Click here to Skip to main content
15,881,938 members
Search within:


Articles / Web Development / HTML
 

Implementing WS-SecureConversation in Microsoft IssueVision

Rate me:
Please Sign up or sign in to vote.
4.61/5 (12 votes)
27 Sep 20056 min read 73.1K   776   38  
Adding secure communications to the Microsoft IssueVision sample application using WSE 2.0.
 
using System;
using System.ComponentModel;
using System.Data;
using System.Web.Services;
using System.Web.Services.Protocols;
using Microsoft.Web.Services2;
using Microsoft.Web.Services2.Security;
using Microsoft.Web.Services2.Security.Tokens;

namespace IssueVisionWebWseCS
{
	/// <summary>
	/// Summary description for IssueVisionServices.
	/// </summary>
	[WebServiceAttribute(Namespace="http://issueVision.org/IssueVisionWebWseCS/IssueVisionServices")]
	public class IssueVisionServices : System.Web.Services.WebService
	{
		public IssueVisionServices()
		{
			//CODEGEN: This call is required by the ASP.NET Web Services Designer
			InitializeComponent();
		}

		#region Component Designer generated code
		
		//Required by the Web Services Designer 
		private IContainer components = null;
				
		/// <summary>
		/// Required method for Designer support - do not modify
		/// the contents of this method with the code editor.
		/// </summary>
		private void InitializeComponent()
		{
		}

		/// <summary>
		/// Clean up any resources being used.
		/// </summary>
		protected override void Dispose( bool disposing )
		{
			if(disposing && components != null)
			{
				components.Dispose();
			}
			base.Dispose(disposing);		
		}
		
		#endregion

		// Retrieves the IssueVision lookup tables.
		[WebMethod(Description="Returns the lookup tables for IssueVision.")]
		public IVDataSet GetLookupTables()
		{
			SoapContext requestContext = RequestSoapContext.Current;

			// Reject any requests which are not valid SOAP requests
			Wse2HelperServer.VerifyMessageParts(requestContext);
			Wse2HelperServer.VerifyMessageSignature(requestContext);
			Wse2HelperServer.VerifyMessageEncryption(requestContext);

			// Check if the Soap Message is Signed with an SCT.
			SecurityContextToken sct = Wse2HelperServer.GetSigningToken(requestContext) as SecurityContextToken;
			if (sct == null)
			{
				throw new SoapException("The request is not signed with an SCT.", SoapException.ServerFaultCode, "Security");
			}

			// Use the SCT to sign and encrypt the response
			SoapContext responseContext = ResponseSoapContext.Current;
			responseContext.Security.Tokens.Add(sct);
			responseContext.Security.Elements.Add(new MessageSignature(sct));
			responseContext.Security.Elements.Add(new EncryptedData(sct));

			return new IVData().GetLookupTables();
		}

		// The first argument of the SendReceiveIssues method is a diffgram of 
		// changes only.  It's generated by dataset.GetChanges(), which returns 
		// an untyped dataset.  There's no need (or benefit) for this diffgram to 
		// be typed.
		[WebMethod(Description="Synchronize data by send and recieving from the remote client.")]
		public IVDataSet SendReceiveIssues(DataSet changedIssues, DateTime lastAccessed)
		{
			SoapContext requestContext = RequestSoapContext.Current;

			// Reject any requests which are not valid SOAP requests
			Wse2HelperServer.VerifyMessageParts(requestContext);
			Wse2HelperServer.VerifyMessageSignature(requestContext);
			Wse2HelperServer.VerifyMessageEncryption(requestContext);

			// Check if the Soap Message is Signed with an SCT.
			SecurityContextToken sct = Wse2HelperServer.GetSigningToken(requestContext) as SecurityContextToken;
			if (sct == null)
			{
				throw new SoapException("The request is not signed with an SCT.", SoapException.ServerFaultCode, "Security");
			}

			// Use the SCT to sign and encrypt the response
			SoapContext responseContext = ResponseSoapContext.Current;
			responseContext.Security.Tokens.Add(sct);
			responseContext.Security.Elements.Add(new MessageSignature(sct));
			responseContext.Security.Elements.Add(new EncryptedData(sct));

			return new IVData().SendReceiveIssues(changedIssues, lastAccessed);
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Weidong Shen
Software Developer (Senior)
United States United States
Weidong has been an information system professional since 1990. He has a Master's degree in Computer Science, and is currently a MCSD .NET

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 23 Jun 2005

Article Copyright 2005 by Weidong Shen
Everything else Copyright © CodeProject, 1999-2024

Web01 2.8:2024-04-02:1