| Groups | Blog | Home |
dotnet web services enhancements : Help with Setting Policy Programmatically in WSE 3.0
The service is setting the policy with the config file.
The Client used to work when set with the config file. Now I am trying to implement it with code. ///////////////////////////////// //Test Set By Config THIS WORKED // Set the ClientPolicy onto the proxy //serviceProxy.SetPolicy("ClientPolicy"); ///////////////////////////////// //Test Set By Code DOES NOT WORK first error is that signature cannot be nul X509SecurityToken oX509CT = RetrieveTokenFromStore2("My", StoreLocation.CurrentUser, "CN=WSE2QuickStartClient"); MessageSignature oSignature = new MessageSignature(oX509CT); serviceProxy.RequestSoapContext.Security.Elements.Add(oSignature); serviceProxy.SetClientCredential(oX509CT); X509SecurityToken oX509CTS = RetrieveTokenFromStore2("AddressBook", StoreLocation.CurrentUser, "CN=WSE2QuickStartServer"); EncryptedData oEncryptedData = new EncryptedData(oX509CTS); serviceProxy.RequestSoapContext.Security.Elements.Add(oEncryptedData); serviceProxy.SetServiceCredential(oX509CTS); // Create a new policy. Policy oWebServiceClientPolicy = new Policy(); // Specify that the policy uses the MutualCertificate11 turnkey security assertion. MutualCertificate11Assertion oMCA = new MutualCertificate11Assertion(); oMCA.EstablishSecurityContext = false; oMCA.RenewExpiredSecurityContext = true; oMCA.RequireSignatureConfirmation = true; oMCA.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; oMCA.RequireDerivedKeys = false; oMCA.TtlInSeconds = 300; oMCA.Protection.Request.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody; oMCA.Protection.Request.EncryptBody = true; oMCA.Protection.Response.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody; oMCA.Protection.Response.EncryptBody = true; oWebServiceClientPolicy.Assertions.Add(oMCA); // Apply the policy to the SOAP message exchange. serviceProxy.SetPolicy(oWebServiceClientPolicy); //End Test Set By Code ///////////////////////////////// String[] symbols = {"FABRIKAM", "CONTOSO"}; StockQuote[] quotes = serviceProxy.StockQuoteRequest(symbols); I would appreciate any help! Gary
This might help
// A policy is simply a collection of assertions, // in this case there's only one. Policy pPolicy = new Policy(); AuthorizationAssertion aaAuthAssertion = new AuthorizationAssertion(); MutualCertificate11Assertion mc11aCertAssertion = new MutualCertificate11Assertion(); RequireActionHeaderAssertion rahaActionHeaderAssertion = new RequireActionHeaderAssertion(); //mc11aCertAssertion.ClientX509TokenProvider = new X509TokenProvider(StoreLocation.CurrentUser, StoreName.My, "<Base64 String here>", X509FindType.FindBySubjectKeyIdentifier); //mc11aCertAssertion.ServiceX509TokenProvider = new X509TokenProvider(StoreLocation.CurrentUser, StoreName.AddressBook, "<Base64 String here>", X509FindType.FindBySubjectKeyIdentifier); mc11aCertAssertion.ClientX509TokenProvider = RetrieveTokenFromStore2("AddressBook", StoreLocation.CurrentUser, "CN=WSE2QuickStartServer"); mc11aCertAssertion.ServiceX509TokenProvider = RetrieveTokenFromStore2("My", StoreLocation.CurrentUser, "CN=WSE2QuickStartClient"); EndpointProtectionRequirements epr = mc11aCertAssertion.Protection; // require signature and encryption for outgoing requests epr.Request.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody; epr.Request.EncryptBody = true; // require signature and encryption for incoming response epr.Response.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody; epr.Response.EncryptBody = true; // require signature only for incoming faults epr.Fault.SignatureOptions = SignatureOptions.IncludeAddressing | SignatureOptions.IncludeTimestamp | SignatureOptions.IncludeSoapBody; epr.Fault.EncryptBody = false; mc11aCertAssertion.EstablishSecurityContext = true; mc11aCertAssertion.RenewExpiredSecurityContext = true; mc11aCertAssertion.RequireSignatureConfirmation = true; mc11aCertAssertion.MessageProtectionOrder = MessageProtectionOrder.SignBeforeEncrypt; //The default value is false mc11aCertAssertion.RequireDerivedKeys = false; //The default value is 5 min = 300 sec... mc11aCertAssertion.TtlInSeconds = 300; pPolicy.Assertions.Add(mc11aCertAssertion); pPolicy.Assertions.Add(rahaActionHeaderAssertion); serviceProxy.SetPolicy(pPolicy); [quoted text, click to view] <garyrg9@gmail.com> wrote in message news:1166645372.643779.41710@i12g2000cwa.googlegroups.com... > The service is setting the policy with the config file. > > The Client used to work when set with the config file. Now I am trying > to implement it with code. > > ///////////////////////////////// > //Test Set By Config THIS WORKED > // Set the ClientPolicy onto the proxy > //serviceProxy.SetPolicy("ClientPolicy"); > > ///////////////////////////////// > //Test Set By Code DOES NOT WORK first error is that signature cannot > be nul > X509SecurityToken oX509CT = RetrieveTokenFromStore2("My", > StoreLocation.CurrentUser, "CN=WSE2QuickStartClient"); > MessageSignature oSignature = new MessageSignature(oX509CT); > > serviceProxy.RequestSoapContext.Security.Elements.Add(oSignature); > > serviceProxy.SetClientCredential(oX509CT); > > X509SecurityToken oX509CTS = > RetrieveTokenFromStore2("AddressBook", StoreLocation.CurrentUser, > "CN=WSE2QuickStartServer"); > EncryptedData oEncryptedData = new EncryptedData(oX509CTS); > > serviceProxy.RequestSoapContext.Security.Elements.Add(oEncryptedData); > > serviceProxy.SetServiceCredential(oX509CTS); > > // Create a new policy. > Policy oWebServiceClientPolicy = new Policy(); > > // Specify that the policy uses the MutualCertificate11 turnkey > security assertion. > MutualCertificate11Assertion oMCA = new > MutualCertificate11Assertion(); > oMCA.EstablishSecurityContext = false; > oMCA.RenewExpiredSecurityContext = true; > oMCA.RequireSignatureConfirmation = true; > oMCA.MessageProtectionOrder = > MessageProtectionOrder.SignBeforeEncrypt; > oMCA.RequireDerivedKeys = false; > oMCA.TtlInSeconds = 300; > oMCA.Protection.Request.SignatureOptions = > SignatureOptions.IncludeAddressing > | > SignatureOptions.IncludeTimestamp > | > SignatureOptions.IncludeSoapBody; > oMCA.Protection.Request.EncryptBody = true; > oMCA.Protection.Response.SignatureOptions = > SignatureOptions.IncludeAddressing > | > SignatureOptions.IncludeTimestamp > | > SignatureOptions.IncludeSoapBody; > oMCA.Protection.Response.EncryptBody = true; > oWebServiceClientPolicy.Assertions.Add(oMCA); > > // Apply the policy to the SOAP message exchange. > serviceProxy.SetPolicy(oWebServiceClientPolicy); > > //End Test Set By Code > ///////////////////////////////// > > > > String[] symbols = {"FABRIKAM", "CONTOSO"}; > StockQuote[] quotes = > serviceProxy.StockQuoteRequest(symbols); > > > I would appreciate any help! > > Gary >
Don't see what you're looking for? Try a search.
|
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |