An example of using WSE 3.0 to protect Web Services

The first thing I want to talk about is that there are too few Chinese materials in this area, and no questions are asked on csdn. Therefore, English must be well studied! :)
Okay, now. We will use the certificate to encrypt the web service. WSe 3.0 is used here.
1. Import the certificate.
Create a certificate first. If you already have a certificate, you can omit it. Note that you must have a private key!
Start-> run... CMD-> cipher/R: mycert
For example:
C: \ Documents ents and Settings \ ADMIN> cipher/R: mycert
Then you will find mycert. CER and mycert. pfx under c: \ Documents ents and Settings \ admin.
Import the certificate as follows:
Start-> run... MMC
File-> Add/delete snap-in-> Add-> Certificate-> Add-> Computer Account, must be a computer account.
Check whether there is a "Other Person" node. If not, use the following steps:
IE-> Internet Options-> content-> Certificate-> others-> Import
Here, the default file type is: X.509 Certificate, which must be used here: personal information exchange, that is, pfx file, so modify it.
After the import is complete, return to the console and refresh it. The tree on the right should include "individual" and "others ".
Open the "personal" node, click the certificate, right-click all tasks, and import the pfx file. Remember to import the pfx file here!
Import the certificate again under the "Others" node and use the same certificate.
2. Configure the Web service site.
Create a web service site.
Right-click the website name-> WSE 3.0 settings...
Check both the hooks in the gerneral label.
Remove the check box before verify trust in the security label.
Enable policy in the Policy tag, and click Add...
Enter the policy name, for example, serverclient (I am too lazy and get "S ").
After confirming, select the server security and certificate.

Next step: Click perform authorization and click Add...

Select the certificate you imported. Note that the folder for others in the computer account is used. This is

The place where the certificate is imported.
OK. Click OK to continue...
The next step is message protection. Here you have selected your preference. Generally, the default value is enough.
Next, select another certificate to encrypt the message. Note that the store here is the local machine.

-Personal store.
Complete.

OK. Configuration complete.

Next, enable the default service. CS added when creating a Web service under app_code.
Add this line before the class:
[Policy ("S")]
The Code is as follows:

Using system;
Using system. Web;
Using system. Web. Services;
Using system. Web. Services. Protocols;
Using Microsoft. Web. services3;

[WebService (namespace = "http://tempuri.org/")]
[Webservicebinding (conformsto = wsiprofiles. basicprofile1_1)]
[Policy ("S")] // specifies which policy to use.
Public class service: system. Web. Services. WebService
{
Public Service (){

// If you use the designed component, uncomment the following line
// Initializecomponent ();
}

[Webmethod]
Public String helloworld (){
Return "Hello World ";
}

}

In this way, the server is configured.

3. Client configuration.
Create a new site, right-click the site name, and set WSE. The method is the same as above.
Here we should select secure a client application.
When selecting a certificate, don't forget to change store to local machine. The other options are the same as those on the server.
After the configuration is complete, test it first.
First, add a web reference. The default name is used here.
Add two components to defalut. aspx: button and lable.
Add the following code to the button clicking event:

Localhost. servicewse S =
New localhost. servicewse ();
// Note that this is not a service, but a servicewse.
S. setpolicy ("clientpolicy ");
// The name of the configuration. Specifies the policy to use.
Label1.text = S. helloworld ();

OK. Check it out.
4. Publish the Web service to the server.
Next, publish the Web service to the IIS server. Before that, you must install the certificate used in your project on the server. The method is the same as above. After the import is complete, the computer must be restarted. (Of course, if you are in your own machine IIS, you do not need to repeat it .) At the same time, you also need to give your IIS sufficient permissions to access the certificate. The certificate tool in WSE 3.0 is used here: Certificates tool. After you open the certificates tool, select the certificate. For example, select local computer at the certificate location, and set Personnal in store name if there is other Pepel. Now it's personnal. Select the certificate and click "view private key file properties...", select the "Security" label, and add two users: ASPnet and Network Service. The default permission is enough. This completes all the work. If it's a server, don't forget to restart it!
5. Test.
No more.
6. common errors.
After a series of configurations are completed, the following error may also be reported if the configuration is correct:
1. Security requirements are not satisfied because the security header is not present in the incoming message.
R: the server has not been restarted.
2. wse910
R: the server and your computer are out of time. However, you can increase the time gap when configuring the server. In the security label.