca8-1c6f8713810d">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>ASzsIfuwwRXTt/VWglZUOYpJQaA=</
DigestValue>
</Reference>
<Reference URI="#Timestamp-6e434b43-
cbc2-4d8b-8d09-1597b9e46f63">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>iuCJFGlTwKwNkURTuulrDqM7Mzs=</
DigestValue>
</Reference>
<Reference
URI="#Id-6b1345f0-29d1-4b7b-8848-2405ff747eb3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/
xml-exc-c14n#" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/
xmldsig#sha1" />
<DigestValue>osc5rYeQV3x611/OIGK2GxkaEgM=</
DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Ax8CX4YIdpxKeMa0bF4/KhxCWXw=</
SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-c6292af7-
c89b-4c89-a45f-4a3e5dc36f8a" ValueType="http://schemas.xmlsoap.org/
ws/
2005/02/sc/dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-6b1345f0-29d1-4b7b-8848-2405ff747eb3">
<xenc:EncryptedData
Id="Enc-54b1428c-06dc-4026-9261-5f8e51887606" Type="http://
www.w3.org/
2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/
xmlenc#">
<xenc:EncryptionMethod Algorithm="http://www.w3.org/
2001/04/xmlenc#aes256-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<wsse:SecurityTokenReference>
<wsse:Reference
URI="#SecurityToken-78c6f480-4f00-4a55-
ab2b-7578d1393ff7" ValueType="http://schemas.xmlsoap.org/ws/2005/02/
sc/
dk" />
</wsse:SecurityTokenReference>
</KeyInfo>
<xenc:CipherData>
<xenc:CipherValue>qSXdqTbXDVBeKxItQJRCwHVBWHflXz7Y wZwF
+bOlgK9rSSiWsMGy1pXKu1VmnLKRotEsaDdI0EZBt++YERpvK7 TWWsV78G6a
+0rvxVGqbXM=</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData>
</soap:Body>
</soap:Envelope>
</processingStep>
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Entering SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Exited SOAP filter
Microsoft.Web.Services3.Security.Wse2PipelinePolic y
+LegacyFilterWrapper" />
<processingStep description="Processed message">
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/
envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://
schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://
docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/
oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header />
<soap:Body wsu:Id="Id-6b1345f0-29d1-4b7b-8848-2405ff747eb3">
<Login xmlns="http://localhost/
NetTiersPayrollWebServices" /


</soap:Body>
</soap:Envelope>
</processingStep>
</inputMessage>
</log>

Does anything look out of place? I know it's hard to tell off hand,
but in the output trace file there is no SOAP fault or anything that
points a finger at the cause of this problem.
Any help will be greatly appreciated.
Thanks,
V. Grippi
Oct 29 '08 #1
Share this Question
Share on Google+
5 Replies


P: n/a
"VictorG" <gr**************@yahoo.comwrote in message
news:49**********************************@x1g2000p rh.googlegroups.com...
Hello,
I am trying to secure a webservice using WSE 3.0
....

Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer

Oct 29 '08 #2

P: n/a
On Oct 29, 1:40*pm, "John Saunders" <n...@dont.do.that.comwrote:
"VictorG" <grippiconsult...@yahoo.comwrote in message

news:49**********************************@x1g2000p rh.googlegroups.com...
Hello,
I am trying to secure a webservice using WSE 3.0

...

Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer

Thanks for the reply John.

How much refactoring is involved porting an existing ASP.NET Web
Service and client to WCF?

We are using NetTiers templates to auto generate the Web service
methods that are based on a SQL schema. I'm not sure if NetTiers
supports WCF.

-Victor
Oct 29 '08 #3

P: n/a
"VictorG" <gr**************@yahoo.comwrote in message
news:13**********************************@a29g2000 pra.googlegroups.com...
On Oct 29, 1:40 pm, "John Saunders" <n...@dont.do.that.comwrote:
>"VictorG" <grippiconsult...@yahoo.comwrote in message

news:49**********************************@x1g2000 prh.googlegroups.com...
Hello,
I am trying to secure a webservice using WSE 3.0

...

Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as
it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer


Thanks for the reply John.

How much refactoring is involved porting an existing ASP.NET Web
Service and client to WCF?

We are using NetTiers templates to auto generate the Web service
methods that are based on a SQL schema. I'm not sure if NetTiers
supports WCF.
Your first step, even if you don't move to WCF today, would be to make sure
that NetTiers supports WCF. It's been out for two years - they would have no
excuse for not supporting it by now.

If they don't support WCF, then the ease of porting would depend on how they
generate their code. If it's all monolithic classes, then you would have an
issue. If they generate separate classes for the resultsets, then you may be
able to reuse those, at least if you stick with the XML Serializer. Again,
depending on how they generate the code that accesses the database, you may
be able to reuse that as well.

But if you didn't know that WSE is long dead, you really need to ask
yourself why you didn't know that - and what else you might have missed in
the same way.

In a case like this, I often ask people if they think their competitors are
making the same mistakes.
--
John Saunders | MVP - Connected System Developer

Oct 29 '08 #4

P: n/a
On Oct 29, 2:43*pm, "John Saunders" <n...@dont.do.that.comwrote:
"VictorG" <grippiconsult...@yahoo.comwrote in message

news:13**********************************@a29g2000 pra.googlegroups.com...


On Oct 29, 1:40 pm, "John Saunders" <n...@dont.do.that.comwrote:
"VictorG" <grippiconsult...@yahoo.comwrote in message
>news:49**********************************@x1g2000 prh.googlegroups.com....
Hello,
I am trying to secure a webservice using WSE 3.0
...
Not an answer to your question, but I wanted to make sure: are you aware
that WSE is obsolete? It's not even supported in Visual Studio 2008, and
certainly not beyond. You might try using WCF to solve your problem, as
it
is the replacement for WSE.
--
John Saunders | MVP - Connected System Developer
Thanks for the reply John.
How much refactoring is involved porting an existing ASP.NET Web
Service and client to WCF?
We are using NetTiers templates to auto generate the Web service
methods that are based on a SQL schema. I'm not sure if NetTiers
supports WCF.

Your first step, even if you don't move to WCF today, would be to make sure
that NetTiers supports WCF. It's been out for two years - they would haveno
excuse for not supporting it by now.

If they don't support WCF, then the ease of porting would depend on how they
generate their code. If it's all monolithic classes, then you would have an
issue. If they generate separate classes for the resultsets, then you maybe
able to reuse those, at least if you stick with the XML Serializer. Again,
depending on how they generate the code that accesses the database, you may
be able to reuse that as well.

But if you didn't know that WSE is long dead, you really need to ask
yourself why you didn't know that - and what else you might have missed in
the same way.

In a case like this, I often ask people if they think their competitors are
making the same mistakes.
--
John Saunders | MVP - Connected System Developer- Hide quoted text -

- Show quoted text -

John,

Thanks again for your reply.

WCF is not an option for my project at this time. We have existing
NetTiers templates (CodeSmith generated) that we do not have time to
refactor. NetTiers does have a patch that will allow access to the
data layer through WCF, however it is not an option for us at this
time, and has not been fully released into their build. I was brought
in late in the game to add security, to this project, and although
this is not an optimal situation, either is security in general with
web services, (all of it was added after the fact)

Many like myself are starting to use WSE because it is still available
for download, is still on the MSDN, and in many articles on-line or
otherwise. Just do a search for securing web services or SOA security.
The other alternative is for me to "roll my own" and add a handler to
inject my own token in the SOAP header. (I may have to do this)

With that said, there must be a solution to add security to an
existing web services project using VS2008. I have been able to get
everything to work except for the exception in the first post. The WSE
3.0 quick start samples all work in VS2008, after conversion, so it
should be a viable solution.

This leaves me at the original question of what could cause a
GenericParameterAttribute and GenericParameterPosition exception, they
both throw a System.InvalidException on the parameters in the call to
ClientInputFilter.ValidateMessageSecurity().

Thanks,
Victor
Oct 30 '08 #5

P: n/a
"VictorG" <gr**************@yahoo.comwrote in message
news:ae**********************************@d36g2000 prf.googlegroups.com...
On Oct 29, 2:43 pm, "John Saunders" <n...@dont.do.that.comwrote:
>"VictorG" <grippiconsult...@yahoo.comwrote in message
....
Many like myself are starting to use WSE because it is still available
for download, is still on the MSDN, and in many articles on-line or
otherwise. Just do a search for securing web services or SOA security.
I hope this teaches you and many others a lesson about depending on Google
or the equivalent to make your decisions for you. There's all sorts of crap
that you will find in an Internet search. Just because you can find it
doesn't mean it's any good. It _could_ just mean that nobody has bothered to
remove the article. Search MSDN and you'll find some very old information -
I easily found stuff from 1998.

I have spoken to Microsoft about better adjusting the search on the MSDN
site to be more relevant. I gave them the specific example of searching for
"web service security". I intend to keep following up on that. This won't
help people who use a different search engine.
The other alternative is for me to "roll my own" and add a handler to
inject my own token in the SOAP header. (I may have to do this)

With that said, there must be a solution to add security to an
existing web services project using VS2008.
There is - use WCF or roll your own, or depend on SSL.

I characterize WSE as obsolete for this reason alone. If it has not been
updated to "WSE 3.1" to support Visual Studio 2008, then that should tell
you something very important about continuing to use WSE. BTW, have you seen
any hot fixes for WSE lately? I don't know anything official, but I'd be
surprised to learn that anything other than the most critical security bugs
would be fixed.
>I have been able to get
everything to work except for the exception in the first post. The WSE
3.0 quick start samples all work in VS2008, after conversion, so it
should be a viable solution.

This leaves me at the original question of what could cause a
GenericParameterAttribute and GenericParameterPosition exception, they
both throw a System.InvalidException on the parameters in the call to
ClientInputFilter.ValidateMessageSecurity().
I hope you find an answer. If you do, then please post it here so that
others who find this conversation in the future will benefit from it.

--
John Saunders | MVP - Connected System Developer

Oct 30 '08 #6

This discussion thread is closed

Replies have been disabled for this discussion.