WSE support for encryption
WSE supports partial encryption of SOAP packets. Symmetrical encryption uses a shared key, asymmetric encryption supports using X.509 certificate. When using WSE to encrypt SOAP packets, the entire Body node is encrypted, unless explicitly specified Do not encrypt. 2 examples will be added, an encrypted this body part, a encryption section.
The WSE runtime library implements all WS-Security. In the SecurityOutputFilter class in the SecurityInputFilter and the SecurityoutputFilter class. The former finds the Security node in one
Enter SOAP packets, if the node exists. It creates an object that represents any security tag and encryption key, decrypting node, verifies any digital signature. For an entry packet, any security node is passed The security properties of the SOAPContext object generated by the message are accessed. Conversely, SecurityOutputFilter implements the encryption and signature operations for entering and export, with any specific security tag or encryption key. Security measures, such as adding tags, encryption, or signing Packets use the message's SOAPCONTEXT.Security and SOAPCONTEXT.EXTendedSecurity properties, ExtendedSecurity only uses the Security property only when you need the final destination when you need to create a security header.
Configuring WSE
Although WSE has been installed on the ASP.NET web server, there are also additional configurations, if you need security support for those ASP.NET applications. When you create an ASP.NET Web service, Visual STUDIO.NET, reference to Microsoft.Web.Services.dll assembly needs to be loaded into the project. You also need to add a new SOAP extension to the SOAPEXTENSIONTYPES node. This can create a new ADD node in the web.config file. Shown
...
"Microsoft.Web.Services.WebserviceSextension, Microsoft.Web.Services, Version = 1.0.0.0, Culture = neutral, PublickeyToken = 31BF3856AD364E35 priority = "1" group = "0" /> The value of the Type property must not contain any intermittent or additional spaces. This example has additional wraps for readability. If WebServices and SOAPEXTENSIONTYPES nodes do not exist, they must be added to the web.config file. A more easy way is Fully WSE Configuration Tools. A Visual Studio plugin that uses it you can use to configure WSE's Web Service item. Of course, some other related configurations must be manually configured. When programming with WSE, you need to add a reference to Microsoft.Web.Services and a System.Security namespace. In the client and server-side project, if you are encrypted in the customer request and the server. In the customer part You should use the Add Web Reference Tool to generate a Web Service Agent for WSE-based Web Service. Symmetrical encryption to SOAP packets Next, let's take a look at how to use the WSE to encrypt the SOAP message. The following example is based on a web service that enables WSE, this web service will return a SOAP response message, including some sensitive data in the packet. So, the client sends a simple web service request to the service, which will return an XML document encrypted by the Trimed DES symmetrical encryption algorithm (using a shared key and an initial vector, IV), when the client After receiving the encrypted response information, the SecurityInputFilter will call a decryption key provider for the client to access the same shared key on the client, and decrypt the newspaper, this decryption key provider must be You are written and provide a method for synchronizing shared keys. These examples assume that both sides know the key, and what we have to do, just provide the name of the key, use this as a hint, give the other party know which key encryption is used. Be sure to be careful between management, synchronization, and and confidentiality of the key. There is a solution to use a distributed key mechanism, such as Kerberos. But from the WSE version 1.0, WSE will no longer continue to support Kerberos.
