c# pdf417 Secure Web Services with WS-Security in C#

Maker PDF-417 2d barcode in C# Secure Web Services with WS-Security

6
PDF417 Maker In Visual C#.NET
Using Barcode generator for VS .NET Control to generate, create PDF 417 image in VS .NET applications.
www.OnBarcode.com
PDF 417 Scanner In Visual C#
Using Barcode reader for .NET framework Control to read, scan read, scan image in .NET framework applications.
www.OnBarcode.com
Clearly, this is a lot of additional overhead for the Web service to handle, compared to delivering an unsecured response. But keep in mind that encryption-based security generally creates less overhead compared to other types of binary tokens, such as UsernameToken security tokens, because less code is required on the client and Web service combined. And if your Web service implements a WS-Policy framework, then you will need to write even less code. (WS-Policy is the subject of 7.) Listing 6-13 shows the code that is required to accomplish Steps 1 through 4 listed previously. Listing 6-13. Encrypt a SOAP Response Message Based on the Certificate Used to Digitally Sign the Incoming SOAP Request Message
Barcode Maker In C#
Using Barcode creator for .NET Control to generate, create Barcode image in .NET framework applications.
www.OnBarcode.com
PDF-417 2d Barcode Encoder In Visual C#
Using Barcode creation for Visual Studio .NET Control to generate, create PDF 417 image in Visual Studio .NET applications.
www.OnBarcode.com
using System.Web.Services.Protocols; using System.Web.Services.Description; using System.Xml.Serialization; using Microsoft.Web.Services2; using Microsoft.Web.Services2.Security; using Microsoft.Web.Services2.Security.Tokens; using Microsoft.Web.Services2.Security.X509; using System.Security.Permissions; using StockTraderTypes; [WebMethod()] public Quote RequestQuote(string Symbol) { SoapContext requestContext = RequestSoapContext.Current; SoapContext responseContext = ResponseSoapContext.Current; // Get the signing certificate X509SecurityToken token = GetEncryptionToken(requestContext); if( token != null ) { // Encrypt the response with the key in the request. responseContext.Security.Elements.Add( new EncryptedData( token ) ); } else { throw new ApplicationException("Unable to retrieve the encrypting certificate." ); }
QR-Code Encoder In Visual C#
Using Barcode generator for VS .NET Control to generate, create QR Code ISO/IEC18004 image in .NET framework applications.
www.OnBarcode.com
Drawing 2D Barcode In Visual C#.NET
Using Barcode creation for VS .NET Control to generate, create Matrix Barcode image in Visual Studio .NET applications.
www.OnBarcode.com
Secure Web Services with WS-Security
Encoding UPC-A Supplement 2 In C#
Using Barcode maker for .NET Control to generate, create UPC-A Supplement 5 image in .NET applications.
www.OnBarcode.com
4-State Customer Barcode Generator In Visual C#
Using Barcode encoder for Visual Studio .NET Control to generate, create USPS OneCode Solution Barcode image in Visual Studio .NET applications.
www.OnBarcode.com
// Step 2: Create a new Quote object, but only populate if signature is valid Quote q = new Quote(); // Generate the quote (code not shown) } return q; // Return a Quote object } private X509SecurityToken GetEncryptionToken(SoapContext requestContext) { X509SecurityToken x509token = null; // Look for a digital signature, which contains the token that the Web Service // will use for encrypting the response if ( requestContext.Security.Tokens.Count > 0 ) { // // Check for a Signature that signed the soap Body and uses an x509 token. // foreach ( ISecurityElement element in requestContext.Security.Elements ) { MessageSignature signature = element as MessageSignature; // The signature we seek signed the soap Body if ( signature != null && (signature.SignatureOptions & SignatureOptions.IncludeSoapBody) != 0 ) { x509token = signature.SigningToken as X509SecurityToken; if ( x509token != null ) { // Return the certificate for encrypting the response // if it is capable of encryption X509Certificate cert = x509token.Certificate; if ( !cert.SupportsDataEncryption ) { // return x509token; // Reset x509token to null, so it does not get used x509token = null; } } } } } return x509token; }
PDF417 Generator In Visual C#.NET
Using Barcode creator for .NET Control to generate, create PDF 417 image in .NET applications.
www.OnBarcode.com
PDF417 Drawer In VS .NET
Using Barcode drawer for Reporting Service Control to generate, create PDF-417 2d barcode image in Reporting Service applications.
www.OnBarcode.com
6
Printing PDF417 In Java
Using Barcode generation for Android Control to generate, create PDF417 image in Android applications.
www.OnBarcode.com
Drawing QR Code In None
Using Barcode printer for Office Word Control to generate, create Denso QR Bar Code image in Microsoft Word applications.
www.OnBarcode.com
This code listing not surprisingly shares many similarities to several of the previous listings. The biggest difference is within the GetEncryptionToken Web method, which loops through the available digital signatures and then extracts the certificate-based security token that was used to sign the request. This is just another means of retrieving the public key that is needed for encrypting the SOAP response message. Alternatively, you could have written code that retrieves the public key directly from the Web service s Local Computer certificate store. The Web service code for encrypting the SOAP response message is no different from the code you have already seen in the client for encrypting SOAP request messages. Programmatically, the Web service method appends the certificate-based security token to the security elements collection, and then continues processing the requested operation. The WSE infrastructure then processes the encryption of the resulting SOAP response message. Once the client receives the response, it will have no trouble decrypting it as long as it still has access to the original certificate. And it is likely that the client will since it originally used this same certificate to encrypt the request message.
ECC200 Recognizer In None
Using Barcode scanner for Software Control to read, scan read, scan image in Software applications.
www.OnBarcode.com
Printing UPC A In Java
Using Barcode generator for Android Control to generate, create UPC-A Supplement 5 image in Android applications.
www.OnBarcode.com
Final Thoughts on Security Authentication and Encryption
Generate Barcode In Java
Using Barcode maker for Java Control to generate, create Barcode image in Java applications.
www.OnBarcode.com
PDF 417 Creation In Java
Using Barcode drawer for BIRT Control to generate, create PDF-417 2d barcode image in Eclipse BIRT applications.
www.OnBarcode.com
Encryption technology is a complicated field that presents a wide variety of options for end users. You can choose between symmetric and asymmetric encryption, and between a wide variety of acceptable encryption algorithms. Microsoft Windows Server 2003 provides built-in capabilities for certificate generation, and allows you to set up your own personal Certificate Authority. This can be a useful and more affordable option than paying for an expensive certificate from an established Certificate Authority such as VeriSign, Inc. Of course, a certificate is only as trustworthy as the company that issues it, or as trustworthy as the company that it is generated for. As long as your clients trust you as a company, there is no reason you cannot act as a Certificate Authority. This capability to act as a Certificate Authority (CA) can be especially useful if you implement WS-Secure Conversation, which allows for a dynamic approach in setting up a trusted relationship between services and clients. Two or more services and clients basically agree to establish a trusted relationship with each other using a security token that is provided by an acceptable party. This party acts as the CA. By generating security tokens for the communication, this party is effectively vouching that all of the involved services and clients are trustworthy with respect to each other. Microsoft has published an excellent whitepaper on WS-Security that provides a detailed discussion of both WS-Security and WS-Secure Conversation, along with a number of excellent architecture diagrams. Please refer to the WS-Security 2.0 Drilldown article in the references list in the Appendix.
EAN13 Drawer In Java
Using Barcode drawer for Java Control to generate, create EAN-13 image in Java applications.
www.OnBarcode.com
Making PDF-417 2d Barcode In None
Using Barcode generation for Online Control to generate, create PDF417 image in Online applications.
www.OnBarcode.com
Generate EAN 13 In None
Using Barcode maker for Microsoft Excel Control to generate, create EAN13 image in Microsoft Excel applications.
www.OnBarcode.com
Quick Response Code Creator In Java
Using Barcode creation for Android Control to generate, create Quick Response Code image in Android applications.
www.OnBarcode.com
Copyright © OnBarcode.com . All rights reserved.