This week's book giveaway is in the Java 8 forum.
We're giving away four copies of Java 8 in Action and have Raoul-Gabriel Urma, Mario Fusco, and Alan Mycroft on-line!
See this thread for details.
The moose likes Web Services and the fly likes decrypting a soap response in .Net Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "decrypting a soap response in .Net" Watch "decrypting a soap response in .Net" New topic
Author

decrypting a soap response in .Net

gaurav abbi
Ranch Hand

Joined: Jan 05, 2007
Posts: 108
hi all,
this may not be the right place to ask this question, but i believe a java web service developer must have done this.
i've a web service written in java.
i'm testing its interoperability with .Net.
i'm able to sign, verify signature and encrypt using a .Net client.
the only point where i'm stuck is decrypting a soap response using .Net client.
i'm not finding any code sample for this on google.
also don't have much knowledge of .Net APIs
the MSDN topic for decryption is for web service part not for client part
please provide me some link or pointer if some one has done this earlier.
i'll be extremely helpful.


thanks,<br />gaurav abbi
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2906
Which one are you having a problem with?

Encrypting a SOAP Message

The write ups suggest that decryption happens automatically on the client side as long as the "base class that the proxy class derives from is Microsoft.Web.Services2.WebServicesClientProtocol".
Code (or a policy) only needs to be added to require that the contents is encrypted.

Provided all the username/password/tokens have been configured correctly (the client would need the private key token for decryption) the response message might look just different enough for the automatic decryption not to fire.

If this was my problem - I'd set up a simple service-client pair, both implemented in .NET, first very plain, adding encryption later (but no SSL/TLS). Once that works I would take a snapshot of the SOAP messages that are exchanged with something like Apache TCPMon (Tutorial) or java.net tcpmon.

Then I would try to slip in a Java implementation of the same web service. At this point it may work. If it doesn't, take snapshots of the SOAP request and response pairs and compare them to the .NET ones. There may be a difference in the response that is preventing the client from detecting the encrypted content. Once you have identified that difference you may be able to change the Java web service to emit the needed SOAP response.
[ May 13, 2008: Message edited by: Peer Reynders ]

"Don't succumb to the false authority of a tool or model. There is no substitute for thinking."
Andy Hunt, Pragmatic Thinking & Learning: Refactor Your Wetware p.41
gaurav abbi
Ranch Hand

Joined: Jan 05, 2007
Posts: 108
i tried adding a policy file, but i'm getting the same error i was getting before that.



there must be some way to specify the security token for decrypting a soap response because i'm able to add tokens for signing, signature verification and encryption.
but no code sample is available for decryption in a .Net client.

here is my policy file.


here is a part of soap response


i'm using the same token in policy file.
[ May 14, 2008: Message edited by: gaurav abbi ]
Peer Reynders
Bartender

Joined: Aug 19, 2005
Posts: 2906
Originally posted by gaurav abbi:



there must be some way to specify the security token for decrypting a soap response because i'm able to add tokens for signing, signature verification and encryption.


I would assume that the certificate has to be registered with the client.

How to: Make X.509 Certificates Accessible to WSE

The client would send the public key in the request, the server would encrypt the message with the public key. Then WSE would use the private key associated with the certificate to decrypt the message for you.

WSE 3 - How to decrypt a soap message using an x509?

The decryption step seems to be happening automagically,
....
So, I gather that the encrypted message is including the serial number of
the certificate, so that the server can find that certificate in the certificate manager to decrypt the message.
gaurav abbi
Ranch Hand

Joined: Jan 05, 2007
Posts: 108
hi Peer,
there's something wrong with the site.
i can't see any of posts for this topic except the previous one posted by me
papiar papiar
Greenhorn

Joined: May 25, 2009
Posts: 3
Hi gaurav,

I am also generating a client in .NET, but I have problems validating the signature of the web service security, could you tell me where did you find the information to do this or post your policy? You have to do your own class to verifya the signature?

Thanks
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: decrypting a soap response in .Net
 
Similar Threads
web services soap client
This weeks book giveaway
Is it possible to intercept a message ?
.Net Client for Axis Web services
testing java web services with dotnet