Encrypting packets sent outside
I have modified the front of the getXmldocument method, allowing it to use the X.509 asymmetric encryption technology implemented by WSE. Encryption response packets, the FindCertificateBysubjectString method can be used to receive a public backup of the client certificate, a client certificate given from the personal storage chamber from the local machine account. This certificate is then used to create a new X.509 security token, which will be added to the security token collection of the response packet's SOAPCONTEXT. In addition, the namespace referenced in the symmetric encryption example, you should add a USING indicator attached to a Microsoft.WebServices.security.x509 namespace. The Getxmldocument method code is as follows:
// Create a simple XML document for returning
XmlDocument mydoc = new xmldocument ();
mydoc.innerxml =
"
// Get the SOAPCONTEXT of the response message
SOAPCONTEXT mycontext = httpsoapcontext.responsecontext;
// Personal certificate storage room to open and read the local machine account
X509certificateStore MyStore =
X509certificatestore.localMachine (
X509CertificateRestore.MyStore);
MyStore.OpenRead ();
/ / Find all certificates named "My Certificate", then add all matching certificates to the certificate collection
X509CertificateCollection mycerts =
MyStore.FindCertificateBysubjectString ("My Certificate");
X509CERTIFICATE mycert = NULL;
/ / Find the first certificate in the collection
IF (Mycerts.count> 0)
{
mycert = mycerts [0];
}
/ / Determine that we have a certificate that can be used for encryption
IF (mycert == null ||! mycert.supportsdataencryption)
{
Throw New ApplicationException ("Service is not able to
Encrypt the response ");
Return NULL;
}
Else
{
// Create a safe token using a valid certificate
X509securityToken MyToken = New X509SecurityToken (Mycert);
// WSE will use this tag to encrypt the text of the message
// WSE generates a Keyinfo element to request a certificate that has been used to decrypt the message on the client.
EncryptedData myencdata = new encrypteddata (MyToken);
/ / Add the encrypted data element to the SOAPCONTEXT of the response message
MyContext.security.eencdata;
Return mydoc;
}
Based on the previous method, the WSE pipe produces the following elements with the corresponding security head, ciphertext, and key information:
XMLns: xsi = "http://www.w3.org/2001/xmlschema-instance" XMLns: xsd = "http://www.w3.org/2001/xmlschema"> XMLns: WSU = "http://schemas.xmlsoap.org/ws/2002/07/UTILITY"> XMLns: wsse = "http://schemas.xmlsoap.org/ws/2002/07/secext"> TYPE = "http://www.w3.org/2001/04/xmlenc#encryptedkey" XMLns: Xenc = "http://www.w3.org/2001/04/xmlenc#"> Algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> Ymlkvwxyd8vuguyliuiydeaqqpw = "# EncryptedContent-608EEF8B-4104-4469-95B6-7CB4703CFA03" /> WSU: ID = "ID-70179C5B-4975-4932-9ECD-A58FEB34B0D3"> ID = "EncryptedContent-608EEF8B-4104-4469-95B6-7CB4703CFA03" TYPE = "http://www.w3.org/2001/04/xmlenc#content" XMLns: Xenc = "http://www.w3.org/2001/04/xmlenc#"> Algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> 4O1B4Befwbju6tzuaygfraax0ugtaykcw2klibuzpjli ... z8i2yphn4 w == Note that in this encrypted message, the unsametically encrypted EncryptedKey element contains a symmetrical encryption key for encryption of packets. The ReferenceList element references the ID attribute of the EncryptedData element of the packet text. Although I didn't do this in my example, tag this message so that the container verified the sender is actually a good idea. For more information on using WSE to mark packets, see WS-Security Authentication and Digital Signatures with Web Services Enhancements
