Purpose of Web Services Enhancement
1. Basic Web Services
2. Meet enterprise-level application requirements: secure, reliable and transacted Web Services
3. Advantages of retaining web services to be successful interoperability ability to be implemented add no more complexity than needed
This article mainly introduces how WSE uses the security certificate (policy file) to build a secure web service.
1. First define the security certificate (policy file)
Ii. use proprietary Web Service Security Certificate features
Procedure
1. Open a Web Service Project in vs2005
2. Run WSE settings 3.0 Tool
3. Use WSE settings 3.0 tool to open web. config of the Web Service Project
4. Select enable this project for Web service enhancements
5. Select "policy" and "add", and enter the name of your certificate. Now I use the servicepolicy name and then click "Next ".
6. The Wizard Page will focus on whether the first option is to mark the selected service or customer. There are four options in the second option.
Option |
Description |
Anonymous |
Anonymous Access |
Username |
The security token of the userNameToken that contains the username and password. |
Certificate |
X.509 certificate containing the x509securitytoken |
Windows |
You need to send Windows Authentication with external ostoken |
7. Select the SOAP header type
Option |
Description |
None |
Soap messages should be protected at the Transport Layer (SSL protocol), while WSE does not. |
Sign-only |
The SOAP message must be signed. |
Sign and Encrypt |
The SOAP message must be signed and the SOAP message body must be encrypted. |
Sign, encrypt, encrypt Signature |
The SOAP message must be signed and the message body signature must be encrypted. |
8. Complete
You can generate the following configuration file based on your configuration < Policies >
< Extensions >
< Extension name = " Kerberossecurity "
Type = " Microsoft. Web. services3.design. kerberosassertion, Microsoft. Web. services3, version = 3.0.0.0, culture = neutral, publickeytoken = 31bf3856ad364e35 " />
< Extension name = " Kerberos "
Type = " Microsoft. Web. services3.design. kerberostokenprovider, Microsoft. Web. services3, version = 3.0.0.0, culture = neutral, publickeytoken = 31bf3856ad364e35 " />
< Extension name = " Requireactionheader "
Type = " Microsoft. Web. services3.design. requireactionheaderassertion, Microsoft. Web. services3, version = 3.0.0.0, culture = neutral, publickeytoken = 31bf3856ad364e35 " />
</ Extensions >
< Policy Name = " Servicepolicy " >
< Kerberossecurity establishsecuritycontext = " False " Signatureconfirmation = " False " Protectionorder = " Signbeforeencrypting " Derivekeys = " False " >
< Protection >
< Request signatureoptions = " Includeaddressing, includetimestamp, includesoapbody "
Encryptbody = " True " />
< Response signatureoptions = " Includeaddressing, includetimestamp, includesoapbody "
Encryptbody = " True " />
< Fault signatureoptions = " Includeaddressing, includetimestamp, includesoapbody "
Encryptbody = " False " />
</ Protection >
</ Kerberossecurity >
< Requireactionheader />
</ Policy >
</ Policies >
9. Application in Web Service Using System;
Using System. Web;
Using System. Web. Services;
Using System. Web. Services. Protocols;
Using Microsoft. Web. services3;
Using Microsoft. Web. services3.design;
[WebService (namespace = " Http://www.contoso.com/ " )]
[Webservicebinding (conformsto = Wsiprofiles. basicprofile1_1)]
[Policy ( " Servicepolicy " )]
Public Class Service: system. Web. Services. WebService
{
Public Service () {
}
[Webmethod]
Public String Sayhello () {
Return "Hello World";
}
}
conclusion
This section describes how to create and use the policy file on the server. Next time, we will introduce how to create and use the policy file on the client.