Web Services Architecture的目的
1、基于基本的Web Services
2、满足企业级应用的需求Secure、reliable and transacted Web services
3、保留Web Services得以成功的优点 Interoperability Ability to be implemented Add no more complexity than needed
这篇主要介绍WSE通过安全证书(Policy File)构建安全Web Service
一、先定义安全证书(Policy File)
二、使用专有的Web service安全证书特性
具体步骤
1、在vs2005中开一个Web Service项目
2、运行WSE Settings 3.0 Tool
3、通过WSE Settings 3.0 Tool打开Web Service项目的web.config
4、选中Enable this project for web Service Enhancements
5、选择Policy并Add,填写你证书的名字,我现在是使用ServicePolicy名称然后下一步
6、然后的的向导界面就要重点讲述下在第一个选择项是标注你选择的服务还是客户,在第二个选择项中有四个选项
选项 |
说明 |
Anonymous |
不需要要求客户证书 |
Username |
需要包含用户名和密码的Usernametoken的安全令牌 |
Certificate |
需要发送含有X509SecurityToken的安全令牌的X.509证书 |
Windows |
需要发送含有KerberosToken的windows身份认证 |
7、选择SOAP头的类型
选项 |
说明 |
None |
SOAP消息应当在传输层(SSL协议)提供保护,WSE在传输层(SSL协议)不提供保护。 |
Sign-Only |
SOAP消息必须签名 |
Sign and Encrypt |
SOAP消息必须签名和SOAP消息体加密 |
Sign, Encrypt, Encrypt Signature |
SOAP消息必须签名、消息体签名加密 |
8、完成
就能根据您的配置生成以下配置文件
<policies>
<extensions>
<extension name="kerberosSecurity"
type="Microsoft.Web.Services3.Design.KerberosAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="kerberos"
type="Microsoft.Web.Services3.Design.KerberosTokenProvider, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="ServicePolicy">
<kerberosSecurity establishSecurityContext="false" signatureConfirmation="false" protectionOrder="SignBeforeEncrypting" deriveKeys="false">
<protection>
<request signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp, IncludeSoapBody"
encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies> 9、应用在Web Service
using System;
using System.Web;
using System.Web.Services;
using System.Web.Services.Protocols;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Design;
[WebService(Namespace = "http://www.contoso.com/")]
[WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)]
[Policy("ServicePolicy")]
public class Service : System.Web.Services.WebService
{
public Service () {
}
[WebMethod]
public string SayHello() {
return "Hello World";
}
} 小结
现在主要是建立服务器端的Policy File,以及使用,下次就介绍关于客户端建立Policy File以及使用