Encrypting SOAP Messages with WSE (3)

Source: Internet
Author: User
Tags config soap reference web services asymmetric encryption visual studio
Encryption WSE support for encryption

WSE supports partial encryption of SOAP messages. Symmetric encryption uses a shared key, and asymmetric encryption supports the use of X.509 certificates. When using WSE to encrypt a SOAP message, the contents of the entire body node are encrypted unless explicitly specified without encryption. Here are 2 examples, A cryptographic part of this body, an encrypted portion.

The WSE runtime Library implements all the ws-security. In the SecurityInputFilter and SecurityOutputFilter classes SecurityOutputFilter classes. The former by looking at the security node in a

Into the SOAP message, if the node exists. It creates an object that represents any security token and encryption key, decrypts the node, and verifies any digital signatures. For an incoming message, any secure node is bane through the security properties of the SoapContext object generated by the message. The opposite. , securityoutputfilter the encryption and signature operation for incoming and outgoing messages, with any particular security token or encryption key. Security measures, such as tagging, encryption, Or to sign the soapcontext.security and soapcontext.extendedsecurity attributes of the message used in the access message, Extendedsecurity only use the security property when you need to create a secure header only when you want to include the final destination

Configure WSE

Although WSE has been installed on the ASP.net Web server at the time of installation, some additional configuration is required, if you need security support for those asp.net applications. After the project is created ASP.net Web services, Visual Studio.NET, Referencing the Microsoft.Web.Services.dll assembly needs to be loaded into the project. You also need to add a new SOAP extension to the soapExtensionTypes node. This can create a new add in the Web.config file Nodes are shown below.

<configuration>

<system. Web>

...

<WebServices>

<SOAPExtensionTypes>

<add type=

"Microsoft.Web.Services.WebServicesExtension,

Microsoft.Web.Services,

version=1.0.0.0,

Culture=neutral,

Publickeytoken=31bf3856ad364e35 "

priority= "1" group= "0"/>

</SOAPExtensionTypes>

</WebServices>

</system. Web>

</configuration>



The value of the type attribute must not contain any breaks or extra spaces. This example adds extra lines for readability. If the webservices and soapExtensionTypes nodes do not exist, they must be added to the Web.config file inside. A much easier way is the complete WSE Configuration tool. A Visual Studio plug-in that allows you to easily configure Web service projects that use WSE. Of course, there are other related configurations that must be manually configured.

When you are programming with WSE, you need to add a Microsoft.Web.Services and a reference to a System.Security namespace. In the client and server-side engineering, If you encrypt both the client request and the server response. In the customer section you should use the Add Web Reference tool to generate Web service proxies for WSE based Web service projects.

Symmetric encryption of SOAP messages

Next, let's take a look at how WSE uses symmetric key encryption for SOAP messages. The following example is based on an WSE-enabled Web service that returns a SOAP response message containing sensitive data in the body of the message. So, the client sends a simple Web service request to the service that returns an XML document encrypted by the Ternary des symmetric encryption algorithm (using a shared secret key and an initial vector, IV), and when the client receives the encrypted response message, SecurityInputFilter will invoke a decryption key provider on the client to access the same shared key on the client side to decrypt the reporting style, which must be written by you and provide a way to synchronize the shared key. These examples assume that both sides know the key, and all we have to do is to provide the name of the key, as a hint, to give the other person the information about which key is being encrypted.

Be careful when managing, synchronizing, and keeping the key secret between the two parties. One solution uses a distributed key mechanism, such as Kerberos. However, from the 1.0 version of WSE, WSE no longer continues to support Kerberos.


Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.