Working with WS-Security


When it comes to SOAP security, the SOAP standard doesn’t provide much in the way of guidance. The standard essentially says that you’re on your own and need some form of extension (see http://www.w3c.org/TR/2003/PR-soap12-part1-20030507/#secconsiderations for details). Many developers use encryption to secure sensitive data. They send the encrypted data as a Base64 encoded payload in the SOAP message.

Tip

The SOAP Security Extensions can provide essential security and are a good alternative to WS-Security. It’s important to know about this option as you consider the security of your Web services application. You can learn more about the W3C SOAP Security Extensions at http://www.w3.org/TR/SOAP-dsig/.

Fortunately, Microsoft provides the necessary extension in the form of the Web Services Development Kit (WSDK). You may also see the Microsoft Web sites use Web Services Enhancements (WSE) in place of WSDK. Because WSE seems to be the most popular name as of this writing, the chapter will use WSE. No matter what Microsoft is calling this product this week, you can download it at http://msdn.microsoft.com/webservices/building/wse/default.aspx. After you install the product on your machine, you’ll have a new Microsoft.WSDK namespace on your system that encapsulates a number of technologies, including WS-Security. Note that you can download an associated settings tool at http://microsoft.com/downloads/details.aspx?familyid=E1924D29-E82D-4D9A-A945-3F074CE63C8B&displaylang=en.

You have to make two separate downloads to gain access to this tool. First, you need to download and install WSE. Second, you need to download and install the WSE Settings Tool. Once you spend some time with the WSE Settings Tool, you’ll understand why it’s a required addition and wonder why Microsoft didn’t make it part of the main download.

After you perform the installation, start a new project. The WSE Settings Tool documentation isn’t very clear on where the tool comes into play, but you can use it on any project that relies on a Web service. This includes desktop applications. To activate the tool, open your Web services project, right-click the project name in Solutions Explorer, and choose WSE Settings from the context menu. You’ll see the Web Services Enhancements Settings dialog box shown in Figure 11.5.

click to expand
Figure 11.5: Use the Web Services Enhancements Settings dialog box to make configuring WSE easier.

You’ll also notice there’s a decided lack of documentation—nothing appears on the Start menu, nor is it available within Visual Studio .NET. Look in the \Program Files\ Microsoft WSE\v1.0.2312\Unsupported\WseSettings folder of your machine and you’ll find an innocuous looking README.HTM file. This file provides you with a complete description of all the pages on the Web Services Enhancements Settings dialog box.




.Net Development Security Solutions
.NET Development Security Solutions
ISBN: 0782142664
EAN: 2147483647
Year: 2003
Pages: 168

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net