|
|
|
start date: Tue, 7 Aug 2007 01:10:01 -0700,
posted on: microsoft.public.dotnet.framework.aspnet
back
| Thread Index |
|
1
patrickdrd
|
|
2
patrickdrd
|
|
3
patrickdrd
|
secure webservice
Hi everyone!
I have built a vb6 app that communicates with a web server to get data from
an webservice through the internet (not lan).
My question/problem is,
1) how could I make this webservice secure, so that only my vb6 app has
access to it and noone else?
Should I use WSE or WCF?
Well ok, but I have completely no idea on how to!
2) Should I enable ssl for this webservice, so that data is encrypted? How?
Please can somebody provide me with info/hints/tips/walkthrough on how to do
this?
Thanks in advance!
Date:Tue, 7 Aug 2007 01:10:01 -0700
Author:
|
RE: secure webservice
first of all, thank you very much for the interest!
I have already done the following steps:
(using http://www.codeproject.com/soap/wssecurity_usernametokens.asp as a
guide reference)
Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:
Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With
However I get either "access denied" (line:
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)
or access denied when trying to execute any method,
e.g. the following (test) one:
<WebMethod()> _
Public Function Hello() As String
' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If
' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"
End Function
Also, my customauthenticator class (referenced from the web service) is as
follows:
Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens
Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand)> _
Public Class CustomAuthenticator
Inherits UsernameTokenManager
' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String
If token Is Nothing Then
Throw New ArgumentNullException()
End If
' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If
End Function
End Class
End Namespace
I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!
(It's my first time writing a secure web service - newbie on the subject)
Date:Wed, 8 Aug 2007 07:26:01 -0700
Author:
|
RE: secure webservice
I have already done the following steps:
(using http://www.codeproject.com/soap/wssecurity_usernametokens.asp as a
guide reference)
Secured my web service using WSE 3.0 and tried to access the web service
using vb6 and soap,
with the following code:
Set g_objSoap = New MSSOAPLib.SoapClient
With g_objSoap
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL
.ConnectorProperty("AuthUser") = "wsuser"
.ConnectorProperty("AuthPassword") = "pass"
End With
However I get either "access denied" (line:
.mssoapinit http://ticketinsrv/dbws/service.asmx?WSDL)
or access denied when trying to execute any method,
e.g. the following (test) one:
<WebMethod()> _
Public Function Hello() As String
' Get the current soap context
Dim ctxt As SoapContext = RequestSoapContext.Current
If ctxt Is Nothing Then
' This request is using a different protocol other than SOAP.
Return "Please format the request as a SOAP request and try again."
End If
' Iterate through all Security tokens
For Each tok As SecurityToken In ctxt.Security.Tokens
If TypeOf (tok) Is UsernameToken Then
Dim user As UsernameToken = CType(tok, UsernameToken)
Return "Hello Authenticated user " + user.Username
End If
Next tok
Return "Hello Liar"
End Function
Also, my customauthenticator class (referenced from the web service) is as
follows:
Imports System
Imports System.Security.Permissions
Imports Microsoft.Web.Services3.Security.Tokens
Namespace WSESecurity
<SecurityPermissionAttribute(SecurityAction.Demand)> _
Public Class CustomAuthenticator
Inherits UsernameTokenManager
' Returns the password or password equivalent for a user name
Protected Overrides Function AuthenticateToken(ByVal token As
UsernameToken) As String
If token Is Nothing Then
Throw New ArgumentNullException()
End If
' perform a lookup in your database
' for the user name in 'token.Username'
' and return the password as a string.
' If there is no match, return null.
If token.Username = "wstest" Then
Return "pass"
Else
Return Nothing
End If
End Function
End Class
End Namespace
I can't figure out WTH goes wrong, so please, if anyone has any
idea/tips/suggestions please please HELP me!
(It's my first time writing a secure web service - newbie on the subject)
Date:Wed, 8 Aug 2007 07:26:02 -0700
Author:
|
|
|
