Since I have to develop the web services that return some credential results, WSE 3.0 is the solution they suggested me.
The basic concept of WSE 3.0 is there is a connection between web site and web service that makes it unable to be called directly via URL.
The instruction to Declare Security and Policy by WSE 3.0
NOTE: Make sure that you already installed WSE3.0 (runtime) to your server both WebSite and Web Service and WSE3.0 (Visual Studio Developer) on your developing machine.
At WebService Side:
-Check Your Web Service comes from New Web Site->ASP.NET Web Service
-Install WSE 3.0
-Open Solution of VS2005
- Check out the project of Web Service
-Right click at the project of Web Service
-Click WSE Settings 3.0 (at the buttom)
-In General tab, check Enable the project for Web Services Enhancements
-Check Enable Microsoft Web Services Enhancements Soap Protocol Factory
-In Diasnostics tab, Check Enable Message Trace
-Click OK button
-Check your web.config, is it added section tag with microsoft.web.services3
-Deploy your Web Service
-Try to call your web service via web browser (optional)
At WebSite:
-Check your Web Site project
-Right Click at WebSite project
-Click at WSE Settings 3.0
-In General tab, check Enable the project for Web Services Enhancement
-Update your web service
-Rebuild your project
-Test that your web is still able to call your web service
- If ok, now it's a step to set the policy.
At WebService Side:
-Right click at web service project
-Click at WSE Settings 3.0
-In Policy tab, check Enable Policy
-Click Add button
-Type your Policy Name
-Click OK
-Click Next
-Do you want to secure a service or a client?, Select Secure a service application
-Choose Client Authentication Method, for me I choose Username
-Click Next
-Click Next
-Uncheck Establish Secure Session
-Click Next
-Click Select Certificate button, if any
-Click Next
-The summary message appears, click Finish
-Now you will get [yourPolycy]Cache.config file
-Open your dot vb file of Web Service
-Under WebServiceBinding tag, add Policy tag => //Policy("YourPolicyName")> _
At WebSite:
-Right click at you project
-Click at WSE Settings 3.0
-In Policy tab, enable policy
-Add Policy
-Click OK button
-Click Next button
-Select Secure a client application
-Select authentication mode, for me I use username
-Click Next button
-Enable Perform Authorization
-Add User or Add Role
Note: if you want to use the local user or local group as the role you can see the instruction at
http://natttech.blogspot.com/2009/02/lets-talk-about-windows-server-2003.html
-Uncheck the Establish Secure Session
-Click Next button
-Select Certificate, if any
-Click Finish button
-Click OK button
-Open you dot vb file that call the Web Service
-Modify it, for example, this is my old one before modification,
[VB.Net]
Dim ServiceGetResult As New MyWeb.Business.GetResult.NATTService
change to
[VB.Net]
Dim ServiceGetResult As New MyWeb.Business.GetResult.NATTService
ServiceGetResult.SetClientCredential(Of UsernameToken)(New UsernameToken("NATTusername", "NATTpassword", PasswordOption.SendHashed))
'NATTusername and NATTpassword are your username and password.
ServiceGetResult.SetPolicy("NATT Client Policy")
'NATT Client Policy is my WebSite Policy name.
hidResult.Value = ServiceGetResult.GetResultByID(txtID.Text)
At Web Service:
Because I want to check the role of user/Web Site that call the method of my web service, so I have to add the authorize function to my web service code.
-Open your dot vb file of your web service
-Add imports System.Security.Principal
-Add imports Microsoft.Web.Services3.Security.Tokens
-Add Authorization() function
[VB.Net]
Private Sub Authorization(ByVal inputRole As String)
Dim pPrincipal As IPrincipal = RequestSoapContext.Current.Credentials.UltimateReceiver.GetClientToken(Of UsernameToken)().Principal
If Not pPrincipal Is Nothing And p.IsInRole(role) Then
Return
Else
Throw New SoapException("Access denied.", New XmlQualifiedName("Authorization"))
End If
End Sub
-Add Authorization("YourRoleName") inside your method before doing anything
Note that YourRoleName is the username or role name that you specified in WSE setting.
-Deploy your web service
At WebSite:
-Update your Web Service
Now only the user or member of role group that you specified will be juct a group that can use that method of your web service.
No comments:
Post a Comment