Start with enabling WSE 3, and enably the policy. Do this in the web.config file
<configSections>
<section name="microsoft.web.services3"
type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</configSections>
<system.web>
<compilation debug="true">
<assemblies>
<add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
</assemblies>
</compilation>
<webServices>
<soapExtensionImporterTypes>
<add type="Microsoft.Web.Services3.Description.WseExtensionImporter,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</soapExtensionImporterTypes>
<soapServerProtocolFactory
type="Microsoft.Web.Services3.WseProtocolFactory,Microsoft.Web.Services3,
Version=3.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
</webServices>
</system.web>
<microsoft.web.services3>
<policy fileName="wse3policyCache.config" />
<tokenIssuer>
<statefulSecurityContextToken enabled="false" />
</tokenIssuer>
</microsoft.web.services3>
Add the Policy file and configure the Policy: add a config file to your project, ‘FileName.config’, then add the following tags to it:
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<policy name="KerberosService">
<authorization>
<allow user="MawhibaAkram" />
<deny role="*" />
</authorization>
<kerberosSecurity establishSecurityContext="true"
renewExpiredSecurityContext="true" requireSignatureConfirmation="false"
messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"
requireDerivedKeys="true" ttlInSeconds="300">
<protection>
<request
signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="true" />
<response signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="true" />
<fault signatureOptions="IncludeAddressing, IncludeTimestamp,
IncludeSoapBody"
encryptBody="false" />
</protection>
</kerberosSecurity>
<requireActionHeader />
</policy>
</policies>
Apply the policy on the web service: by adding the following code before the service class:
[Policy("KerberosService")]
Credit for this goes to Akrumooz.
https://www.codeproject.com/Articles/27554/Authentication-in-web-services-using-C-and-Kerbero
Check the link for more info.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…