TechBubbles Microsoft Technology BLOG

Configure WSE to Validate SOAP Message

One type verifying the SOAP message is validating the digital signature for the incoming message.Signature validation is done by WSE prior to the execution of the recipient code.

The following procedure can be used to configure the WSE to validate the digital signature for SOAP message.

1. Start Visual studio 2005

2. File Menu, New then click Project.

3. Select ASP.NET Web Service in  the templates pane.

4. Add a reference to the Microsoft.Web.Services3 assembly.

5. In the Web.config file include the <SoapServerProtocolFactory> element in <webServices> section.

<configuration>
   <system.web>
        <webServices>
            <soapServerProtocolFactory 
type="Microsoft.Web.Services3.WseProtocolFactory,
 Microsoft.Web.Services3,
 Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" /> 
        </webServices>
    </system.web>
   </system.web>
</configuration>

  Write the following code to validate the SOAP Message

1. We have to create a policy assertion

2. In the Web Service that receives the signed SOAP Messages, override  the ValidateMessageSecurity Method.

public override void  ValidateMessageSecurity(SoapEnvelope envelope, 
Security security)
{
bool IsSigned = false;
foreach (ISecurityElement element in security.Elements)
{
    if (element is MessageSignature)
    {
        // The given context contains a Signature element.
        MessageSignature sig = element as MessageSignature;
        SignatureOptions expectedOptions = 
                SignatureOptions.IncludeTimestamp |
                SignatureOptions.IncludeSoapBody |
                SignatureOptions.IncludeTo |
                SignatureOptions.IncludeAction |
                SignatureOptions.IncludeMessageId;

        if ((sig.SignatureOptions & expectedOptions) == expectedOptions)
        {
            // The SOAP body and the WS-Addressing headers are signed.
            if (sig.SigningToken is X509SecurityToken)
                // The SOAP message is signed by a X509SecurityToken.
                IsSigned = true;
        }
    }
}
if (!IsSigned)
    throw new SecurityFault("Message did not meet security requirements.");

}

About the author

Kalyan Bandarupalli

My name is kalyan, I am a software architect and builds the applications using Microsoft .NET technologies. Here I am trying to share what I feel and what I think with whoever comes along wandering to Internet home of mine.I hope that this page and its contents will speak for me and that is the reason I am not going to say anything specially about my self here.

2 Comments

TechBubbles Microsoft Technology BLOG

Follow me

Archives

Tag Cloud