Usernametoken requirement in the policy file

Discussion in 'ASP .Net Security' started by Nedu N, Feb 10, 2004.

  1. Nedu N

    Nedu N Guest

    Hi All,

    I have three questions while trying WSSE with .NET web services, and i
    appreciate your help.

    1). I want my web service to be configured to require usernametoken for
    authentication with a receive policy file. For signing and Encryption i am
    using X509 token and i am not using Usernametoken for this. i.e, I want to
    use usernametoken authentication with X509 signing and X509 encryption. I am
    not sure how to mention usernametoken requirment in the server side receive
    and client side policy files. I want my webservice to reject web requests if
    they are not coming with usernametokens for authentication. I don't want to
    do this within the code creating token on client and attaching to the soap
    header.

    2). Also i want tweak signing and encryption for testing sake like changing
    the signed message in-between and see the webservice rejecting the request
    on integrity violation.I know someway using TCPMON and curious to know if
    there are any other simple way to do this.

    3). And same way i want to tweak and test the encryption logic somehow.

    My policy file looks like following both on client side and server side.
    <?xml version="1.0" encoding="utf-8"?>

    <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">

    <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy">

    <mapDefault policy="#policy-e0e72048-bd00-4d6a-a064-67746b005d74" />

    </mappings>

    <policies xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">

    <wsp:policy wsu:Id="policy-e0e72048-bd00-4d6a-a064-67746b005d74"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

    <wsse:Integrity wsp:Usage="wsp:Required"
    xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:TokenInfo>

    <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:TokenType>wsse:X509v3</wsse:TokenType>

    <wsse:Claims>

    <wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer</wsse:SubjectName>

    </wsse:Claims>

    </SecurityToken>

    </wsse:TokenInfo>

    <wsse:MessageParts
    Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
    ageParts>

    </wsse:Integrity>

    <wsse:Confidentiality wsp:Usage="wsp:Required"
    xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:KeyInfo>

    <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:TokenType>wsse:X509v3</wsse:TokenType>

    <wsse:Claims>

    <wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer</wsse:SubjectName>

    </wsse:Claims>

    </SecurityToken>

    </wsse:KeyInfo>

    <wsse:MessageParts
    Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
    ageParts>

    </wsse:Confidentiality>

    </wsp:policy>

    </policies>

    </policyDocument>
    Nedu N, Feb 10, 2004
    #1
    1. Advertising

  2. Nedu N

    [MSFT] Guest

    HI Nedu,

    Thank you for using the community. As I understand, you want to enforce the
    Usernametoken required in the web service. Regarding the issue, we need to
    modify the policy configration file to achieve this. For detail
    information, you may refer to following article:

    Web Services Security Policy Language (WS-SecurityPolicy)
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
    html/ws-securitypolicy.asp

    Web Services Policy Framework (WS-Policy)
    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/
    html/ws-policy.asp

    New Technologies Help You Make Your Web Services More Secure
    http://msdn.microsoft.com/msdnmag/issues/03/04/WS-Security/default.aspx

    Hope this help,

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    [MSFT], Feb 11, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Andre
    Replies:
    0
    Views:
    445
    Andre
    Jan 21, 2005
  2. Replies:
    3
    Views:
    409
  3. Asfar

    UsernameToken Sample

    Asfar, Sep 14, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    126
    Asfar
    Sep 14, 2006
  4. APA

    SOAP UserNameToken

    APA, Sep 17, 2006, in forum: ASP .Net Web Services
    Replies:
    0
    Views:
    125
  5. Replies:
    0
    Views:
    117
Loading...

Share This Page