WSE3.0 Building Web Services Security (3) WSE3.0 policy configuration, certificate, signature and instance development

WSE3.0 Building Web Services Security (1): WSE3.0 security mechanism and instance development and WSE3.0 Building Web Services Security (2): Asymmetric encryption, public key, key, certificate, signature differences and contacts, and X.509 certificate acquisition and management, Today we continue to WSE3.0 building the 3rd section of the Web Services Security series: WSE3.0 policy configuration and instance development. This section focuses on how to implement Web services security through the WSE3.0 policy Configuration tool, which is illustrated with code in this article. The structure of this section is 1. Introduction to the WSE3.0 Policy tool 2. How to use the WSE3.0 Policy Tool 3. Code implementation and Analysis 4. Finally, the code is attached for everyone to download.

With the introduction of section 2, we know that WSE 3.0 is integrated with Web service. The security encryption mechanism is implemented by extending the Web service message model. In WSE 3.0, clients are requested to access a Web service that is done through a proxy class generated by the client. When a client sends a Web service call request to the server, the WSE 3.0 extension framework handles some of the messages, including filtering, encrypting, signing, and so on. When the server-side Web service receives a call from the client, the WSE 3.0 extension Framework also decrypts the SOAP message, verifies the signature, and so on. If legitimate, the corresponding user requests, otherwise throw the service cannot use exception to the client. All of this work is done automatically by the WSE 3.0 extension framework for decryption, signature verification, and so on.

The security mechanism provided by WSE 3.0 guarantees the security of the Web service. At the same time, there are two ways to achieve security, one is through the WSE3.0 policy tool to the application system security specifications to the server and the client to set the appropriate security policy. The second is to use code to implement the same functionality as the specific security policy. The first is quick and easy, and the Web service can be secured by simple setup. The latter user can define more specific code to extend their security policy, relative to the need to write their own policy code. Either way, we can use the security mechanisms provided by WSE 3.0 to guard our Web services.

Additionally, WSE 3.0 provides other features, such as multihomed hosting Web services, user-defined security assertions, support for messaging optimization mechanisms, MTOM SOAP messages using TCP Transmission control, and so on. We can also optimize our systems by leveraging the new features provided by WSE 3.0, based on actual system requirements. One important reason for enabling WSE 3.0 in a Web Serivice project is to take advantage of its policy pipeline extensibility model in the first section. Because Wsewse 3.0 enables you to insert a filter that performs preprocessing and post-processing of SOAP messages entering and leaving endpoints, it provides the ability to create a custom declarative policy that can be combined with the existing declarative security policy provided by Wsewse 3.0. Here's a look at the WSE3.0 Configuration tool and how to configure security policy.

Introduction to the "1" WSE3.0 strategy tool

First, let's introduce the tool. WSE3.0 specific installation details are already in the first section WSE3.0 Building Web Services Security (1): WSE3.0 security mechanism and instance development are introduced. When we install it, we will see the WSE 3.0 setting in the new Web Service vsual Studio 2005 Project right-click menu. The specific interface of the configuration tool will appear when you open it. As shown in figure: