none
Alternative in .net 4.5 for RequestSoapContext and SoapContext from the Microsoft.Web.Service2 libraries. RRS feed

  • Question

  • Hi,

    I need help regarding old code using Microsoft.Web.Services dlls.

    I am working on an old asmx service project which is using a Microsoft.Web.Services2.RequestContext.Current to get the SoapContext and then the Tokens inside it through the soapContext.Security.Tokens list.

    Basically this is done to enumerate through the tokens and validate client certificates.

    I need to migrate the app to .net 4.5 but without converting to WCF.

    Is there an alternative to this code in .net 4.5?

    Below is the code:

     
    SoapContext reqContext = RequestSoapContext.Current;
    X509Certificate2 cert;
    try
    {
    if (reqContext.Security.Tokens.Count == 1) 
    {
       foreach (SecurityToken securityToken in reqContext.Security.Tokens) 
      {
        if (securityToken is X509SecurityToken) 
        {
         X509SecurityToken token = (X509SecurityToken) securityToken;
    
         cert = new X509Certificate2(token.RawData);
        }                        
      }
    }
    catch(Exception ex){
    throw new SecurityFault(string.Format("ClientCertValidation -> client request did not include a certificate.  Access Denied.", Context.Request.UserHostAddress), SecurityFault.FailedAuthenticationCode);
    }
    
    
    Thursday, July 25, 2013 9:59 AM

Answers

  • Hi Kirthi,

    It seems your original webservice code is using WSE for secure purpose. And WSE is no longer updated in .NET Framework 3.0 and later. Therefore, for .NET Framework 4.5 based application, you will have to migrate it to WCF if you want to continue use some WS-* security features. Or you can keep the web service built with .NET Framework 2.0 for WSE compatibility.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, August 1, 2013 3:49 PM
    Moderator

All replies

  • I basically have to delete the references to Microsoft.Web.Services2/3 dlls and replace all that functionality with the latest stuff. For eg: the X509Certificate from the Microsoft.web.services2 dll is now present in the System.Security.Cryptography.X509Certificates as X509Certificate2.

    Something like that for SoapContext and requestContext, or...

    if there is some other way to basically enumerate the certificate tokens present in the web service request context.

    Friday, July 26, 2013 8:48 AM
  • Hi Kirthi,

    It seems your original webservice code is using WSE for secure purpose. And WSE is no longer updated in .NET Framework 3.0 and later. Therefore, for .NET Framework 4.5 based application, you will have to migrate it to WCF if you want to continue use some WS-* security features. Or you can keep the web service built with .NET Framework 2.0 for WSE compatibility.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Thursday, August 1, 2013 3:49 PM
    Moderator
  • Hi Steven,

    Thanks for the reply!

    Would upgrading the project to .net 4.5 while still using WSE cause issues?

    Monday, August 5, 2013 6:11 AM
  • Thanks for your reply Kirthi,

    If you want to upgrade your project to .NET Framework 4.5, then here are the problems we might encounter:

    1) At source code level, since WSE is based upon previous version .NET Framework, so we will not be able to directly compile the WSE based webservice source code with .NET 4.5 (due to class library and dependencies changes).

    2) If you've already encapuslated your WSE specific code into a separate class library. Then, you will be able to upgrade your main project to .NET 4.5 and reference the WSE class library as external reference. However, when your main project's application executes at runtime, since the loaded CLR and Framework is targeting 4.5 version, any break-change (on the classes used by WSE) will cause the related code to fail.

     


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, August 5, 2013 7:46 AM
    Moderator