TechBubbles Microsoft Technology BLOG

Verify SOAP Messages Signed using Username and Password

By Kalyan Bandarupalli
In Webservices
August 16, 2008
2 Min Read
2 Comments

To validate digital signatures for incoming SOAP Messages created using Username Token, WSE Must be configured.

The following procedure explains how to configure a WSE to validate digital signatures created using Username Token.

1. Start Visual studio 2005

2. File Menu, New then click Project.

3. Select ASP.NET Web Service in  the templates pane.

4. Add a reference to the Microsoft.Web.Services3 assembly.

5. In the Web.config file include the <SoapServerProtocolFactory> element in <webServices> section. 

<configuration>
   <system.web>
        <webServices>
            <soapServerProtocolFactory 
type="Microsoft.Web.Services3.WseProtocolFactory,
 Microsoft.Web.Services3,
 Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
        </webServices>
    </system.web>
   </system.web>
</configuration>

  Write the following code to validate the SOAP Message

protected override string AuthenticateToken(UsernameToken userName)
{
    // Ensure that the SOAP message sender passed a UsernameToken.
    if (userName == null)
        throw new ArgumentNullException();

    // This is a very simple provider.
    // In most production systems the following code 
    // typically consults an external database of (userName,hash)
    // pairs. For this example, it is the UTF-8
    // encoding of the user name.
    byte[] password =
        System.Text.Encoding.UTF8.GetBytes(userName.Username);
    Array.Reverse( password );

    return Convert.ToBase64String( password );
}

public override void  ValidateMessageSecurity(SoapEnvelope envelope, Security security)
{
bool IsSigned = false;
foreach (ISecurityElement element in security.Elements)
{
    if (element is MessageSignature)
    {
        // The given context contains a Signature element.
        MessageSignature sign = element as MessageSignature;

        SignatureOptions expectedOptions = 
             SignatureOptions.IncludeTimestamp |
             SignatureOptions.IncludeSoapBody |
             SignatureOptions.IncludeTo |
             SignatureOptions.IncludeAction |
             SignatureOptions.IncludeMessageId;
        if ((sign.SignatureOptions & expectedOptions)==expectedOptions)
        {
            // The SOAP message is signed.
            if (sign.SigningToken is UsernameToken)
                // The SOAP message is signed 
                // with a UsernameToken.
                IsSigned = true;
        }
    }
}
if (!IsSigned)
    throw new SecurityFault("Message did not meet
 security requirements.");
}
FacebookTwitterReddit

About the author

Kalyan Bandarupalli

My name is kalyan, I am a software architect and builds the applications using Microsoft .NET technologies. Here I am trying to share what I feel and what I think with whoever comes along wandering to Internet home of mine.I hope that this page and its contents will speak for me and that is the reason I am not going to say anything specially about my self here.

View all posts

2 Comments

Read more

By Kalyan Bandarupalli August 16, 2008
2 Comments
TechBubbles Microsoft Technology BLOG

Follow me

Archives

Tag Cloud

.NET Framework (14) .NET Framework 4.0 (6) .NET Framework 4.5 (7) AJAX (6) ASP.NET (81) ASP.NET 4 (7) ASP.NET 4.5 (27) ASP.NET 4.5 Preview (8) ASP.NET 5 (7) ASP.NET Core (5) ASP.NET MVC (11) Azure (6) Azure Services (5) C# (23) Cloud (9) JavaScript (5) Microsoft (91) Microsoft Azure (8) OData (5) REST (5) SharePoint (77) Sharepoint 2010 (50) SharePoint 2013 (23) Silverlight (9) SQL Azure (6) SQL server (56) SQL server 2008 (29) SQL Server 2008 Analysis Services (5) SQL Server 2008 R2 (10) SQL Server 2012 (20) SQL server Reporting Services (6) SQL Server SSIS (5) SSIS (8) Testing (6) Visual Studio (56) Visual Studio 11 (5) Visual Studio 2010 (26) Visual Studio 2012 (29) Visual Studio 2013 (18) WCF (21) Web Services (12) Windows 8 (6) Windows Azure (18) WSE (5) XML (4)