Hi!!!

I'm trying to consume web services developed in Oracle Web Service Manager 10g. Web services are based on SOAP 1.1 including ws-securitywith certificates. In my client program I add a web reference toone web service to make a simple query. I needed to send plain SOAP message but including security header information with certificates. To achieve this I needed to install WSE3.0 and create a SecurityPlocicyAssertionderived class that include CreateClientOutputFilter and CreateClientInputFilter to custom headers message,this is the class:

...

namespace RuntService

{

class CustomSecurityAssertion : SecurityPolicyAssertion

{

public CustomSecurityAssertion()

:

base()

{

}

public override SoapFilter CreateClientOutputFilter(FilterCreationContext context)

{

return new CustomSecurityClientOutputFilter(this);

}

public override SoapFilter CreateClientInputFilter(FilterCreationContext context)

{

return new CustomSecurityClientInputFilter(this);

}

public override SoapFilter CreateServiceInputFilter(FilterCreationContext context)

{

return null; // new CustomSecurityServerInputFilter(this);

}

public override SoapFilter CreateServiceOutputFilter(FilterCreationContext context)

{

return null; //new CustomSecurityServerOutputFilter(this);

}

class RequestState

{

SecurityToken clientToken;

SecurityToken serverToken;

public RequestState(SecurityToken cToken, SecurityToken sToken)

{

clientToken = cToken;

serverToken = sToken;

}

public SecurityToken ClientToken

{

get { return clientToken; }

}

public SecurityToken ServerToken

{

get { return serverToken; }

}

}

class CustomSecurityClientInputFilter : ReceiveSecurityFilter

{

public CustomSecurityClientInputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true)

{

}

public override void ValidateMessageSecurity(SoapEnvelope envelope, Security security)

{

RequestState state;

bool signed = false;

bool encrypted = false;

if (envelope.Fault == null)

{

// Obtenga el estado de la solicitud.

state = envelope.Context.OperationState.Get<

RequestState>();

// Asegurese que el mensaje fue firmado con el token de seguridad del Servidor.

foreach (ISecurityElement elem in security.Elements)

{

if (elem is MessageSignature)

{

MessageSignature sig = (MessageSignature)elem;

if (sig.SigningToken.Equals(state.ServerToken))

signed =

true;

}

if (elem is EncryptedData)

{

EncryptedData enc = (EncryptedData)elem;

if (enc.SecurityToken.Equals(state.ClientToken))

encrypted =

true;

}

}

if (!signed || !encrypted)

throw new Exception("Input Filter: Response message does not meet security requirements");

}

else

throw new Exception(envelope.Fault.Message);

}

}

class CustomSecurityClientOutputFilter : SendSecurityFilter

{

SecurityToken clientToken;

SecurityToken serverToken;

public CustomSecurityClientOutputFilter(CustomSecurityAssertion parentAssertion) : base(parentAssertion.ServiceActor, true)

{

// Obtenga el token de seguridad del Cliente.

clientToken =

X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=CLIENTE");

// Obtenga el token de seguridad del Servidor.

serverToken =

X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.TrustedPeople, "CN=SERVIDOR");

}

public override void SecureMessage(SoapEnvelope envelope, Security security)

{

MessageSignature objMessageSignature = new MessageSignature(clientToken);

objMessageSignature.

// Firme el mensaje SOAP con el token de seguridad del cliente.

security.Tokens.Add(clientToken);

security.Elements.Add();

// Encripte el mensaje SOAP con el token de seguridad del servidor.

//security.Elements.Add(new EncryptedData(serverToken));

// Encripte el token de seguridad del cliente usando el token de seguridad del servidor.

//security.Elements.Add(new EncryptedData(serverToken, "#" + clientToken.Id));

// Almacene los token de seguridad del cliente y del servidor en la informacion del estado de la solicitud.

RequestState state = new RequestState(clientToken, serverToken);

// Almacene la informacion del estado de la solicitud en la informacion del estado de operacin del proxy.

// Esto hace que los token sean accesibles cuando el mensaje SOAP de respuesta se analice para verificar

// que tenga los requerimientos de seguridad suficientes..

envelope.Context.OperationState.Set(state);

}

}

}

URL to web service is, via web reference: http://190.66.24.245:7779/gateway/services/SID0003005?wsdl

when I try to exewcute this web service like this:

ConsultaSoapServiceAsmx.

CommonHeaderDTO stConsultaCommonHeader = new RuntService.ConsultaSoapServiceAsmx.CommonHeaderDTO();

stConsultaCommonHeader.usuario =

"";

ConsultaSoapServiceAsmx.

IdentificacionPersonaDTO stIDPersona = new RuntService.ConsultaSoapServiceAsmx.IdentificacionPersonaDTO();

stIDPersona.numeroDocumento = "17592322";

stIDPersona.tipoDocumento = "C";

ConsultaSoapServiceAsmx.

ConsultaSoapServiceAsmx.

ServicioConsultaRUNT objConsulta = new RuntService.ConsultaSoapServiceAsmx.ServicioConsultaRUNT();

objConsulta.SetPolicy(

"CustomServicePolicy");

objConsulta.UseDefaultCredentials =

false;

UsernameToken objCredencial = new UsernameToken("80123100", "admin123");

objConsulta.SetClientCredential(objCredencial);

ConsultaSoapServiceAsmx.

PersonaNaturalOutDTO stResultado = objConsulta.consultarDatosPersonaNatural(stConsultaCommonHeader, stIDPersona);

It throws an Exception, this is the response SOAP message:

HTTP/1.1 100 Continue

HTTP/1.1 500 Internal Server Error
Date: Mon, 14 Sep 2009 23:00:18 GMT
Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
Connection: close
Transfer-Encoding: chunked
Content-Type: text/xml

186
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"><SOAP-ENV:Body><SOAP-ENV:Fault><faultcode xmlns:p="http://schemas.oblix.com/ws/2003/08/Faults">p:Client.AuthenticationFault</faultcode><faultstring>Autenticacion Fallida: username no especified into WebService security header</faultstring><detail></detail></SOAP-ENV:Fault></SOAP-ENV:Body></SOAP-ENV:Envelope>
0

My wse3policyCache.config is:

<

policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">

<

extensions>

<

extension name="CustomSecurityAssertion" type="RuntService.CustomSecurityAssertion, RuntService" />

</

extensions>

<

policy name="CustomServicePolicy">

<

CustomSecurityAssertion establishSecurityContext="false" renewExpiredSecurityContext="true" requireSignatureConfirmation="false" requireDerivedKeys="true" ttlInSeconds="300">

<

clientToken>

<

x509 storeLocation="CurrentUser" storeName="My" findValue="CN=CLIENTE" findType="FindBySubjectName" />

</

clientToken>

<

serviceToken>

<

x509 storeLocation="CurrentUser" storeName="TrustedPeople" findValue="CN=SERVIDOR" findType="FindBySubjectName" />

</

serviceToken>

</

CustomSecurityAssertion>

</

policy>

</

policies>

and App.Config include Custom Policy:

<

microsoft.web.services3>

<

policy fileName="D:\\Proyectos\\NET\\RuntService\\wse3policyCache.config" />

</

microsoft.web.services3>

I need help to Include UserName and Password on header security message

thanks

Hi
You can ste you uername and password using token: as following:
ServiceWseserviceProxy=newServiceWse();
UsernameTokentoken=newUsernameToken("FrankXu","123456789",PasswordOption.SendPlainText);
serviceProxy.SetClientCredential(token);
serviceProxy.SetPolicy("ClientPolicy");
stringresult=serviceProxy.HelloWorld();

You can use:serviceProxy.SetClientCredential(token);
WSE3.0 will help you set your uername and password in the soap header.
This a sample I made:
Files/frank_xl/WSE3UserNameTokenWithPolicyCodedByFrankXuLei.rar

You can take a reference.

Regards

---

Frank Xu Lei--谦卑若愚，好学若�?
专注�?NET平台下分布式应用系统开发和企业应用系统集成
Focus on Distributed Applications Development and EAI based on .NET
欢迎访问老徐的中文技术博客：Welcome to My Chinese Technical Blog
欢迎访问微软WCF中文技术论坛：Welcome to Microsoft Chinese WCF Forum
欢迎访问微软WCF英文技术论坛：Welcome to Microsoft English WCF Forum

Hi!!

thanks for your help

but I tried using UsernameToken and setting setClientCredentail as you wrote but not worked, I don't know why. I could resolved by SecureMessage event dispatched by SendSecurityFilter derived class

public override void SecureMessage(SoapEnvelope envelope, Security security)

{

// Sign SOAP.

security.Tokens.Add(clientToken);

// Add UserName Token

security.Tokens.Add(

new UsernameToken("80123100", "admin123", PasswordOption.SendPlainText));

security.Elements.Add(

new MessageSignature(clientToken));

// Encrypt SOAP.

//security.Elements.Add(new EncryptedData(serverToken));

//security.Elements.Add(new EncryptedData(serverToken, "#" + clientToken.Id));

RequestState state = new RequestState(clientToken, serverToken);

envelope.Context.OperationState.Set(state);

}

SOAP message added this:

<wsse:Username>80123100</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin123</wsse:Password><wsse:Nonce>KaovFujxtlP4jrR6A8tb9A==</wsse:Nonce><wsu:Created>2009-09-22T19:11:24Z</wsu:Created></wsse:UsernameToken>


but now my problem is Oracle Web Services is not interpreting something (maybe timestamp) and I couldn't remove programatically timestamp not even using ProcessMessage event

I added a new question, about it, thanks so much

Hi
You can ste you uername and password using token: as following:
ServiceWseserviceProxy=newServiceWse();
UsernameTokentoken=newUsernameToken("FrankXu","123456789",PasswordOption.SendPlainText);
serviceProxy.SetClientCredential(token);
serviceProxy.SetPolicy("ClientPolicy");
stringresult=serviceProxy.HelloWorld();

You can use:serviceProxy.SetClientCredential(token);
WSE3.0 will help you set your uername and password in the soap header.
This a sample I made:
Files/frank_xl/WSE3UserNameTokenWithPolicyCodedByFrankXuLei.rar

You can take a reference.

Regards

---

Frank Xu Lei--谦卑若愚，好学若�?
专注�?NET平台下分布式应用系统开发和企业应用系统集成
Focus on Distributed Applications Development and EAI based on .NET
欢迎访问老徐的中文技术博客：Welcome to My Chinese Technical Blog
欢迎访问微软WCF中文技术论坛：Welcome to Microsoft Chinese WCF Forum
欢迎访问微软WCF英文技术论坛：Welcome to Microsoft English WCF Forum

Hi!!

thanks for your help

but I tried using UsernameToken and setting setClientCredentail as you wrote but not worked, I don't know why. I could resolved by SecureMessage event dispatched by SendSecurityFilter derived class

public override void SecureMessage(SoapEnvelope envelope, Security security)

{

// Sign SOAP.

security.Tokens.Add(clientToken);

// Add UserName Token

security.Tokens.Add(

new UsernameToken("80123100", "admin123", PasswordOption.SendPlainText));

security.Elements.Add(

new MessageSignature(clientToken));

// Encrypt SOAP.

//security.Elements.Add(new EncryptedData(serverToken));

//security.Elements.Add(new EncryptedData(serverToken, "#" + clientToken.Id));

RequestState state = new RequestState(clientToken, serverToken);

envelope.Context.OperationState.Set(state);

}

SOAP message added this:

<wsse:Username>80123100</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">admin123</wsse:Password><wsse:Nonce>KaovFujxtlP4jrR6A8tb9A==</wsse:Nonce><wsu:Created>2009-09-22T19:11:24Z</wsu:Created></wsse:UsernameToken>


but now my problem is Oracle Web Services is not interpreting something (maybe timestamp) and I couldn't remove programatically timestamp not even using ProcessMessage event

I added a new question, about it, thanks so much