1

I have a webservice that that uses message layer security with X.509 certificates in WSE 3.0. The service uses a X509v3 policy to sign various elements in the soapheader.

I need to do some custom checks on the certificates so I've tried to implement a custom X509SecurityTokenManager and added a section in web.config.

When I call the service with my Wseproxy I would expect a error (NotImplementedException) but the call goes trough and, in the example below, "foo" is printed at the console.

The question is: What have missed? The binarySecurityTokenManager type in web.config matches the full classname of RDI.Server.X509TokenManager. X509TokenManager inherits from X509SecurityTokenManager (altough methods are just stubs).

using System;
using System.Xml;
using System.Security.Permissions;
using System.Security.Cryptography;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Security.Tokens;

namespace RDI.Server
{

[SecurityPermissionAttribute(SecurityAction.Demand,Flags = SecurityPermissionFlag.UnmanagedCode)]
public class X509TokenManager : Microsoft.Web.Services3.Security.Tokens.X509SecurityTokenManager
{
    public X509TokenManager() : base()
    {
        throw new NotImplementedException("Stub");
    }

    public X509TokenManager(XmlNodeList configData) : base(configData)
    {
        throw new NotImplementedException("Stub");
    }

    protected override void AuthenticateToken(X509SecurityToken token)
    {
        base.AuthenticateToken(token);
        throw new NotImplementedException("Stub");
    }
}
}

The first few lines of my web.config, edited for brevity

<?xml version="1.0"?>
  <configuration><configSections><section name="microsoft.web.services3" type="..." />
  </configSections>
  <microsoft.web.services3>
    <policy fileName="wse3policyCache.config" />
    <security>
      <binarySecurityTokenManager>
        <add type="RDI.Server.X509TokenManager" valueType="http://docs.oasis-open.org/..." />
      </binarySecurityTokenManager>
    </security>
  </microsoft.web.services3>`

(Btw, how do one format xml nicely here at stackoverflow?)

Administration.AdministrationWse test = new TestConnector.Administration.AdministrationWse();

X509Certificate2 cert = GetCert("RDIDemoUser2");
X509SecurityToken x509Token = new X509SecurityToken(cert);
test.SetPolicy("X509");
test.SetClientCredential(x509Token);

string message = test.Ping("foo");

Console.WriteLine(message);

I'm stuck at .NET 2.0 (VS2005) for the time being so I presume WCF is out of the question, otherwise interoperability isn't a problem, as I will have control of both clients and services in the system.

4

2 回答 2

1

问题出在其他地方。我的服务器项目是一个网络应用程序,某些选项不适用于仅适用于网站的网络应用程序。所以我做了一个小型网站项目并比较了 web.configs 并注意到有些行有所不同。

这些行在网站 web.config 中,但不在我的其他项目中

  <soapServerProtocolFactory type="Microsoft.Web.Services3.WseProtocolFactory, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  <soapExtensionImporterTypes>
    <add type="Microsoft.Web.Services3.Description.WseExtensionImporter, Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </soapExtensionImporterTypes>

添加这些行后,我得到了预期的错误。

于 2008-09-18T12:31:59.197 回答
0

我知道不是特别有建设性的建议,但如果我是你,我会尽快离开 WSE3.0。今年早些时候,我们做了一些工作,试图让它与 WCF 和 Java 客户端互操作,但它是一个过时的 KNIGHTMARE。

另一方面,WCF 实际上是理智的,关于此类领域的文档非常好。这对你来说是一个选择吗?

于 2008-09-17T09:59:33.410 回答