Apply WSDK - Digital Signature of Web Services
Mood
2002-12-05
Article Type: in-depth
Difficult Level: 8.2 / 9
Version: 1.36
Honestly, I have never been my strength, if I would rather say some topics about enterprise-level application development, related components, COM . However, Web Services is what I like, INTERNET is what I like, so I can't escape about Web Services' security topics, no matter how much is poor in this, try or willing. Many of the world is so wonderful: my old brother is coming to the sky, but I went to the shipping bureau for a long time after I didn't want to graduate; my friend was got to get married 30 years old. I didn't expect it to succeed. I have a beautiful place. Yin Hui's netizen, plus married, yang is still still arriving; and I have always liked the atmosphere of Guangzhou City, I didn't expect it to make a diet of Guangzhou, and a delicious city is a beautiful city :)
The first version of Microsoft XML Web Services, that is, the most used version we use, no support for security for SOAP messages, or say that WS-Security has not been completed. WSDK adds WS-Security support and processes.
The easiest way to say that WS-Security mainly provides three mechanisms to protect our young Web Services:
1. Security token Propagation (Solve Security Credentials can be propagated between networks)
2. Message Integrity (whether the message is modified in the intermediate point is modified [Verify])
3. Message confidentiality (guaranteed that the message is still confidential before unresser))
The most popular explanation of life is through drama, such as "Hamlet". Hamlet, this famous hacker in the castle, with Denmark King Colas, threatening to kill the residents in many castles, Claus, decided to kill Hamlet and once again; so he sent a trusted Rosenkuz and Gudenstein sent Hamlet to England. They carry a secret letter, and the letter is required to go to England immediately, and the journey of Hamlet is long and challenging together with Hamlet, but the king, Rosenklauz and Gudenstein have forgotten Measures to ensure:
1. Hamlet can't read this letter
2. Hamlet can't modify this letter before arriving in England
Finally, the famous Danish hacker, when the other two were asleep, steal the content of the letter, easily change the people who would die into a sleeping king, and cover his father's pre-Danish seal on the envelope . As the two of the kings, I have never thought about the content of this letter, and I have never thought of being killed in England.
Then we see three three issues related to safety:
1. Danish King Colans must have a way to send the letter to the hands of the King England.
2. How does England king verify that the content of the letter is the original letter.
3. Before England did not open the letter, the content in the letter is still highly confidential.
And when these problems occur in Internet and Web Services, WS-Security is to complete this feature. (If you are interested in Hamlet, in addition to watching this document, I am in Java Security Programming Guide [Professional Java Security].) This article is also the beginning of Web Services, and we have to do It is the first question will be, solve the problem that Security Credentials communicates between networks. I will use WSDK to practice a web services client to sign a SOAP message using the usernametoken number, and how the Web Services handles this message being signed by the UserNameToken. I tried to simplify the process and process of encryption, trying to explain the entire process, in the source code included in the back, you can see this.
Whole process we will produce a web services and a client client, and most of the most configured. Environmental WINDOWS XP SP2 / VS.NET 1.0 / WSDK 5217
Generate the server side:
1. Create a web services project SIGNSOAPUSINGNAME.
2. Add Microsoft.Web.Services.dll references.
3. Click SignedName.asmx.cs to add the following code:
Using system.web.services.protocols;
Using Microsoft.Web.Services.security;
USING Microsoft.Web.Services;
Using system.security.cryptography;
4. Go to HelloWorld's annotation code and add the following code:
[WebMethod]
Public String HelloWorld ()
{
SOAPCONTEXT RequestContext = httpsoapcontext.requestcontext;
String Retval = "User Unknown";
IF (RequestContext == NULL)
Throw New ApplicationException ("Non-SOAP Request");
IF (! isvalid (requestContext))
{
Throw New Soapexception ("The Security Infomation Supplied Was Not Valid.", New System.xml.xmlqualifiedName ("Bad tokens", "http://www.dotnettools.org/signsoapusingname");
}
UserNameToken Thetoken = getUserNameToken (RequestContext.security);
IF (Thetoken! = NULL)
{
Return "Hello" THOKEN.USERNAME;
}
Return RetVal;
}
5. Configuring WSDK Microsoft.Web.WebServices in Web.config
6. Add a new class to implement iPasswordProvider
Using system;
Using system.security.permissions;
Using system.security.cryptography;
Using Microsoft.Web.Services.security;
Namespace SignsoapusingName
{
[SecurityPermission (SecurityAction.Demand, Flags = SecurityPermissionflag.unmanagedcode)]
Public Class PasswordProvider: iPasswordProvider
{
Hashalgorithm hash;
Public PasswordProvider ()
{
Hash = new sha1cryptoserviceProvider ();
}
Public String getPassword (String Username)
{
Byte [] encodedusername = system.text.encoding.utf8.getbytes (username);
Array.Reverse (Encodedusername); // I simplified the process, first don't consider those encryption functions
Return Convert.TOBASE64String (Encodedusername);
}
}
}
7. Configure PasswordProvider in Web.config
8. Run and build applications, F5 runs to see if Web Services runs normally
especially:
This article original, 9CBS signature start, all text and photo copyright. Do not propagate, reprint, or adaptation without authorization.
If you have any questions or suggestions, please email new2001@msn.com
Welcome to my Website: www.dotnettools.org
