Login | Register   
RSS Feed
Download our iPhone app
Browse DevX
Sign up for e-mail newsletters from DevX


Behold WSE 2.0: Removing Another Layer of WS-Pain : Page 4

To keep up with the flurry of emerging, re-emerging, and otherwise evolving standards for Web services, we need tools—good ones—and we need them all to play nice across platforms.

Enforcing User Credentials with Policy and Hardly Any Code
The configuration tool simplifies setting up policies for authentication and encryption. The Add/Edit Policy dialog box (see Figure 1) provides a drop-down list of supported token types, including UsernameToken. You can configure a specific endpoint, or specify "default" as the Service Location, indicating that this will be the default policy for all service endpoints.

I'll explore more of this dialog box later. For now, let's see if my security requirements are being enforced. After closing the configuration tool, the web.config is updated to reflect that there is now a receiving policy cache, as shown here:

<microsoft.web.services> <policy> <send /> <receive> <cache name="policyCache.xml" /> </receive> </policy> </microsoft.web.services>

The policy cache file for receiving endpoints is created at the root directory of the application. The schema for WSE policy configuration requires an outer <policyDocument> element, within which are policy mappings inside a <mappings> element, and a collection of individual WS-Policy settings within a <policies> element (shown in Listing 1). One or more <wsp:Policy> elements can appear within the <policies> section, and each <wsp:Policy> element is an instance of a valid WS-Policy definition.

For example, following the WS-Policy specification, a <wssp:Integrity> element contains the requirements for signing parts of the message, in this case using token type wsse:UsernameToken:

<wst:TokenType xmlns:wsse="http:// schemas.xmlsoap.org/ws/2003/06/secext" xmlns:wst="http: //schemas.xmlsoap.org/ws/2002/12/secext"> wsse:UsernameToken </wst:TokenType>

By default, the policy is set up to use the token to sign the message body, indicated by the <wssp:MessageParts> element's wsp:Body() function:

<wssp:MessageParts Dialect= "http:// schemas.xmlsoap.org/2002/12/wsse#part"> wsp:Body()</wssp:MessageParts>

With this policy file, the WSE 2.0 run time invokes policy filters in the message pipeline to verify that the message body is signed with a username and password token matching the WS-Security specification. If you invoke the Web service without providing a token, a SoapHeaderException is raised in the form of a SOAP fault to the client.

Comment and Contribute






(Maximum characters: 1200). You have 1200 characters left.



Thanks for your registration, follow us on our social networks to keep up-to-date