none
Generated WSDL doesn't reflect the security binding RRS feed

  • Question

  • I'm performing the following test scenario:
    1. Manually edit a WSDL file to change the policy settings, namely change the EncryptedParts and the AlgorithmSuite
    2. Load this WSDL, get the Binding (via the ServiceEnpoint) and add a new ServiceEndPoint to the host
    3. View the generated automatically generated WSDL at (http://...?wsdl)

    According to my observations, the generated WSDL doesn't reflect the original WSDL. For example, if I change the AlgorithmSuite to Basic128 in the original file, I always get Basic256 on the generated file.
    I've observed the Binding object (obtained via the loaded WSDL) and the SymmetricSecurityBindingElement has defaultAlgorithmSuite equal to AES128 (wich corresponds to Basic128)


    Thanks

    Pedro Felix
    Friday, January 27, 2006 7:12 PM
    Moderator

Answers

  • Hi Pedro,

    We generate the EncryptedParts for application-level message parts in the WSDL policy section based on the protection level requirement that can be set using contract ProtectionLevel property on ServiceContract, OperationContract, FaultContract, MessageContract, MessageHeader and MessageBody attributes.

    You can have different EncryptedParts for input and output policies, but you have to change your contract in order to see it in the WSDL. We always generate EncryptedParts and SignedParts based on the contract definition.

    Hope this helps.

    Best regards,

    --Jan

    Thursday, March 16, 2006 6:34 PM

All replies

  • Hi Pedro,

    Could you please post your code for how you are adding the new endpoint to your host?

    Thanks.

    Daniel Roth

    Wednesday, February 1, 2006 11:10 PM
    Moderator
  • Sure (see code below).
    In the meanwhile I've discovered the following:
    • AlgorithmSuite is indeed changed (previously I was looking to the wrong AlgorithmSuite element). Sorry about that!
    • I've also done the following test
      • I've inserted an empty EncryptedParts in the input policy
      • I've keep the original EncryptedParts in the output policy (contains a Body element).
      • However the generated WSDL as a EncryptedParts element with a Body inside on both the input and output policy
    Thanks for your help and sorry for my mistake.
    Pedro
    --- Code ---
                
                // Create the service host
                sh = new ServiceHost(typeof(HomeRealmSTS),
                    new Uri("http://localhost:8080/FederationSample/HomeRealmSTS"));
               
                // Create a MetadataResolver pointing to the changed WSDL
                MetadataResolver mdr = new MetadataResolver(new EndpointAddress("http://localhost/metadata/homerealm.wsdl"));

                // Retrieve the endpoints
                ServiceEndpointCollection sec = mdr.RetrieveEndpointsUsingHttpGet();
                // For each endpoint, add it to the service host
                foreach (ServiceEndpoint ea in sec)
                {
                    sh.AddServiceEndpoint(typeof(ISecurityTokenService), ea.Binding, "http://localhost:8080/FederationSample/HomeRealmSTS/STS");
                    Console.WriteLine("New ServiceEndpoint added to host");
                }
                sh.Open();


    Thursday, February 2, 2006 4:49 PM
    Moderator
  • Pedro, is your problem solved, or are you still running into issues?

    Cheers,

    JJustice [MSFT]

    Thursday, February 2, 2006 8:57 PM
    Moderator
  • Well, not completely. I'm still detecting something odd.
    Based on a WSDL generated by the WCF I've done the following changes
    • In the input policy, I've deleted the Body element from the EncryptedParts assersion
    • I've keep the original EncryptedParts in the output policy (contains a Body element).
    Afterwards, I've created a new endpoint based on the modified WSDL.
    However the generated WSDL  for this new endpoint has a EncryptedParts element with a Body inside on both the input and output policy.
    I thought it was possible to have different EncryptedParts assersions on the input and output policies?

    Thanks for the cooperation

    Pedro

    Thursday, February 2, 2006 11:24 PM
    Moderator
  • Hi Pedro,

    We generate the EncryptedParts for application-level message parts in the WSDL policy section based on the protection level requirement that can be set using contract ProtectionLevel property on ServiceContract, OperationContract, FaultContract, MessageContract, MessageHeader and MessageBody attributes.

    You can have different EncryptedParts for input and output policies, but you have to change your contract in order to see it in the WSDL. We always generate EncryptedParts and SignedParts based on the contract definition.

    Hope this helps.

    Best regards,

    --Jan

    Thursday, March 16, 2006 6:34 PM