• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

decrypting a soap response in .Net

 
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi all,
this may not be the right place to ask this question, but i believe a java web service developer must have done this.
i've a web service written in java.
i'm testing its interoperability with .Net.
i'm able to sign, verify signature and encrypt using a .Net client.
the only point where i'm stuck is decrypting a soap response using .Net client.
i'm not finding any code sample for this on google.
also don't have much knowledge of .Net APIs
the MSDN topic for decryption is for web service part not for client part
please provide me some link or pointer if some one has done this earlier.
i'll be extremely helpful.
 
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Which one are you having a problem with?

Encrypting a SOAP Message

The write ups suggest that decryption happens automatically on the client side as long as the "base class that the proxy class derives from is Microsoft.Web.Services2.WebServicesClientProtocol".
Code (or a policy) only needs to be added to require that the contents is encrypted.

Provided all the username/password/tokens have been configured correctly (the client would need the private key token for decryption) the response message might look just different enough for the automatic decryption not to fire.

If this was my problem - I'd set up a simple service-client pair, both implemented in .NET, first very plain, adding encryption later (but no SSL/TLS). Once that works I would take a snapshot of the SOAP messages that are exchanged with something like Apache TCPMon (Tutorial) or java.net tcpmon.

Then I would try to slip in a Java implementation of the same web service. At this point it may work. If it doesn't, take snapshots of the SOAP request and response pairs and compare them to the .NET ones. There may be a difference in the response that is preventing the client from detecting the encrypted content. Once you have identified that difference you may be able to change the Java web service to emit the needed SOAP response.
[ May 13, 2008: Message edited by: Peer Reynders ]
 
gaurav abbi
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
i tried adding a policy file, but i'm getting the same error i was getting before that.



there must be some way to specify the security token for decrypting a soap response because i'm able to add tokens for signing, signature verification and encryption.
but no code sample is available for decryption in a .Net client.

here is my policy file.


here is a part of soap response


i'm using the same token in policy file.
[ May 14, 2008: Message edited by: gaurav abbi ]
 
Peer Reynders
Bartender
Posts: 2968
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by gaurav abbi:



there must be some way to specify the security token for decrypting a soap response because i'm able to add tokens for signing, signature verification and encryption.



I would assume that the certificate has to be registered with the client.

How to: Make X.509 Certificates Accessible to WSE

The client would send the public key in the request, the server would encrypt the message with the public key. Then WSE would use the private key associated with the certificate to decrypt the message for you.

WSE 3 - How to decrypt a soap message using an x509?


The decryption step seems to be happening automagically,
....
So, I gather that the encrypted message is including the serial number of
the certificate, so that the server can find that certificate in the certificate manager to decrypt the message.

 
gaurav abbi
Ranch Hand
Posts: 108
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi Peer,
there's something wrong with the site.
i can't see any of posts for this topic except the previous one posted by me
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi gaurav,

I am also generating a client in .NET, but I have problems validating the signature of the web service security, could you tell me where did you find the information to do this or post your policy? You have to do your own class to verifya the signature?

Thanks
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic