Final Steps for Security Optimization with Web Services

(Page 1 of 5 )

Last week's exercise discussed policies, which allow for greater automation of certain aspects of security. In this week's exercises, we will optimize security with secure conversation, and learn how to route secure messages. It is the fourth and final segment of a series of exercises from a lab titled "Web Services Enhancements 2.0: Security and Policy," written by MSDN Virtual Labs.

Exercise 4 Optimizing Security with Secure Conversation

Scenario

One of the issues with using certificates to sign and encrypt messages is that the asymmetric algorithms (based on public/private keys) are very expensive. When a sender and a receiver are going to exchange multiple messages over a period of time, it would be more efficient to derive a session key from a security context that can be used over and over again for a period of time, thus allowing for more efficient symmetric security algorithms to be used. WS-Trust and WS-SecureConversation are two specifications that outline how to implement this concept.

WSE 2.0 provides support for WS-Trust and WS-SecureConversation and it makes it very easy to get it up and running through policy statements. In this exercise, you're going to enable secure conversation using the WSE Security Settings Tool.

You'll be working in the Exercises\D\before directory.

        Tasks              Detailed steps

1. Return to Visual Studio .NET 2003. 
   
2. Click File | Open | Project.
   
3. Navigate to C:\Microsoft Hands-on-Lab\DEV-HOL34\VB\Exercises\D\before.
   
4. Open the SecConInvoice.sln in the before directory. This solution consists of two projects: SecConInvoiceClient and SecConInvoiceService. They are identical to the solutions from the previous exercise. All of the security features have been enabled through policy.
   
5. Right click on SecConInvoiceService in Solution Explorer and select WSE 2.0 Settings.
   
6. Go to the Policy tab in the WSE Settings Tool. 
   
7. You need to regenerate the policy statement for each endpoint listed in the Edit Application Policy section. Select the first endpoint listed in the box and click Replace. It will warn you that it's going to overwrite the existing policy. Accept this warning and continue. This will launch the WSE Security Setting Tool again.
   
8. Press Next and specify Secure a service application.
   
9. In the Secure Conversation section, check Use Secure Conversation.
   
10. Press Next and select Username for the client token type.
    
11. Press Next and enter the appropriate role for this endpoint (see Exercise 3 for more details).
    
12. Press Next and select the WSE2QuickStartServer certificate.
     
13. Press Next and Finish the wizard. 
    
14. Repeat this for each of the endpoints listed in the Edit Application Policy section. 
    
15. Press OK to close the WSE Settings Tool.
    
    Note: the service is now configured to use secure conversation. This will only be beneficial to clients that are also configured to use secure conversation. Next, we need to configure the client application the same way.
    
    

 

Next: Configuring the Client for Secure Conversation >>
 

More Visual Basic.NET Articles
More By MSDN Virtual Labs

Comments On: Final Steps for Security Optimization with Web Services

· We hope you found this lab from MSDN Virtual Labs to be entertaining and...   >>> Post your comment now!