Securing .NET Web Services with the WS-Security Protocol : Page 2
The WS-Security specification lays the groundwork for securing enterprise Web services. The specification is complex, but using Visual Studio and Microsoft's WSE 2.0 Technical Preview you can easily apply the WS-Security protocol to your own Web services.
by Jeannine Hall Gailey
Jan 29, 2004
Page 2 of 4
Welcome to WSE 2.0
WSE is Microsoft's solution for supporting advanced Web services functionalities, including security, reliable messaging, and policies. WSE, which supports both TCP and HTTP transports, implements a set of input and output filters as well as a rich API.
WSE input filters intercept incoming SOAP messages and translate supported SOAP header elements into programming objects, which are accessible using the SoapContext object. WSE output filters construct SOAP headers based on the properties of the SoapContext object for the outgoing message. The WSE runtime, which hosts these filters and API, is implemented in the .NET assembly Microsoft.Web.Services.dll.
WSE also supports Web service policies, which ensures that incoming messages have the required headers and can automate the securing of outbound messages.
To follow the code in the remainder of this article, you should download and install the WSE 2.0 Technical Preview before continuing.
Author's Note: WSE 2.0 integrates with Visual Studio 2003. To benefit from this integration, select the Visual Studio Tools option during installation; this installs all of the tools that I discuss in this article.
You configure WSE 2.0 on a per-application basis by adding XML elements to the application configuration file. Modifying the configuration lets you change the default behavior of WSE without recompiling your application, but it is tricky to edit these files without making mistakes. To avoid such errors, I recommend setting configuration parameters through the WSE Settings Tool, a Visual Studio add-in for WSE 2.0 installed when you select the Visual Studio Tools option during installation.
Configuring a WSE-based Application
After installing Visual Studio 2003 and WSE 2.0, you can create and build the sample code for this article. For a simple introduction, you'll create a client application to access a "Hello World" Web service. After completing this simple test case, you'll be able to use the same techniques to access any WS-Security-enabled Web service.
Creating the Hello World service is trivial. Create a new Web service project, and uncomment the HelloWorld Web method, and compile the project. You will follow the same steps to enable WSE for the service as you do for the client. Now, you can create a client application to consume the service.
After creating a new client application in Visual Studio 2003 (you can use any project type), right-click the project in the "Solution Explorer" pane and select "WSE Settings 2.0 ." This displays the WSE Settings Tool shown in Figure 1.