Click here to Skip to main content
15,891,657 members
Search within:


Articles / Web Development / ASP.NET
 

Secure Web Services via Message oriented Middleware

Rate me:
Please Sign up or sign in to vote.
4.96/5 (43 votes)
1 May 200372 min read 337K   821   198  
Describes an approach for delivery of Soap Messages serialised using ASP.NET Web Client Services over MSMQ and MQ
 
// --------------------------------------------------------------------------------
// Module:      WSESecurityProvider.cs
// Author:      Simon G
// Date:        11 October 2002
// Description: Type implementing two key interfaces for use by the Web Services
//				Development Kit (WSE):
//
//					IPasswordProvider		: to provide support for passed
//											  password matching against a given
//											  User Name,
//				and
//
//					IDecryptionKeyProvider	: to provide a symmetric key for
//											  decrypting a received SOAP body  
//
//
//				Each of these interfaces is made accessible via hooks in the
//				web.config file for the Web Service implementing WSE as follows:
//
//
//				1) WSE hooks the SOAP processing by adding the following to web.config
//
//				<configuration>
//					<system.web>
//		==>				<webServices>
//		==>					<soapExtensionTypes>
//		==>						<add type="Microsoft.Web.Services.WebServicesExtension, Microsoft.Web.Services, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" priority="1" group="0" />
//		==>					</soapExtensionTypes>
//		==>				</webServices>
//						...
//
//				2) WSE allows a calling hook for Password provision by adding the following to web.config
//
//					</system.web>
//					<microsoft.web.services>
//						<security>
//		==>					<passwordProvider type="WSAltRouteWSE.WSESecurityProvider, RegDotNetWS" />
//							<decryptionKeyProvider type="WSAltRouteWSE.WSESecurityProvider, RegDotNetWS" />
//						</security>
//					</microsoft.web.services>
//				</configuration>
//
//				3) WSE allows a calling hook for Decrption key provision by adding the following to web.config
//
//					</system.web>
//					<microsoft.web.services>
//						<security>
//							<passwordProvider type="WSAltRouteWSE.WSESecurityProvider, RegDotNetWS" />
//		==>					<decryptionKeyProvider type="WSAltRouteWSE.WSESecurityProvider, RegDotNetWS" />
//						</security>
//					</microsoft.web.services>
//				</configuration>
//
//				Setting the above allows WSE to call out to user-provided methods
//				to resolve the information required.  This is all done seemlessly
//				as part of the SOAP processing infrastructure i.e. before a line of
//				Web Services application code is executed.
//				
//				Off the back of either of the two hooks, the WSE infrastructue may
//				return a SOAPException indicating the security credentials could not
//				be authorized or authenticated.  A cient will need to handle this
//				appropriately.
//
// --------------------------------------------------------------------------------
// $Archive: <VSS Path To File>/WSESecurityProvider.cs $
// $Revision: 1 $ changed on $Date: 11 October 2002 01:10 $
// Last changed by $Author: Simon G $
// --------------------------------------------------------------------------------
using System;
using System.IO;							// For conversions
using System.Text;							// StringBuilder
using System.Security;						
using System.Security.Cryptography;			// Managed Crypto functions
using System.Security.Cryptography.Xml;		// KeyInfo
using Microsoft.Web.Services;
using Microsoft.Web.Services.Security;		// For WS-Security support
using System.Security.Permissions;			// For permissions


// --------------------------------------------------------------------------------
// Namespace:   WSCommon
// Author:      sgregory
// Date:        25 February 2002
// Description: 
// --------------------------------------------------------------------------------
namespace WSCommon
{
	/// <summary>WSAltRouteWSE.WSESecurityProvider</summary>
    /// <author>Simon G</author>
    /// <date>11 October 2002</date>
    /// <remarks>
    /// This class implements the following interfaces as defined in the Microsoft WSE for access of
    /// application specific information:
    /// 
    ///		IPasswordProvider		: to provide support for passed password matching against a given User Name,
    ///		IDecryptionKeyProvider	: to provide a symmetric key for decrypting a received SOAP body
    ///		
    /// </remarks>
	[SecurityPermission(SecurityAction.Demand, Flags=SecurityPermissionFlag.UnmanagedCode)]
    public class WSESecurityProvider : 
		ContextBoundObject, 
		IPasswordProvider, 
		IDecryptionKeyProvider
	{
		/// <summary>WSAltRouteWSE.WSESecurityProvider.GetPassword</summary>
        /// <author>Simon G</author>
        /// <date>11 October 2002</date>
        /// <remarks>
		/// One of the two main hooks in the WSE to allow the infratructure to be given application specific information.
        /// Returns the password given the 'User Name'.  A Web Service with a database back end may choose to
        /// scan for a password match.  In our situation things are much simpler....
        /// We simply need to recalculate the password, from the tickcount (our 'User Name' here)
        /// plus the Proxy User Name we share with RegDotNetAccess
        /// </remarks>
        /// <param name="vUserToken" type="UsernameToken">User Token as passed by the client</param>
        /// <returns type="string">Associated expected password</returns>
        /// <postconditions>Password returned</postconditions>
        public string GetPassword(
			UsernameToken vUserToken)
		{
			// Reconstruct password from User and Constant name known within
			// Client wrapper and here
			StringBuilder objSBPassword = new StringBuilder(128);
			objSBPassword.Append(vUserToken.Username);
			objSBPassword.Append(WSCommon.PROXY_USER_NAME);
			return objSBPassword.ToString();
		}


		/// <summary>WSAltRouteWSE.WSESecurityProvider.GetDecryptionKey</summary>
		/// <author>Simon G</author>
		/// <date>16 October 2002</date>
		/// <remarks>
		/// One of the two main hooks in the WSE to allow the infratructure to be given application specific information.
		/// This hook returns a Symmtric decryption key for use when decrypting the SOAP body of a passed message.
		/// The Symmtric Key defined within is used both by Client Proxy Wrapper (RegDotNetWS) and this Web Service.
		/// </remarks>
		/// <param name="vstrAlgorithmUri" type="string">Indicates the namespace context within which the KeyInfo is relevant</param>
		/// <param name="keyInfo" type="KeyInfo">Key Info</param>
		/// <returns type="Microsoft.WSE.Security.EncryptionKey">A symmetric key for use when decrypting the SOAP body</returns>
		/// <postconditions>Symmetric key generated using TripleDESCryptoServiceProvider</postconditions>
		public DecryptionKey GetDecryptionKey(
			string vstrAlgorithmUri,
			KeyInfo keyInfo)
		{
			// Let's try and find our KeyInfo
			foreach (KeyInfoClause clause in keyInfo)
			{
				if (clause is KeyInfoName)
				{
					if (((KeyInfoName)clause).Value == "WSAltRouteWSE KeyXfer")
					{
						// Creates an instance of a class deriving from
						// SymmetricAlgorithm. The TripleDESCryptoServiceProvider provides
						// an implenentation of the Triple DES algorithm.
						SymmetricAlgorithm algo = new TripleDESCryptoServiceProvider();

						// Defines the 128-bit secret key shared by this XML Web service and its clients.
						byte[] keyBytes = { 31, 8, 67, 16, 12, 68, 26, 12, 
											  98, 27, 5, 20, 01, 15, 2, 69 };
						// Defines the initialization vector for the algorithm.
						byte[] ivBytes =  { 9, 8, 1, 6, 2, 2, 9 };

						// Sets the 128-bit secret key for the Triple DES algorithm.
						algo.Key = keyBytes;

						// Sets the initialization vector for the Triple DES algoritm.
						algo.IV = ivBytes;

						// Creates a key that is used by the WSE to decrypt the
						// SOAP message.
						SymmetricDecryptionKey key = new SymmetricDecryptionKey( algo, keyBytes );

						// Give it back to WSE infrastructure
						return key;
					}
				}
			}

			// If we get here, we're in trouble since the symmetric key marker was not found
			return null;
		}
	}
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.

A list of licenses authors might use can be found here


Written By
Simon Gregory
Web Developer
United Kingdom United Kingdom
I am the Technical Director for Myphones.com, which specialises in developing integrated VoIP products and services for the consumer and SME markets. Technology-wise, we are heavily into the 2nd generation WS stack atop .NET, and basically most things Microsoft, as well as C++ on Linux.

Comments and Discussions

Permalink
Advertise
Privacy
Cookies
Terms of Use
Layout: fixed | fluid

Posted 23 Jan 2003

Article Copyright 2003 by Simon Gregory
Everything else Copyright © CodeProject, 1999-2024

Web02 2.8:2024-04-02:1