none
Understand wsdl RRS feed

  • Question

  • Someone pls help me understand this wsdl
    
            <?xml version="1.0" encoding="UTF-8"?>
        <soap11:address location="https://12.23.28.113:9047/MHService"/></wsdl:port></wsdl:service>
        <wsp:Policy wsu:Id="policy0" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:AsymmetricBinding xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:InitiatorToken>
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:X509Token>
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:WssX509V3Token11/></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:X509Token></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:InitiatorToken>
        <sp:RecipientToken>
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:X509Token>
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:WssX509V3Token11/></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:X509Token></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:RecipientToken>
        <sp:AlgorithmSuite>
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:TripleDesRsa15/></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:AlgorithmSuite></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:AsymmetricBinding>
        <sp:SignedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                            
        <sp:Body/>
                        </sp:SignedParts>
        <sp:EncryptedParts xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
                            
        <sp:Body/>
                        </sp:EncryptedParts></wsp:All></wsp:ExactlyOne></wsp:Policy>
        <wsp:Policy wsu:Id="policy1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsp:ExactlyOne>
        <wsp:All>
        <dpe:summary xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702" xmlns:dpe="http://www.datapower.com/extensions">
            
        <dppolicy:domain xmlns:dppolicy="http://www.datapower.com/policy">
              http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702
            </dppolicy:domain>
            
        <description>
              Implements WS Security Policy 1.2 - UsernameToken 1.0 support
            </description>
          </dpe:summary>
        <sp:SupportingTokens xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:UsernameToken sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
        <wsp:Policy>
        <wsp:ExactlyOne>
        <wsp:All>
        <sp:WssUsernameToken10/></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:UsernameToken></wsp:All></wsp:ExactlyOne></wsp:Policy></sp:SupportingTokens></wsp:All></wsp:ExactlyOne></wsp:Policy></wsdl:definitions>
    
    
    
     
    
    
    
    
    
    This is what I gathered
    1) asymmetric binding
    2) The two binary security tokens do not have Includetokenalways.Also what is this Include all, include one.. in the policy
    3) usernametoken is madatory
    4) Body needs to be signed and encrypted.

    Thank you


    sunDisplay

    Saturday, May 11, 2013 8:34 PM

All replies

  • Hi,

    It is hard to understand just based on a wsdl, you can consider create a service or create a wcf proxy to call the service utilize the wsdl.

    http://stackoverflow.com/questions/950150/how-to-use-a-wsdl-file-to-create-a-wcf-service-not-make-a-call

    http://stackoverflow.com/questions/945620/how-to-use-a-wsdl-file-to-create-a-wcf-proxy

    And there are some document below which can help you to understand WSDL, hope they can help you.

    #Web Services Description Language (WSDL) 1.1

    http://www.w3.org/TR/wsdl

    #Understanding WSDL

    http://msdn.microsoft.com/en-us/library/ms996486.aspx

    #Understanding Web Services Policy

    http://msdn.microsoft.com/en-us/library/ms996497.aspx

    Best Regards.


    Haixia
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, May 13, 2013 8:38 AM
    Moderator
  • Hi Haixia Xie,


    Thank  you for the reply. This is complicated topic although I am understanding it. 

    I am trying to  figure out the kinda of security binding I would need. It is  a custom binding for sure. I would need a usertoken with nonce+ 2 binary security tokens.

    Currently this is the custom binding I have


      private Binding GetCustomBinding()
            {
                //TransportSecurityBindingElement s = SecurityBindingElement.CreateUserNameOverTransportBindingElement();
    
               TransportSecurityBindingElement secBE = SecurityBindingElement.CreateCertificateOverTransportBindingElement(MessageSecurityVersion.WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10);
                secBE.EndpointSupportingTokenParameters.Signed.Add(new UserNameSecurityTokenParameters { InclusionMode = SecurityTokenInclusionMode.Never, RequireDerivedKeys = false });          
                TextMessageEncodingBindingElement textEncBE = new TextMessageEncodingBindingElement(MessageVersion.Soap11WSAddressingAugust2004, System.Text.Encoding.UTF8);
                HttpsTransportBindingElement httpsBE = new HttpsTransportBindingElement();
                httpsBE.RequireClientCertificate = true;
    
                CustomBinding myBinding = new CustomBinding();
                myBinding.Elements.Add(secBE);
                myBinding.Elements.Add(textEncBE);
                myBinding.Elements.Add(httpsBE);
    
                return myBinding;



    Currently this produces the followind soap xml

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:a="http://schemas.xmlsoap.org/ws/2004/08/addressing"
     xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
     <s:Header><a:Action s:mustUnderstand="1"/><a:MessageID>urn:uuid:b7030e28-39a6-4f40-b588-d26c340648b6</a:MessageID
     ><ActivityId CorrelationId="c482cc91-9386-49ee-b1d7-5c6ed7c85804" xmlns="http://schemas.microsoft.com/2004/09/ServiceModel/Diagnostics">45cc4b16-c17e-485f-acd5-bceb41f29ae1
     </ActivityId><a:ReplyTo><a:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</a:Address>
     </a:ReplyTo>
     <VsDebuggerCausalityData xmlns="http://schemas.microsoft.com/vstudio/diagnostics/servicemodelsink"
     <--Removed--></VsDebuggerCausalityData>
     <a:To s:mustUnderstand="1" u:Id="_1">https://service100.emedny.org:9047/MHService</a:To>
     <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <u:Timestamp u:Id="_0"><u:Created>2013-05-13T13:43:53.357Z</u:Created><u:Expires>2013-05-13T13:48:53.357Z</u:Expires></u:Timestamp>
     <o:UsernameToken u:Id="uuid-26bb949e-f8b5-427d-8b42-434b9ca707e1-1"><o:Username>LMWard</o:Username>
     <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Cardon0319</o:Password>
     <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">
     <--remove-->=</o:Nonce>
     <o:Created>2013-05-13T08:43:53.417Z</o:Created>
     </o:UsernameToken>
     <o:BinarySecurityToken u:Id="uuid-26bb949e-f8b5-427d-8b42-434b9ca707e1-2" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3">
    <--removed-->
    </o:BinarySecurityToken>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference URI="#_0"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>c87iV+2WP0yNEh0Gn+jaz3evu9s=</DigestValue></Reference><Reference URI="#_1">
    <Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>xTn6sy2K1/vb0KlJtPmiq9l1E5Q=</DigestValue></Reference>
    </SignedInfo>
    <SignatureValue>
    <--remove->
    </SignatureValue>
    <KeyInfo><o:SecurityTokenReference>
    <o:Reference URI="#uuid-26bb949e-f8b5-427d-8b42-434b9ca707e1-2"/>
    </o:SecurityTokenReference></KeyInfo></Signature></o:Security>
    </s:Header><s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    <getEligibility xmlns="http://org/emedny/mhs/"><input><transData>
    <--Removed-->
    </transData>
    </input></getEligibility></s:Body></s:Envelope>

    This is how the sample looks like

    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:mhs="http://org/emedny/mhs/" xmlns:urn="urn:hl7-org:v3">
    <soapenv:Header>
    <wsse:Security soap:mustUnderstand="1" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
    <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d">MIICeDCC....(eMedNY signed user MLS cert).......</wsse:BinarySecurityToken>
    <wsse:BinarySecurityToken ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685">MIIDFj.....( eMedNY MLS web-service end-point public cert)........</wsse:BinarySecurityToken>
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-970e9a80-00cc-4c86-8ec4-3ba16e029a5b">
    <wsse:Username>....your_username.....</wsse:Username>
    <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">.....your_plaintext_password....</wsse:Password>
    <wsse:Nonce>KNyu6MsXCkTg4DDyvwvEiw==</wsse:Nonce>
    <wsu:Created>2010-09-15T18:00:30Z</wsu:Created>
    </wsse:UsernameToken>
    <xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
    <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
    <wsse:SecurityTokenReference>
    <wsse:Reference URI="#SecurityToken-c0cc2cd4-cb77-4fa5-abfa-bd485afd1685" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    </wsse:SecurityTokenReference>
    </KeyInfo>
    <xenc:CipherData>
    <xenc:CipherValue>gpBAWt91pdwhKva............</xenc:CipherValue>
    </xenc:CipherData>
    <xenc:ReferenceList>
    <xenc:DataReference URI="#Enc-0641b860-b16d-4941-91c0-d60bece67794"/>
    </xenc:ReferenceList>
    </xenc:EncryptedKey>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference URI="#Id-f10674fd-b999-47c9-9568-c11fa5e5405b">
    <Transforms>
    <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    </Transforms>
    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
    <DigestValue>wRUq.........</DigestValue>
    </Reference>
    </SignedInfo>
    <SignatureValue>tBSsaZi........</SignatureValue>
    <KeyInfo>
    <wsse:SecurityTokenReference>
    <wsse:Reference URI="#SecurityToken-e00c8062-83d2-4f04-88fc-996218e7bb3d" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    </wsse:SecurityTokenReference>
    </KeyInfo>
    </Signature>
    </wsse:Security>
    </soapenv:Header>
    <soapenv:Body wsu:Id="Id-f10674fd-b999-47c9-9568-c11fa5e5405b" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <xenc:EncryptedData Id="Enc-0641b860-b16d-4941-91c0-d60bece67794" Type="http://www.w3.org/2001/04/xmlenc#Content" xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
    <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
    <xenc:CipherData>
    <xenc:CipherValue>SQsTCAK6ZaVhojB8+Y.........</xenc:CipherValue>
    </xenc:CipherData>
    </xenc:EncryptedData>
    </soapenv:Body>
    </soapenv:Envelope>

    1) If you see, my request has only one binary security token. The soap sample  has 2 binary security token tags. I wasn't sure how important the binary security token tag is. So I looked at the wsdl. wsdl has a 'Asymmetric Binding' although it does not have 'Include to Recipient always'.

    So my question finally is this.

    1) Do I need to user asymmetric binding here. Doesn't asymmetric binding need my private key in both user certificate + server certificate.My server certificate doesn't have a private key.  I tried using Asymmetric.createmutualcertificate(...) as the security element but it keeps erroring that the server certificate has no private key.

    2) Why would I have the server certificates private key?.

    3) Also my body is not encrypted or signed .

    Thank you for reading. Hopefully this week I will be able to get  a good response from them




    sunDisplay

    Monday, May 13, 2013 2:00 PM