Summary:
How to use WSE (Microsoft Web Services Enhancements supporting WS security specification to enable encrypted SOAP across standard HTTP? How to explain SOAP packet encryption, how to define in WS security and XML encryption.
table of Contents:
l Introduction WSE
l WSE security features
l Encrypted SOAP packet
l WSE support for encryption
l Configure WSE
L SOAP packet symmetrical encryption algorithm
l Use the X.509 certificate to encrypt SOAP packets
l Select the node (component) of the message to encrypt
l Limitations and collaborative details
l conclusion
WSE introduction
In order to make the web service run better in the enterprise, the new generation of Web service specification is proposed. It is recommended to improve the aspects of the Web services such as safe, reliable packets, and send accessories to regional coordination. In order to support These proposals, MS released WSE1.0 SP1, which contains a series of classes to support these new protocols, such as Microsoft's ASP.NET host filters, intercepting and issuing SOAP packets, interception or Generate the function of the SOAP head to support the needs. WSE supports the following specifications:
l WS-security and web service security supplement
l WS accessories
l WS route
l WS reference
WSE's security features
When the WSE is run, a series of filters generate and read WS-Security-compatible SOAP headers. When the SOAP packet is received on a web server that supports WSE, the SOAP packet reads through a series of input filters. WS- * compatible headers, if necessary, generate a series of related program objects. Similarly, the output of the output is some column output filter, serialized a certain header as the WSE object is defined. All WSE1.0 The web service security feature supported by SP1 is implemented by security input and output filters through SecurityInputFilter and SecurityoutputFilte objects. It contains: digital signature, encryption, signing, and encrypted user ID, signing, and encrypting X.509 certificates, signs and encryption Customize 2 credit identity.
Encrypt SOAP packet
Use a unified format to transfer data, enabling valuable data to be accessed by malicious users, so that it is intercepted. Use SOAP and XML to transfer data not only with potential security threats, but the inherent working mode of your web service is possible to find By observing the XML syntax of the SOAP message itself. Use the appropriate encryption algorithm, data and information interfaces to be fully protected. Encryption is a simple use of a reversible algorithm to encrypt clear text using a particular key to encrypt clear text, make data If you do not decrypt, you cannot read. Today, the most common form of Internet encryption introduces a transfer-level encryption mode, such as IPsec and SSL, encrypted in the transport layer. It has certain security, but the transport layer encryption affects performance. Especially when only part of the SOAP packet needs to be encrypted. And the transport layer encryption does not allow the packet secure route to serve as an intermediary through the web service. Because the message needs to decrypt the medium to the final reception of the new encryption Before
How is XML encryption work?
The XML encryption protocol specifies that some or all of the SOAP packet can be encrypted. When using XML encryption, the part of the XML document is encrypted, and the encrypted content is inside the EncryptedData node. WS security is based on XML encryption, full guarantee When using XML encryption to encrypt SOAP packets, EncryptedData is a reference to the Security head node element. If there are multiple nodes in the main body of the SOAP message, each node references each independent and in ReferenceList ReferenceData node
For an EncryptedData node, some key information can be specified at the KeyInfo node, the encrypted algorithm is specified in the EncryptionMethod node, and the KeyInfo node is defined in accordance with the XML signature specification.
