How to: Secure a Client Without Using a Policy File
The policy for a client can be specified in code when the deployment environment is known ahead of time and is not likely to change. Typically, it is more flexible to allow an administrator to define the policy for an application when it is deployed using a policy file, but WSE does allow you to specify the policy in code. For more details about securing a client using a policy file, see How to: Secure a Client Using a Policy File.
To secure a client without using a policy file
Open the Web service client project in Visual Studio 2005.
Add a reference to the Microsoft.Web.Services3 assembly.
- In Solution Explorer, right-click the project name, and then click Add Reference.
- Click the .NET tab, click Microsoft.Web.Services3.dll.
- Click OK to dismiss the dialog.
Add the Imports statements or using directives that are shown in the following code example to the top of the file for the new class.
Imports System Imports System.IO Imports System.Xml Imports System.Collections.Generic Imports System.Security.Cryptography.X509Certificates Imports System.Text Imports Microsoft.Web.Services3 Imports Microsoft.Web.Services3.Design
using System; using System.IO; using System.Xml; using System.Collections.Generic; using System.Security.Cryptography.X509Certificates; using System.Text; using Microsoft.Web.Services3; using Microsoft.Web.Services3.Design;
Specify the client and Web service's security credentials.
Use the SetClientCredential and SetServiceCredential methods to set the client and Web service's security credentials for the ultimate receiver, which has a SOAP actor of an empty string (""). To specify the security credentials for a different SOAP actor, use the SetCredentials method of the Credentials property. The SOAP actor is specified in the second parameter of the SetCredentials method.
The following code example specifies an X509SecurityToken for the client and the Web service.
' Specify the client's security credentials. proxy.SetClientCredential(X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=WSE2QuickStartClient")) ' Specify a security token for the Web service's security credentials. proxy.SetServiceCredential(X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My, "CN=WSE2QuickStartServer"))
// Specify the client's security credentials. proxy.SetClientCredential(X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=WSE2QuickStartClient")); // Specify a security token for the Web service's security credentials. proxy.SetServiceCredential(X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My, "CN=WSE2QuickStartServer"));
Define the policy for the Web service.
Create a new instance of the Policy class and add the policy assertions for the policy.
The following code example creates a new instance of the Policy class and adds the <mutualCertificate11Security> Element turnkey policy assertion to the policy.
' Create a new policy. Dim webServiceClientPolicy As New Policy() ' Specify that the policy uses the MutualCertificate11 turnkey security assertion. webServiceClientPolicy.Assertions.Add(New MutualCertificate11Assertion())
// Create a new policy. Policy webServiceClientPolicy = new Policy(); // Specify that the policy uses the MutualCertificate11 turnkey security assertion. webServiceClientPolicy.Assertions.Add(new MutualCertificate11Assertion());
Apply the policy to the SOAP message exchange by calling the SetPolicy method of the proxy class with the policy.
The following code example specifies the policy for the SOAP message exchange.
' Apply the policy to the SOAP message exchange. proxy.SetPolicy(webServiceClientPolicy)
// Apply the policy to the SOAP message exchange. proxy.SetPolicy(webServiceClientPolicy);
Example
The following code example specifies the policy for the SOAP message exchange in code without a policy file.
Imports System
Imports System.IO
Imports System.Xml
Imports System.Collections.Generic
Imports System.Security.Cryptography.X509Certificates
Imports System.Text
Imports Microsoft.Web.Services3
Imports Microsoft.Web.Services3.Design
...
Dim proxy As New ServiceWse()
' Specify the policy.
' Specify the client's security credentials.
proxy.SetClientCredential(X509TokenProvider.CreateToken(StoreLocation.CurrentUser, StoreName.My, "CN=WSE2QuickStartClient"))
' Specify a security token for the Web service's security credentials.
proxy.SetServiceCredential(X509TokenProvider.CreateToken(StoreLocation.LocalMachine, StoreName.My, "CN=WSE2QuickStartServer"))
' Create a new policy.
Dim webServiceClientPolicy As New Policy()
' Specify that the policy uses the MutualCertificate11 turnkey security assertion.
webServiceClientPolicy.Assertions.Add(New MutualCertificate11Assertion())
' Apply the policy to the SOAP message exchange.
proxy.SetPolicy(webServiceClientPolicy)
Console.WriteLine("Web Service returned: {0}", proxy.HelloWorld())
using System;
using System.IO;
using System.Xml;
using System.Collections.Generic;
using System.Security.Cryptography.X509Certificates;
using System.Text;
using Microsoft.Web.Services3;
using Microsoft.Web.Services3.Design;
...
ServiceWse proxy = new ServiceWse();
// Specify the policy.
// Specify the client's security credentials.
proxy.SetClientCredential(X509TokenProvider.CreateToken(StoreLocation.CurrentUser,
StoreName.My,
"CN=WSE2QuickStartClient"));
// Specify a security token for the Web service's security credentials.
proxy.SetServiceCredential(X509TokenProvider.CreateToken(StoreLocation.LocalMachine,
StoreName.My,
"CN=WSE2QuickStartServer"));
// Create a new policy.
Policy webServiceClientPolicy = new Policy();
// Specify that the policy uses the MutualCertificate11 turnkey security assertion.
webServiceClientPolicy.Assertions.Add(new MutualCertificate11Assertion());
// Apply the policy to the SOAP message exchange.
proxy.SetPolicy(webServiceClientPolicy);
Console.WriteLine("Web Service returned: {0}", proxy.HelloWorld());
See Also
Tasks
How to: Secure a Client Using a Policy File