Developing Web Services Developing Web Services Using ASP.NET and WSE Using ASP.NET and WSE That Interoperate with the That Interoperate with the Windows Communications Windows Communications Foundation ("Indigo")Foundation ("Indigo")

Mark FussellMark FussellCOM432COM432Lead Program ManagerLead Program ManagerMicrosoft CorporationMicrosoft Corporation

2

AgendaAgenda

Interoperability between .NET Web Interoperability between .NET Web servicesservices

Build an ASP.NET Web service that is Build an ASP.NET Web service that is Basic Profile 1.1 (BP) CompliantBasic Profile 1.1 (BP) Compliant

Secure an ASP.NET Web service with Secure an ASP.NET Web service with WSE 3.0 using message securityWSE 3.0 using message security

Build WCF clients that interoperate Build WCF clients that interoperate with ASP.NET and WSE Web services with ASP.NET and WSE Web services using standard and custom bindingsusing standard and custom bindings

3

.NET Web Services.NET Web ServicesASP.NET Web services implementation in ASP.NET Web services implementation in the .NET Frameworkthe .NET Framework

Supports WS-I Basic Profile (BP) 1.1 for simple Supports WS-I Basic Profile (BP) 1.1 for simple services with metadata supportservices with metadata supportDoesn’t implement WS-* specificationsDoesn’t implement WS-* specifications

WSE is an add-on to the .NET FrameworkWSE is an add-on to the .NET FrameworkImplements several WS-* specsImplements several WS-* specsAdds message security to ASP.NET Web services Adds message security to ASP.NET Web services and supports the Basic Security Profile (BSP) 1.0and supports the Basic Security Profile (BSP) 1.0WSE 3.0 to be released in Q4 2005WSE 3.0 to be released in Q4 2005

Windows Communication Foundation (WCF) is Windows Communication Foundation (WCF) is the next-generation implementation of Web the next-generation implementation of Web servicesservices

Provides a unified programming model for WS-* Provides a unified programming model for WS-* protocols, messaging, queuing, transactions, etc.protocols, messaging, queuing, transactions, etc.

4

Web Services ArchitectureWeb Services ArchitectureASP.NET Web ServicesASP.NET Web Services

Foundation

Applications & ApplicationInfrastructure

Transports

Connected Applications Managemen

t

BusinessProcess

…

Security

Messaging

XML

Meta

data

HTTP

TCP Custom

…

Reliability

Transactions

5

.NET Framework v2.0 Web .NET Framework v2.0 Web ServicesServicesWS-I Basic Profile Conformance WS-I Basic Profile Conformance

WebServiceBinding attributeWebServiceBinding attribute

[WebServiceBinding(ConformsTo=WsiProfiles.BasicProfile1_1, [WebServiceBinding(ConformsTo=WsiProfiles.BasicProfile1_1, EmitConformanceClaims=true)]EmitConformanceClaims=true)][WebService(Namespace="Microsoft.PDC.WebServices")][WebService(Namespace="Microsoft.PDC.WebServices")]public class BPConformance_asmx public class BPConformance_asmx { { [WebMethod] [WebMethod] public string HelloWorldBP() public string HelloWorldBP() {{

string message = "'Hello World' from a Basic Profilestring message = "'Hello World' from a Basic Profile compliant (BP-compliant) Web Service.";compliant (BP-compliant) Web Service.";

return message;return message; }  }  }}

6

ASP.NET Web services and Basic ASP.NET Web services and Basic Profile (BP) ConformanceProfile (BP) Conformance

7

ASP.NET Web Services to ASP.NET Web Services to WCF Interoperability WCF Interoperability GuidanceGuidance

EmbraceEmbraceBasic Profile (BP) conformanceBasic Profile (BP) conformance

.NET 2.0 is BP conformant by default.NET 2.0 is BP conformant by default

Use SOAP 1.1Use SOAP 1.1

KISS - Keep Interoperable Schemas KISS - Keep Interoperable Schemas SimpleSimple

AvoidAvoidrpc/encoded as not BP compliantrpc/encoded as not BP compliant

SOAP Extensions - harder to migrateSOAP Extensions - harder to migrate

8

Web Services ArchitectureWeb Services ArchitectureWeb Services Enhancements (WSE) 2.0 and 3.0Web Services Enhancements (WSE) 2.0 and 3.0

Foundation

Applications & ApplicationInfrastructure

Transports

Connected Applications Managemen

t

BusinessProcess

…

Security

Reliability

Transactions

Messaging

XML

Meta

data

HTTP

TCP Custom

…

9

WSE 3.0 Turnkey Security WSE 3.0 Turnkey Security ScenariosScenariosBased on industry best practicesBased on industry best practices

UsernameOverCertificateUsernameOverCertificate

AnonymousOverCertificateAnonymousOverCertificate

UsernameOverTransportUsernameOverTransport

Kerberos (Windows)Kerberos (Windows)

MutualCertificate andMutualCertificate andCertificateMutualAuthenticationProfileCertificateMutualAuthenticationProfile

10

Example Turnkey Security Example Turnkey Security ScenarioScenarioUsername Credentials with Server Certificate for Username Credentials with Server Certificate for ProtectionProtection

Application Application ServerServer

InternetInternet IntranetIntranet

Authenticate Authenticate username/ username/ PasswordPassword

Confidential, signedConfidential, signedrequest using a client keyrequest using a client keyprotected with theprotected with theserver certificateserver certificate

Confidential, signedConfidential, signedresponse using response using the supplied client keythe supplied client key

Username/Password Username/Password for Authenticationfor Authentication

11

Securing a Web service using Securing a Web service using WSE 3.0 Security PolicyWSE 3.0 Security Policy

12

WSE 3.0: The Road to WCFWSE 3.0: The Road to WCFWire level interoperable with WCFWire level interoperable with WCF

Support for interoperable security scenariosSupport for interoperable security scenarios

WSE turnkey policy security assertions are WSE turnkey policy security assertions are aligned with WCF security bindingaligned with WCF security binding

WSE 3.0 runs side-by-WSE 3.0 runs side-by-

side with WCFside with WCF

Migration and interoperabilityMigration and interoperability

guidance will beguidance will be

provided from WSE 3.0 provided from WSE 3.0

to WCFto WCF

13

WSE to WCF Interoperability WSE to WCF Interoperability GuidanceGuidanceEmbraceEmbrace

The ASMX guidanceThe ASMX guidance

Use WSE 3.0 for wire level interoperability Use WSE 3.0 for wire level interoperability with WCFwith WCF

HTTP transportHTTP transport

Turnkey Security Scenarios and policy (WSE Turnkey Security Scenarios and policy (WSE 3.0)3.0)

MTOM (WSE 3.0)MTOM (WSE 3.0)

AvoidAvoidTCP transport for interoperabilityTCP transport for interoperability

Custom transportsCustom transports

DIME (WSE 2.0)DIME (WSE 2.0)

14

Web Services ArchitectureWeb Services ArchitectureWCF Web ServicesWCF Web Services

Foundation

Applications & ApplicationInfrastructure

Transports

Connected Applications …

Security

Reliability

Transactions

Messaging

XML

Meta

data

HTTP

TCP Custom

…

Management

Business Process

15

Address Binding Contract

Address, Binding, & Address, Binding, & ContractContract

ServiceServiceClientClient

EndpointEndpoint

EndpointEndpoint

EndpointEndpoint

EndpointEndpoint MessageMessage

Where? How? What?

A B C

A B C

A B C

A B C

16

WCF Security ModelWCF Security ModelCapabilitiesCapabilities

Secure Transfer of Secure Transfer of MessagesMessages

ConfidentialityConfidentiality

IntegrityIntegrity

AuthenticationAuthentication

Access Control for Access Control for resourcesresources

AuthorizationAuthorization

Audit Security EventsAudit Security Events

Programming levelsProgramming levelsSimple turnkey modelSimple turnkey model

Advanced custom modelAdvanced custom model

WSE 3.0WSE 3.0

WSE 3.0WSE 3.0

17

WCF Interoperable Standard WCF Interoperable Standard BindingsBindings

WCFWCF

BindingsBindings

SpecificationsSpecifications

.NET.NET

Web serviceWeb service

ImplementatioImplementationn

basicHttpBindinbasicHttpBindingg

SOAP 1.1SOAP 1.1

Basic Profile 1.1Basic Profile 1.1

WS-Security 1.0WS-Security 1.0

Basic Security Profile Basic Security Profile 1.01.0

MTOMMTOM

ASP.NET 1.1ASP.NET 1.1

ASP.NET 2.0ASP.NET 2.0

WSE 2.0WSE 2.0

WSE 3.0WSE 3.0

wsHttpBindingwsHttpBinding SOAP 1.2SOAP 1.2

WS-Security 1.1 (CR)WS-Security 1.1 (CR)

MTOMMTOM

WSE 3.0WSE 3.0

18

WSE to WCF Security WSE to WCF Security MappingMapping

WSE 3.0 Turnkey WSE 3.0 Turnkey Policy Security Policy Security AssertionsAssertions

WCF basicHttpBinding Security WCF basicHttpBinding Security ConfigurationConfiguration

UsernameOverTransportUsernameOverTransport<usernameOverTransportSecurit<usernameOverTransportSecurity />y />

<security <security mode="TransportWithMessageCredential">mode="TransportWithMessageCredential">

<message <message clientCredentialType=“Username"/>clientCredentialType=“Username"/>

</security></security>

CertificateMutualCertificateMutual

AuthenticationProfileAuthenticationProfile<CertificateMutualAuthenticatio<CertificateMutualAuthenticationn

ProfileSecurity />ProfileSecurity />

<security mode="Message"><security mode="Message">

<message <message clientCredentialType=“Certificate" clientCredentialType=“Certificate" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>

</security></security>

WCF standard bindings mapped to WCF standard bindings mapped to WSE policy security assertionsWSE policy security assertions

19

WSE 3.0 Turnkey WSE 3.0 Turnkey Policy Security Policy Security AssertionsAssertions

WCF wsHttpBinding Security WCF wsHttpBinding Security ConfigurationConfiguration

AnnonymousOverCertificatAnnonymousOverCertificatee <anonymousOverCertificateSecu<anonymousOverCertificateSecurity rity establishSecurityContext=“true“ establishSecurityContext=“true“ />/>

<security mode="Message"><security mode="Message">

<message <message clientCredentialType=“None" clientCredentialType=“None" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>

</security></security>

UsernameOverCertificateUsernameOverCertificate <usernameOverCertificateSecurit<usernameOverCertificateSecurity y establishSecurityContext=“true“ establishSecurityContext=“true“ />/>

<security mode="Message"><security mode="Message">

<message <message clientCredentialType=“UserName" clientCredentialType=“UserName" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>

</security></security>

Kerberos (Windows)Kerberos (Windows) <anonymousOverCertificateSecu<anonymousOverCertificateSecurity rity establishSecurityContext=“true“ establishSecurityContext=“true“ />/>

<security mode="Message"><security mode="Message">

<message <message clientCredentialType="Windows" clientCredentialType="Windows" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>

</security></security>

MutualCertificateMutualCertificate <mutualCertificateSecurity <mutualCertificateSecurity establishSecurityContext=“true“ establishSecurityContext=“true“ />/>

<security mode="Message"><security mode="Message">

<message <message clientCredentialType=“Certificate" clientCredentialType=“Certificate" negotiateServiceCredential="false"/>negotiateServiceCredential="false"/>

</security></security>

WSE to WCF Security WSE to WCF Security MappingMapping

20

Building WCF Clients for ASP.NET Building WCF Clients for ASP.NET and WSE 3.0 Web servicesand WSE 3.0 Web services

21

Turnkey Security Scenario Turnkey Security Scenario MappingMappingWSE 3.0 turnkey policy security WSE 3.0 turnkey policy security

assertions map to WCF custom assertions map to WCF custom security bindingssecurity bindings

<customBinding><customBinding> <binding name=“MyBinding"><binding name=“MyBinding"> <security <security authenticationMode=“UsernameForCertificate" authenticationMode=“UsernameForCertificate"

MessageProtectionOrder="SignBeforeEncrypt“MessageProtectionOrder="SignBeforeEncrypt“requireDerivedKeys="true”/>requireDerivedKeys="true”/>

</binding></binding></customBinding></customBinding>

<policies><policies> <policy name=“MyPolicy"><policy name=“MyPolicy"> <usernameForCertificateSecurity<usernameForCertificateSecurityprotectionOrder="SignBeforeEncrypt" protectionOrder="SignBeforeEncrypt" deriveKeys="true“/>deriveKeys="true“/> </policy></policy></policies></policies>

22

WCF Custom Security BindingWCF Custom Security Bindingand Custom WSE Bindingand Custom WSE Binding

23

SummarySummaryWrite connected applications today Write connected applications today and achieve interoperability for a and achieve interoperability for a lifetimelifetime

Download the WSE 3.0 Beta from Download the WSE 3.0 Beta from MSDNMSDN

http://msdn.microsoft.com/webservices/building/wse/

Install WinFx and Windows Vista Install WinFx and Windows Vista

Enjoy WSE 3.0 and WCF Hands on Enjoy WSE 3.0 and WCF Hands on LabsLabs

24

ResourcesResourcesmailto: mfussell@microsoft.com

blog: http://blogs.msdn.com/mfussell

Web services forum:http://forums.microsoft.com/msdn/

WS-Security roadmaphttp://msdn.microsoft.com/webservices/

understanding/gxa/default.aspx?pull=/library/en-us/dnwssecur/html/securitywhitepaper.asp

25

Your FeedbackYour Feedbackis Important!is Important!

Please Fill Out a SurveyPlease Fill Out a Survey

© 2005 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.