Usernametoken requirement in the policy file

Ask a Question related to ASP.NET Security, Design and Development.

  1. Nedu N #1

    Default Usernametoken requirement in the policy file

    Hi All,

    I have three questions while trying WSSE with .NET web services, and i
    appreciate your help.

    1). I want my web service to be configured to require usernametoken for
    authentication with a receive policy file. For signing and Encryption i am
    using X509 token and i am not using Usernametoken for this. i.e, I want to
    use usernametoken authentication with X509 signing and X509 encryption. I am
    not sure how to mention usernametoken requirment in the server side receive
    and client side policy files. I want my webservice to reject web requests if
    they are not coming with usernametokens for authentication. I don't want to
    do this within the code creating token on client and attaching to the soap
    header.

    2). Also i want tweak signing and encryption for testing sake like changing
    the signed message in-between and see the webservice rejecting the request
    on integrity violation.I know someway using TCPMON and curious to know if
    there are any other simple way to do this.

    3). And same way i want to tweak and test the encryption logic somehow.

    My policy file looks like following both on client side and server side.
    <?xml version="1.0" encoding="utf-8"?>

    <policyDocument xmlns="http://schemas.microsoft.com/wse/2003/06/Policy">

    <mappings xmlns:wse="http://schemas.microsoft.com/wse/2003/06/Policy">

    <mapDefault policy="#policy-e0e72048-bd00-4d6a-a064-67746b005d74" />

    </mappings>

    <policies xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">

    <wsp:Policy wsu:Id="policy-e0e72048-bd00-4d6a-a064-67746b005d74"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2002/12/policy">

    <wsse:Integrity wsp:Usage="wsp:Required"
    xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:TokenInfo>

    <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:TokenType>wsse:X509v3</wsse:TokenType>

    <wsse:Claims>

    <wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer </wsse:SubjectName>

    </wsse:Claims>

    </SecurityToken>

    </wsse:TokenInfo>

    <wsse:MessageParts
    Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
    ageParts>

    </wsse:Integrity>

    <wsse:Confidentiality wsp:Usage="wsp:Required"
    xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:KeyInfo>

    <SecurityToken xmlns="http://schemas.xmlsoap.org/ws/2002/12/secext">

    <wsse:TokenType>wsse:X509v3</wsse:TokenType>

    <wsse:Claims>

    <wsse:SubjectName>CN=MsdnWse2SecuritySamplesServer </wsse:SubjectName>

    </wsse:Claims>

    </SecurityToken>

    </wsse:KeyInfo>

    <wsse:MessageParts
    Dialect="http://schemas.xmlsoap.org/2002/12/wsse#part">wsp:Body()</wsse:Mess
    ageParts>

    </wsse:Confidentiality>

    </wsp:Policy>

    </policies>

    </policyDocument>



    Nedu N Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Policy file changes in Flash Player 9
      I have a form that sends mail (smtp) through a socket connection (actionscript), which I picked up here, http://www.bytearray.org/?p=27 Tested and...
    2. WebServices: Policy File Issues
      Still looking for an answer here too. Right now, we are looking at other ways around this issue, but in certain cases having a solution for this...
    3. How can i realize that the policy file is loadedsuccessfully
      i have a server that i have written with "java" and my flash client runs successfully in the localarea. But when i upload to my webserver flash...
    4. Cannot download zip file under Group Policy
      We have group policy from MS implemented and users cannot download and save a .zip file. If they "Open" it when clicking on it, there is no...
    5. XP Simple File Sharing and Group Policy
      Is there any way to disable the "Use Simple File Sharing" check box on XP Pro machines through the use of Group Policy in Active Directory? We have...
  2. [MSFT] #2

    Default RE: Usernametoken requirement in the policy file

    HI Nedu,

    Thank you for using the community. As I understand, you want to enforce the
    Usernametoken required in the web service. Regarding the issue, we need to
    modify the policy configration file to achieve this. For detail
    information, you may refer to following article:

    Web Services Security Policy Language (WS-SecurityPolicy)
    [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/[/url]
    html/ws-securitypolicy.asp

    Web Services Policy Framework (WS-Policy)
    [url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnglobspec/[/url]
    html/ws-policy.asp

    New Technologies Help You Make Your Web Services More Secure
    [url]http://msdn.microsoft.com/msdnmag/issues/03/04/WS-Security/default.aspx[/url]

    Hope this help,

    Luke
    Microsoft Online Support

    Get Secure! [url]www.microsoft.com/security[/url]
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)

    [MSFT] Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139