Title II

by Administrator 23. July 2009 04:51

'--------------------------------------------------------------------------
'
' Module:   WebServiceInvocation.vb
'
' Purpose:  This module contains code to assist in calling web services
'           that use Windows authentication, the NCES SDK, etc.
'
' Notes:
'
' Modification History:
'
' 07/14/2005, Jonathan Cochran
'    1) Original coding.
'
' 04/27/2006, Jonathan Cochran
'    1) Renamed the main procedure to ConfigureProxy.
'    2) Made all parameters to ConfigureProxy mandatory.  If they are all
'       always passed in, it will be easier to switch from one implementation
'       to another.
'
' 07/10/2006, Jonathan Cochran
'    1) Added a configuration option to specify the security protocol a
'       web service is called over (TLS, SSL, or none).
'
'
' Copyright 2005-2006
' Alion Science and Technology
'
' US Govt retains rights in accordance
' with DoD FAR Supp 252.227-7013.
'
'--------------------------------------------------------------------------

Imports mil.disa.nces.toolkit.domain.security.saml.token
Imports mil.disa.nces.toolkit.utils.securityengine
Imports Microsoft.Web.Services2.Security.Tokens
Imports System.Web.SessionState
Imports System.Net
Imports System.Security.Cryptography.X509Certificates


Module WebServiceInvocation

    '--------------------------------------------------------------------------
    '
    ' Procedure:  ConfigureProxy
    '
    ' Purpose:    This procedure will configure a web service proxy so the web
    '             service can be accessed when it is protected.
    '
    ' Parameters: vstrServiceQName      - The QName of the web service to call.
    '                                     This is used to uniquely identify a
    '                                     web service.
    '             robjWebServiceProxy   - The web service proxy to configure.
    '             vobjClientCertificate - The client certificate object.
    '             robjSession           - The user's session object.
    '
    ' Returns:    Nothing
    '
    ' Notes:
    '
    '    1) This procedure should be called immediately before a web service
    '       is called.  This is because:
    '       a) The NCES SDK global object (ToolkitSecurityContext) has a single
    '          configuration for all web services, rather than individual
    '          configurations for each web service.  Since different web
    '          services may have different needs, this procedure will need to
    '          be called before each web service call to make sure the
    '          ToolkitSecurityContext object is configured properly for the
    '          service being called.
    '       b) NCES Discovery may need to be called to find the current
    '          location of the web service.
    '       c) Currently the NCES SDK global object (ToolkitSecurityContext) is
    '          shared among all users to the web application.  Therefore, the
    '          end-user assertion needs to be set in the global object as close
    '          as possible to the web service call to try to avoid using
    '          another user's end-user assertion.
    '    2) A web service QName is:
    '       web service namespace + "#" + web service name
    '
    '--------------------------------------------------------------------------
    Sub ConfigureProxy( _
            ByVal vstrServiceQName As String, _
            ByRef robjWebServiceProxy As System.Web.Services.Protocols.SoapHttpClientProtocol, _
            ByVal vobjClientCertificate As System.Web.HttpClientCertificate, _
            ByRef robjSession As HttpSessionState)


        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
        ' Read settings for this service from Web.Config.
        '

        ' Determine the security protocol for this service.
        ' Setting Name: "WebService.SecurityProtocol@ServiceQName"
        ' Supported Values: "SSL3", "TLS", "None"
        ' Default Value: "None"
        Dim strSecurityProtocol As String
        strSecurityProtocol = System.Configuration.ConfigurationSettings.AppSettings("WebService.SecurityProtocol@" + vstrServiceQName)

        ' Determine the authentication method for this service.
        ' Setting Name: "WebService.Authentication.Method@ServiceQName"
        ' Supported Values: "Windows", "None"
        ' Default Value: "None"
        Dim strAuthentication_Method As String
        strAuthentication_Method = System.Configuration.ConfigurationSettings.AppSettings("WebService.Authentication.Method@" + vstrServiceQName)

        ' Determine if this service is protected by the NCES SDK.
        ' Setting Name: "WebService.NCES.Protected@ServiceQName"
        ' Supported Values: "True", "False"
        ' Default Value: "False"
        Dim strNCES_Protected As String
        Dim blnNCES_Protected As Boolean
        strNCES_Protected = System.Configuration.ConfigurationSettings.AppSettings("WebService.NCES.Protected@" + vstrServiceQName)
        If strNCES_Protected = "True" Then
            blnNCES_Protected = True
        Else
            blnNCES_Protected = False
        End If

        ' Determine if we are using Discovery to find this service.
        ' Setting Name: "WebService.NCES.UseDiscovery@ServiceQName"
        ' Supported Values: "True", "False"
        ' Default Value: "False"
        Dim strNCES_UseDiscovery As String
        Dim blnNCES_UseDiscovery As Boolean
        strNCES_UseDiscovery = System.Configuration.ConfigurationSettings.AppSettings("WebService.NCES.UseDiscovery@" + vstrServiceQName)
        If strNCES_UseDiscovery = "True" Then
            blnNCES_UseDiscovery = True
        Else
            blnNCES_UseDiscovery = False
        End If

        ' Determine if we are using address caching for this service (only applicable
        '  if we are using the NCES SDK and Service Discovery).
        ' Setting Name: "WebService.NCES.AddressCaching@ServiceQName"
        ' Supported Values: "True", "False"
        ' Default Value: "False"
        Dim strNCES_AddressCaching As String
        Dim blnNCES_AddressCaching As Boolean
        strNCES_AddressCaching = System.Configuration.ConfigurationSettings.AppSettings("WebService.NCES.AddressCaching@" + vstrServiceQName)
        If strNCES_AddressCaching = "True" Then
            blnNCES_AddressCaching = True
        Else
            blnNCES_AddressCaching = False
        End If
        ' We also can't do address caching if the Session object wasn't passed in.
        If robjSession Is Nothing Then
            blnNCES_AddressCaching = False
        End If

        '
        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''


        ' Configure the application to use the specified security protocol.
        Select Case strSecurityProtocol
            Case "SSL3"
                Net.ServicePointManager.SecurityProtocol = Net.SecurityProtocolType.Ssl3
            Case "TLS"
                Net.ServicePointManager.SecurityProtocol = Net.SecurityProtocolType.Tls
            Case "None"
                ' Nothing extra to do.
            Case Else
                ' Nothing extra to do.
        End Select

        ' Configure security settings for the proxy so this service can be accessed.
        Select Case strAuthentication_Method

            Case "Windows"

                robjWebServiceProxy.Credentials = System.Net.CredentialCache.DefaultCredentials

            Case "ClientCertificate"

                ' NOTE: This option is not supported yet.
                'Dim objCertificate As System.Security.Cryptography.X509Certificates.X509Certificate
                'objCertificate = System.Security.Cryptography.X509Certificates.X509Certificate.CreateFromCertFile("")
                'robjWebServiceProxy.ClientCertificates.Add(objCertificate)

            Case "None"

                ' Nothing extra to do.

            Case Else

                ' Nothing extra to do.

        End Select

        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
        ' Perform Trust Override for webservices invocation. (NOTE.
        ' this will ignore invalid server certificates when calling the
        ' webservices)
        '
        System.Net.ServicePointManager.CertificatePolicy = New MyPolicy

        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
        ' Perform processing necessary for the NCES SDK.
        '


        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
        ' Use Service Discovery to find the address of this service.
        '

        ' The address to use for this service.
        Dim strServiceAddress As String
        strServiceAddress = ""

        ' The Session variable used to store the address for this
        '  service (if address caching is used).
        Dim strServiceURLSessionVar As String
        strServiceURLSessionVar = "WebService.CachedURL." + vstrServiceQName

        ' Find the cached location of the service.
        If blnNCES_AddressCaching Then
            If CStr(robjSession(strServiceURLSessionVar)) <> "" Then
                strServiceAddress = CStr(robjSession(strServiceURLSessionVar))
            End If
        End If

        ' Use Service Discovery to find the address of this service.
        ' This is done either if we are not using address caching, or if we are
        '  using address caching but we haven't obtained the address for this
        '  service yet.  However, it is only done if the setting in Web.Config
        '  said to use Discovery.
        'VS2008x If blnNCES_UseDiscovery And strServiceAddress = "" Then

        'VS2008x Dim objInquiryService As New InquiryService_Proxy
        'VS2008x Dim objRequest As New mil.disa.nces.toolkit.domain.discovery.request.GetServiceByQName
        'VS2008x Dim objResponse As mil.disa.nces.toolkit.domain.discovery.Service

            ' Specify the QName of this service for the Discovery request.
            ' The QName is "Namespace#ServiceName".
        'VS2008x objRequest.serviceQName = vstrServiceQName ' ex: "urn:nces:security:0.3:service:CertificateValidationService#CertificateValidationService"

            ' Get the address of this service.
        'VS2008x objResponse = objInquiryService.getServiceByQName(objRequest)

            ' If a valid response came back, extract the address for the first
            '  returned binding.
        'VS2008x If Not IsNothing(objResponse) Then

        'VS2008x strServiceAddress = objResponse.bindings(0).accessPoint

        ' If we are doing address caching, save the address for later use.
        'VS2008x If blnNCES_AddressCaching Then
        'VS2008x robjSession(strServiceURLSessionVar) = strServiceAddress
        'VS2008x End If

        'VS2008x     End If

        'VS2008x         End If

        ' Set the address for this service if found.  If not found, the service
        '  will retain its initially set address.
        If strServiceAddress <> "" Then
            robjWebServiceProxy.Url = strServiceAddress
        End If

        '
        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''


        'VS2008x If blnNCES_Protected Then

        ' Set the security token for invocation (this is the end-user token to
        '  specify who is calling the service, not who digitally signs the
        '  request).
        ' This only needs to be done if we have an end-user certificate for
        '  which to create a token.
        'VS2008x If Not vobjClientCertificate Is Nothing Then

        'VS2008x If vobjClientCertificate.IsPresent Then

        'VS2008                    Dim samlToken As SecurityToken
        'VS2008x ToolkitSecurityContext.ResetCurrentSecurityContext()
        'VS2008                    samlToken = SAMLAssertionToken.CreateX509AuthenticationAssetion(vobjClientCertificate.Subject)
        'VS2008                    ToolkitSecurityContext.CurrentSecurityContext.SetSecurityTokenForInvocation(samlToken)

        'VS2008x End If

        'VS2008x End If

        'VS2008x Else

        ' TODO: If the NCES SDK is enabled for this project, but we need to call a
        '       service that is not protected by the NCES SDK, settings will have to
        '       be made to ToolkitSecurityContext to prevent digitally signing the
        '       SOAP message, etc.  To do this, we would need a setting saying whether
        '       the NCES SDK filters are in place (unless we can obtain that information
        '       from already existing sources).  I think following are the options that
        '       would need to be set:
        '    If <USING_NCES> Then
        '        ToolkitSecurityContext.CurrentSecurityContext.RequireSignatureForInvocation = False
        '        ToolkitSecurityContext.CurrentSecurityContext.CollectInputSecurityTokensDisabled = True
        '        ToolkitSecurityContext.CurrentSecurityContext.CallCertificateValidationServiceDisabled = True
        '    End If

        'VS2008x End If

        '
        ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''

Tags:

Title One

by xrealty 23. July 2009 04:34

Welcome to Adobe® Reader® 8 ReadMe file. Adobe Reader is the free viewing companion for Adobe applications that produce Adobe Portable Document Format (Adobe PDF) files. To create, enhance, review, edit, and share information in Adobe PDF files, learn more about Adobe Acrobat 8 Professional and Adobe Acrobat 8 Standard by visiting www.adobe.com/products/acrobat. System requirements Make sure that your system meets the minimum requirements to run Adobe Reader 8 for Windows®: Intel® Pentium® III or equivalent processor Microsoft® Windows XP with Service Pack 2 (Professional, Home, or Tablet PC Editions), Windows® 2000 with Service Pack 4 128 MB of RAM (256 MB recommended) 170 MB of available hard disk space 800 x 600 screen resolution (1024 x 768 recommended) Internet Explorer 6 September 18, 2006 Legal notices © 2006 Adobe Systems Incorporated. All rights reserved. www.xflatfeemls.net

 Adobe, Acrobat, and Adobe Reader are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. Windows is a registered trademark of Microsoft Corporation in the United States and/or other countries. Apple, Mac OS, and Safari are trademarks of Apple Computer, Inc. registered in the United States and other countries. All other trademarks are the property of their respective owners. Adobe Systems Incorporated, 345 Park Avenue, San Jose, California 95110, USA

Tags:

RecentComments

Comment RSS