|
Usernametoken requirement in the policy file
Hi All,
I have three questions while trying WSSE with .NET web services, and i appreciate your help. 1). I want my web service to be configured to require usernametoken for authentication with a receive policy file. For signing and Encryption i am using X509 token and i am not using Usernametoken for this. i.e, I want to use usernametoken authentication with X509 signing and X509 encryption. I am not sure how to mention usernametoken requirment in the server side receive and client side policy files. I want my webservice to reject web requests if they are not coming with usernametokens for authentication. I don't want to do this within the code creating token on client and attaching to the soap header. 2). Also i want tweak signing and encryption for testing sake like changing the signed message in-between and see the webservice rejecting the request on integrity violation.I know someway using TCPMON and curious to know if there are any other simple way to do this. 3). And same way i want to tweak and test the encryption logic somehow. My policy file looks like following both on client side and server side. <?xml version="1.0" encoding="utf-8"?> <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy"> <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy"> <mapDefault policy="#policy-e0e72048-bd00-4d6a-a064-67746b005d74" /> </mappings> <policies xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <wsp:Policy wsu:Id="policy-e0e72048-bd00-4d6a-a064-67746b005d74" xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy"> <wsse:Integrity wsp:Usage="wsp:Required" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsse:TokenInfo> <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsse:TokenType>wsse:X509v3</wsse:TokenType> <wsse:Claims> <wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer </wsse:SubjectName> </wsse:Claims> </SecurityToken> </wsse:TokenInfo> <wsse:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess ageParts> </wsse:Integrity> <wsse:Confidentiality wsp:Usage="wsp:Required" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsse:KeyInfo> <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext"> <wsse:TokenType>wsse:X509v3</wsse:TokenType> <wsse:Claims> <wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer </wsse:SubjectName> </wsse:Claims> </SecurityToken> </wsse:KeyInfo> <wsse:MessageParts Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess ageParts> </wsse:Confidentiality> </wsp:Policy> </policies> </policyDocument> |
RE: Usernametoken requirement in the policy file
HI Nedu,
Thank you for using the community. As I understand, you want to enforce the Usernametoken required in the web service. Regarding the issue, we need to modify the policy configration file to achieve this. For detail information, you may refer to following article: Web Services Security Policy Language (WS-SecurityPolicy) http://msdn.microsoft.com/library/de...us/dnglobspec/ html/ws-securitypolicy.asp Web Services Policy Framework (WS-Policy) http://msdn.microsoft.com/library/de...us/dnglobspec/ html/ws-policy.asp New Technologies Help You Make Your Web Services More Secure http://msdn.microsoft.com/msdnmag/is...y/default.aspx Hope this help, Luke Microsoft Online Support Get Secure! www.microsoft.com/security (This posting is provided "AS IS", with no warranties, and confers no rights.) |
| All times are GMT. The time now is 03:17 PM. |
Powered by vBulletin®. Copyright ©2000 - 2013, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.