Add a Kerberos authentication to existing WebService in asp.net c#

Question

There is an existing WebService that connects to the proxy server and I need to add a Kerberos authentication policy into it.

I know there existing topics about Kerberos authentication but can anyone share some code snippets on how to add Kerberos authentication on a WebService?

Almost all Kerberos topics just discuss how the Kerberos authentication works. Thanks in advance.

Answer 1

Start with enabling WSE 3, and enably the policy. Do this in the web.config file

<configSections>
  <section name="microsoft.web.services3" 

    type="Microsoft.Web.Services3.Configuration.WebServicesConfiguration,
         Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
         PublicKeyToken=31bf3856ad364e35" />
</configSections>

<system.web>

  <compilation debug="true">
    <assemblies>
      <add assembly="Microsoft.Web.Services3, Version=3.0.0.0,
Culture=neutral, PublicKeyToken=31BF3856AD364E35" />
    </assemblies>
  </compilation>

  <webServices>
    <soapExtensionImporterTypes>
      <add type="Microsoft.Web.Services3.Description.WseExtensionImporter,
                    Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
                    PublicKeyToken=31bf3856ad364e35" />
    </soapExtensionImporterTypes>
    <soapServerProtocolFactory 

      type="Microsoft.Web.Services3.WseProtocolFactory,Microsoft.Web.Services3,
            Version=3.0.0.0,Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
  </webServices>
</system.web>

<microsoft.web.services3>
  <policy fileName="wse3policyCache.config" />
  <tokenIssuer>
    <statefulSecurityContextToken enabled="false" />
  </tokenIssuer>
</microsoft.web.services3>

Add the Policy file and configure the Policy: add a config file to your project, ‘FileName.config’, then add the following tags to it:

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
  <policy name="KerberosService">
    <authorization>
      <allow user="MawhibaAkram" />
      <deny role="*" />
    </authorization>
    <kerberosSecurity establishSecurityContext="true"

    renewExpiredSecurityContext="true" requireSignatureConfirmation="false"

    messageProtectionOrder="SignBeforeEncryptAndEncryptSignature"

    requireDerivedKeys="true" ttlInSeconds="300">
      <protection>
        <request 

           signatureOptions="IncludeAddressing, IncludeTimestamp, 
                             IncludeSoapBody" 

           encryptBody="true" />
        <response signatureOptions="IncludeAddressing, IncludeTimestamp, 
                                    IncludeSoapBody" 

                  encryptBody="true" />
        <fault signatureOptions="IncludeAddressing, IncludeTimestamp, 
                                 IncludeSoapBody" 

               encryptBody="false" />
      </protection>
    </kerberosSecurity>
    <requireActionHeader />
  </policy>
</policies>

3. Apply the policy on the web service: by adding the following code before the service class:

   [Policy("KerberosService")]

Credit for this goes to Akrumooz.

https://www.codeproject.com/Articles/27554/Authentication-in-web-services-using-C-and-Kerbero

Check the link for more info.