sábado, 12 de agosto de 2017

Consuming a WSO2 ESB secured proxy with WS-Security UsernameToken policy, within .NET C# Application


This is the pattern that need to be configured on WSO2 ESB


Step 1: 
Create the policy using the WSO2 Developer Studio.


To get his done you should click in the dashboard on the Registry Resource in the show dialog you have to pick the option from existing template, then choose WS-Policy at the resource template combobox.


Then we need to get the roles from the server





The generated policy must look like this

<wsp:Policy wsu:Id="UTOverTransport"
    xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <wsp:ExactlyOne>
        <wsp:All>
            <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:TransportToken>
                        <wsp:Policy>
                            <sp:HttpsToken RequireClientCertificate="false"/>
                        </wsp:Policy>
                    </sp:TransportToken>
                    <sp:AlgorithmSuite>
                        <wsp:Policy>
                            <sp:Basic256/>
                        </wsp:Policy>
                    </sp:AlgorithmSuite>
                    <sp:Layout>
                        <wsp:Policy>
                            <sp:Lax/>
                        </wsp:Policy>
                    </sp:Layout>
                    <sp:IncludeTimestamp/>
                </wsp:Policy>
            </sp:TransportBinding>
            <sp:SignedSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
                <wsp:Policy>
                    <sp:UsernameToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient"/>
                </wsp:Policy>
            </sp:SignedSupportingTokens>
        </wsp:All>
    </wsp:ExactlyOne>
    <rampart:RampartConfig xmlns:rampart="http://ws.apache.org/rampart/policy">
        <rampart:user>wso2carbon</rampart:user>
        <rampart:encryptionUser>useReqSigCert</rampart:encryptionUser>
        <rampart:timestampPrecisionInMilliseconds>true</rampart:timestampPrecisionInMilliseconds>
        <rampart:timestampTTL>300</rampart:timestampTTL>
        <rampart:timestampMaxSkew>300</rampart:timestampMaxSkew>
        <rampart:timestampStrict>false</rampart:timestampStrict>
        <rampart:tokenStoreClass>org.wso2.carbon.security.util.SecurityTokenStore&#xd;
        </rampart:tokenStoreClass>
        <rampart:nonceLifeTime>300</rampart:nonceLifeTime>
    </rampart:RampartConfig>
    <sec:CarbonSecConfig xmlns:sec="http://www.wso2.org/products/carbon/security">
        <sec:Authorization>
            <sec:property name="org.wso2.carbon.security.allowedroles">admin</sec:property>
        </sec:Authorization>
    </sec:CarbonSecConfig>
</wsp:Policy>



The App/Web.config file must look like 

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
    <startup> 
        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5.2" />
    </startup>
    <system.serviceModel>
        <bindings>
            <customBinding>
                <binding name="wsSecuredProxySoap12Binding">
                    <security includeTimestamp="true"
                              authenticationMode="UserNameOverTransport"
                              defaultAlgorithmSuite="Basic256"
                              requireDerivedKeys="false"
                              securityHeaderLayout="LaxTimestampLast"  
                              messageSecurityVersion="WSSecurity10WSTrustFebruary2005WSSecureConversationFebruary2005WSSecurityPolicy11BasicSecurityProfile10">
                    </security>
                    <textMessageEncoding messageVersion="Soap11"></textMessageEncoding>
                    <httpsTransport authenticationScheme="Basic" maxReceivedMessageSize="2000000000"/>
                </binding>
            </customBinding>
        </bindings>
        <client>            
            <endpoint address="https://DESKTOP-T5HMT2C:8243/services/wsSecuredProxy.wsSecuredProxyHttpsSoap12Endpoint"
                binding="customBinding" bindingConfiguration="wsSecuredProxySoap12Binding"
                contract="SecuredService.wsSecuredProxyPortType" name="wsSecuredProxyHttpsSoap12Endpoint" />
        </client>
    </system.serviceModel>
</configuration>

Transacciones Fiori

  /UI2/CACHE Register service for UI2 cache use /UI2/CACHE_DEL Delete cache entries /UI2/CHIP Chip Registration /UI2/CUST Customizing of UI ...