Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > secure webservice

Reply
Thread Tools

secure webservice

 
 
=?Utf-8?B?cGF0cmlja2RyZA==?=
Guest
Posts: n/a
 
      08-07-2007
Hi everyone!

I have built a vb6 app that communicates with a web server to get data from
an webservice through the internet (not lan).

My question/problem is,
1) how could I make this webservice secure, so that only my vb6 app has
access to it and noone else?
Should I use WSE or WCF?
Well ok, but I have completely no idea on how to!

2) Should I enable ssl for this webservice, so that data is encrypted? How?

Please can somebody provide me with info/hints/tips/walkthrough on how to do
this?

Thanks in advance!
 
Reply With Quote
 
 
 
 
=?Utf-8?B?cGF0cmlja2RyZA==?=
Guest
Posts: n/a
 
      08-08-2007
first of all, thank you very much for the interest!

I have already done the following steps:
(using http://www.codeproject.com/soap/wsse...nametokens.asp as a
guide reference)

Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:



Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With


However I get either "access denied" (line:

.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

or access denied when trying to execute any method,

e.g. the following (test) one:



<WebMethod()> _
Public Function Hello() As String

' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If

' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"

End Function

Also, my customauthenticator class (referenced from the web service) is as
follows:



Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens

Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand )> _
Public Class CustomAuthenticator
Inherits UsernameTokenManager

' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String

If token Is Nothing Then
Throw New ArgumentNullException()
End If

' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If

End Function
End Class
End Namespace



I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!

(It's my first time writing a secure web service - newbie on the subject)


 
Reply With Quote
 
 
 
 
=?Utf-8?B?cGF0cmlja2RyZA==?=
Guest
Posts: n/a
 
      08-08-2007
I have already done the following steps:
(using http://www.codeproject.com/soap/wsse...nametokens.asp as a
guide reference)

Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:



Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With


However I get either "access denied" (line:

.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

or access denied when trying to execute any method,

e.g. the following (test) one:



<WebMethod()> _
Public Function Hello() As String

' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If

' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"

End Function

Also, my customauthenticator class (referenced from the web service) is as
follows:



Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens

Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand )> _
Public Class CustomAuthenticator
Inherits UsernameTokenManager

' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String

If token Is Nothing Then
Throw New ArgumentNullException()
End If

' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If

End Function
End Class
End Namespace



I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!

(It's my first time writing a secure web service - newbie on the subject)


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
Sharing Session state over secure / non-secure requests Daniel Malcolm ASP .Net 0 01-24-2005 04:45 PM
This page contains both secure and non secure items. A.M ASP .Net 5 06-08-2004 05:43 PM



Advertisments