Why WSE2.0 hands-on lab examples not working?

blurgal

Member
Joined
Sep 24, 2005
Messages
9
Programming Experience
Beginner
Dear friends,
I am a newbie in Web Service Security. Therefore I downloaded the WSE2.0 hands-on lab to learn how to write secure web service. I followed all the steps precisely from the lab manual but it didnt work. Thus I resorted instead to try run the samples given together with the manual. But also didnt work. Here are the codes below. Please some kind hearted people explain to me wht has gone wrong? Please teach me. I need help desperately as I need to learn this thing fast.
ViewInvoices.asmx(this is the web service codes)
Imports System
Imports System.Net
Imports System.Data
Imports System.Xml
Imports System.Web.Services
Imports Microsoft.Web.Services2
Imports Microsoft.Web.Services2.Security
Imports Microsoft.Web.Services2.Security.Tokens

<WebService([Namespace]:="http://tempuri.org/invoices")> _
Public Class ViewInvoices
Inherits WebService
<WebMethod()> _
Public Function View() As DataSet
Dim tok As UsernameToken = WseSecurityHelpers.GetUsernameToken(RequestSoapContext.Current)
If Not tok.Principal.IsInRole(String.Format("{0}\User", Dns.GetHostName())) Then
Throw New Exception("access denied")
End If
Dim ds As New DataSet
Dim r = New XmlNodeReader(InvoiceManager.doc)
ds.ReadXml(r)
Return ds
End Function 'View
End Class 'ViewInvoices

WseSecurityHelpers.vb( This is the file that is needed for the ViewInvoices.asmx)
Public Class WseSecurityHelpers

Public Shared Function GetUsernameToken(ByVal context As SoapContext) As UsernameToken
CheckForSignature(context)
CheckForEncryption(context)
If context Is Nothing Then
Throw New Exception("Only SOAP requests are permitted.")
End If
If context.Security.Tokens.Count = 0 Then
Throw New SoapException("Missing security token", SoapException.ClientFaultCode)
Else
Dim tok As UsernameToken
For Each tok In context.Security.Tokens
Return tok
Next tok
Throw New Exception("UsernameToken not supplied")
End If
End Function 'GetUsernameToken

Public Shared Sub CheckForSignature(ByVal context As SoapContext)
If context Is Nothing Then
Throw New Exception("Only SOAP requests are permitted.")
End If
If context.Security.Elements.Count = 0 Then
Throw New SoapException("Missing signature", SoapException.ClientFaultCode)
End If
Dim foundSignature As Boolean = False
Dim se As ISecurityElement
For Each se In context.Security.Elements
If TypeOf se Is MessageSignature Then
foundSignature = True
End If
Next se
If Not foundSignature Then
Throw New SoapException("Missing signature", SoapException.ClientFaultCode)
End If
End Sub 'CheckForSignature
Public Shared Sub CheckForEncryption(ByVal context As SoapContext)
If context Is Nothing Then
Throw New Exception("Only SOAP requests are permitted.")
End If
If context.Security.Elements.Count = 0 Then
Throw New SoapException("Encryption required", SoapException.ClientFaultCode)
End If
Dim foundEncryption As Boolean = False
Dim se As ISecurityElement
For Each se In context.Security.Elements
If TypeOf se Is EncryptedData Then
foundEncryption = True
End If
Next se
If Not foundEncryption Then
Throw New SoapException("Encryption required", SoapException.ClientFaultCode)
End If
End Sub 'CheckForEncryption
End Class 'WseSecurityHelpers
Public Class MyUsernameTokenManager
Inherits UsernameTokenManager
Protected Overrides Function AuthenticateToken(ByVal token As UsernameToken) As String
Dim roles As New ArrayList
Select Case token.Username
Case "admin"
roles.Add(String.Format("{0}\User", Dns.GetHostName()))
roles.Add(String.Format("{0}\Vendor", Dns.GetHostName()))
roles.Add(String.Format("{0}\Manager", Dns.GetHostName()))
roles.Add(String.Format("{0}\Accounting", Dns.GetHostName()))
token.Principal = New GenericPrincipal(New GenericIdentity(token.Username), roles.ToArray(GetType(String)))
Case "aaron"
roles.Add(String.Format("{0}\User", Dns.GetHostName()))
roles.Add(String.Format("{0}\Accounting", Dns.GetHostName()))
token.Principal = New GenericPrincipal(New GenericIdentity(token.Username), roles.ToArray(GetType(String)))
Case "mike"
roles.Add(String.Format("{0}\User", Dns.GetHostName()))
roles.Add(String.Format("{0}\Manager", Dns.GetHostName()))
token.Principal = New GenericPrincipal(New GenericIdentity(token.Username), roles.ToArray(GetType(String)))
Case "vick"
roles.Add(String.Format("{0}\User", Dns.GetHostName()))
roles.Add(String.Format("{0}\Vendor", Dns.GetHostName()))
token.Principal = New GenericPrincipal(New GenericIdentity(token.Username), roles.ToArray(GetType(String)))
Case Else
MyBase.AuthenticateToken(token)
End Select
Return "password"
End Function 'AuthenticateToken
End Class 'MyUsernameTokenManager

//Then it has a client to invoke the web service. The codes for the login form is :
Public Token As UsernameToken = Nothing
Private Sub button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles button1.Click
Me.Token = New UsernameToken(Me.textBox1.Text, Me.textBox2.Text, PasswordOption.SendNone)
Me.Close()
End Sub 'button1_Click

// The codes in the InvoiceManagerForm
Private Sub ConfigureProxy(ByVal proxy As WebServicesClientProtocol)
proxy.RequestSoapContext.Security.Tokens.Add(login.Token)
Dim dk As New DerivedKeyToken(login.Token)
proxy.RequestSoapContext.Security.Tokens.Add(dk)
proxy.RequestSoapContext.Security.Elements.Add(New MessageSignature(dk))
proxy.RequestSoapContext.Security.Elements.Add(New EncryptedData(dk))
End Sub 'ConfigureProxy
Private Sub ViewInvoices()
Dim proxy As New ViewInvoicesWse
ConfigureProxy(proxy)
Dim ds As DataSet = proxy.View()
If ds.Tables.Count <> 0 Then
dataGrid1.SetDataBinding(proxy.View(), "Invoice")
Else
MessageBox.Show("There are no invoices to view.", "Invoices", MessageBoxButtons.OK, MessageBoxIcon.Information)
End If
End Sub 'ViewInvoices

Private Sub btnView_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles btnView.Click
Try
ViewInvoices()
Catch ex As Exception
MessageBox.Show(ex.Message, "Invoice Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
End Try
End Sub 'btnView_Click
After login: Eventhough when users provided their correct username and password and press view button to invoke ViewInvoices.asmx web services it will display this following error:
Microsoft.Web.Services2.Security.SecurityFault:The signature or decryption was invalid->
System.Security.Cryptography.CryptographicException:WSE523:The CipherData contents are invalid


According to the manual it directed us to create user accounts

Task 2 – Creating User Accounts and Groups

You need to setup up some local user accounts and groups to use in this part of the lab. You're going to create one group for each of the user types described above (e.g., User, Vendor, Manager, and Accounting) along with some user accounts assigned to the different groups.

· Open your local Computer Management utility (select Start | Control Panel | Administrative Tools | Computer Management).
· Navigate to System Tools | Local Users and Groups | Users.
· Create four new user accounts named admin, vick, mike, and aaron. You can use the same password for all of them to make things easier. Follow these steps for creating each account:
a. Select Action | New User.
b. Enter the user name (e.g., admin) and password (e.g., TechEd2004!)

*I followed everything and when I type in the username admin with password TechEd2004! it gave me the following error as stated above:


Why is this happening? Please someone help me!! Can anyone explain what have I done wrong? Pleaseeeeeeeeeeeeeeeeeeeeeeeeeee......


 
Back
Top