secure webservice

Discussion in 'ASP .Net' started by =?Utf-8?B?cGF0cmlja2RyZA==?=, Aug 7, 2007.

  1. Hi everyone!

    I have built a vb6 app that communicates with a web server to get data from
    an webservice through the internet (not lan).

    My question/problem is,
    1) how could I make this webservice secure, so that only my vb6 app has
    access to it and noone else?
    Should I use WSE or WCF?
    Well ok, but I have completely no idea on how to!

    2) Should I enable ssl for this webservice, so that data is encrypted? How?

    Please can somebody provide me with info/hints/tips/walkthrough on how to do
    this?

    Thanks in advance!
     
    =?Utf-8?B?cGF0cmlja2RyZA==?=, Aug 7, 2007
    #1
    1. Advertising

  2. first of all, thank you very much for the interest!

    I have already done the following steps:
    (using http://www.codeproject.com/soap/wssecurity_usernametokens.asp as a
    guide reference)

    Secured my web service using WSE 3.0 and tried to access the web service
    using vb6 and soap,
    with the following code:



    Set g_objSoap = New MSSOAPLib.SoapClient
    With g_objSoap
    .mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
    .ConnectorProperty("AuthUser") = "wsuser"
    .ConnectorProperty("AuthPassword") = "pass"
    End With


    However I get either "access denied" (line:

    .mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

    or access denied when trying to execute any method,

    e.g. the following (test) one:



    <WebMethod()> _
    Public Function Hello() As String

    ' Get the current soap context
    Dim ctxt As SoapContext = RequestSoapContext.Current
    If ctxt Is Nothing Then
    ' This request is using a different protocol other than SOAP.
    Return "Please format the request as a SOAP request and try again."
    End If

    ' Iterate through all Security tokens
    For Each tok As SecurityToken In ctxt.Security.Tokens
    If TypeOf (tok) Is UsernameToken Then
    Dim user As UsernameToken = CType(tok, UsernameToken)
    Return "Hello Authenticated user " + user.Username
    End If
    Next tok
    Return "Hello Liar"

    End Function

    Also, my customauthenticator class (referenced from the web service) is as
    follows:



    Imports System
    Imports System.Security.Permissions
    Imports Microsoft.Web.Services3.Security.Tokens

    Namespace WSESecurity
    <SecurityPermissionAttribute(SecurityAction.Demand)> _
    Public Class CustomAuthenticator
    Inherits UsernameTokenManager

    ' Returns the password or password equivalent for a user name
    Protected Overrides Function AuthenticateToken(ByVal token As
    UsernameToken) As String

    If token Is Nothing Then
    Throw New ArgumentNullException()
    End If

    ' perform a lookup in your database
    ' for the user name in 'token.Username'
    ' and return the password as a string.
    ' If there is no match, return null.
    If token.Username = "wstest" Then
    Return "pass"
    Else
    Return Nothing
    End If

    End Function
    End Class
    End Namespace



    I can't figure out WTH goes wrong, so please, if anyone has any
    idea/tips/suggestions please please HELP me!

    (It's my first time writing a secure web service - newbie on the subject)
     
    =?Utf-8?B?cGF0cmlja2RyZA==?=, Aug 8, 2007
    #2
    1. Advertising

  3. I have already done the following steps:
    (using http://www.codeproject.com/soap/wssecurity_usernametokens.asp as a
    guide reference)

    Secured my web service using WSE 3.0 and tried to access the web service
    using vb6 and soap,
    with the following code:



    Set g_objSoap = New MSSOAPLib.SoapClient
    With g_objSoap
    .mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
    .ConnectorProperty("AuthUser") = "wsuser"
    .ConnectorProperty("AuthPassword") = "pass"
    End With


    However I get either "access denied" (line:

    .mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)

    or access denied when trying to execute any method,

    e.g. the following (test) one:



    <WebMethod()> _
    Public Function Hello() As String

    ' Get the current soap context
    Dim ctxt As SoapContext = RequestSoapContext.Current
    If ctxt Is Nothing Then
    ' This request is using a different protocol other than SOAP.
    Return "Please format the request as a SOAP request and try again."
    End If

    ' Iterate through all Security tokens
    For Each tok As SecurityToken In ctxt.Security.Tokens
    If TypeOf (tok) Is UsernameToken Then
    Dim user As UsernameToken = CType(tok, UsernameToken)
    Return "Hello Authenticated user " + user.Username
    End If
    Next tok
    Return "Hello Liar"

    End Function

    Also, my customauthenticator class (referenced from the web service) is as
    follows:



    Imports System
    Imports System.Security.Permissions
    Imports Microsoft.Web.Services3.Security.Tokens

    Namespace WSESecurity
    <SecurityPermissionAttribute(SecurityAction.Demand)> _
    Public Class CustomAuthenticator
    Inherits UsernameTokenManager

    ' Returns the password or password equivalent for a user name
    Protected Overrides Function AuthenticateToken(ByVal token As
    UsernameToken) As String

    If token Is Nothing Then
    Throw New ArgumentNullException()
    End If

    ' perform a lookup in your database
    ' for the user name in 'token.Username'
    ' and return the password as a string.
    ' If there is no match, return null.
    If token.Username = "wstest" Then
    Return "pass"
    Else
    Return Nothing
    End If

    End Function
    End Class
    End Namespace



    I can't figure out WTH goes wrong, so please, if anyone has any
    idea/tips/suggestions please please HELP me!

    (It's my first time writing a secure web service - newbie on the subject)
     
    =?Utf-8?B?cGF0cmlja2RyZA==?=, Aug 8, 2007
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,448
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    557
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    438
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    962
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. verbal kint
    Replies:
    1
    Views:
    552
    Sudsy
    Sep 4, 2004
Loading...

Share This Page