Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Invalid URI with WSE 3.0 trying to sign a custom header element

168 views
Skip to first unread message

Mike Logan

unread,
Oct 17, 2006, 3:55:03 PM10/17/06
to
I am trying to sign a custom header elelment with WSE 3.0 and the
SendSecurityFilter, SecureMessage classes. However I get an invalid URI afer
the SecureMessage is run. Below is the error message and stack trace, and
below that is the source code of the SendSecurityFilter.

{"Invalid URI: The format of the URI could not be determined."}
at System.Uri.CreateThis(String uri, Boolean dontEscape, UriKind uriKind)
at System.Uri..ctor(String uriString)
at Microsoft.Web.Services3.Xml.WSESoapHeader.GetAttributeXml(XmlDocument
document, XmlElement element)
at Microsoft.Web.Services3.Security.Security.SerializeXml(SoapEnvelope
document)
at Microsoft.Web.Services3.Security.Security.Execute(SoapEnvelope envelope)
at
Microsoft.Web.Services3.Security.SendSecurityFilter.ProcessMessage(SoapEnvelope envelope)
at Microsoft.Web.Services3.Pipeline.ProcessOutputMessage(SoapEnvelope
envelope)
at Microsoft.Web.Services3.Xml.SoapEnvelopeWriter.Finish()
at Microsoft.Web.Services3.Xml.XmlWrappingWriter.Flush()
at
System.Web.Services.Protocols.SoapHttpClientProtocol.Serialize(SoapClientMessage message)
at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String
methodName, Object[] parameters)
at
VITA.VITASecurityUserSvc.VITASecurityUserSvcPortWse.getAppByDirectory(getAppByDirectoryRequest getAppByDirectoryRequest) in C:\Visual Studio 2005
at VITA.Security.SecurityModule.LoadApplicationInformation() in C:\Visual
Studio
at VITA.Security.SecurityModule.LoadAppifNotLoaded() in C:\Visual Studio
2005
at VITA.Security.SecurityModule.get_AppLogOptions() in C:\Visual Studio
2005
at VITA.Security.SecurityModule.AppSec_SessionStart() in C:\Visual Studio
2005
at TestWebApp29.Global.Session_Start(Object sender, EventArgs e) in
at System.Web.SessionState.SessionStateModule.RaiseOnStart(EventArgs e)
at System.Web.SessionState.SessionStateModule.CompleteAcquireState()
at System.Web.SessionState.SessionStateModule.BeginAcquireState(Object
source, EventArgs e, AsyncCallback cb, Object extraData)
at
System.Web.HttpApplication.AsyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean&
completedSynchronously)


Code:


#Region " Imports "
Imports System
Imports System.Collections
Imports System.Xml
Imports System.Xml.XPath
Imports Microsoft.Web.Services3
Imports Microsoft.Web.Services3.Security.X509
Imports Microsoft.Web.Services3.Security
Imports Microsoft.Web.Services3.Security.Tokens
Imports System.Net
Imports System.Configuration
Imports System.Security
Imports System.Security.Cryptography
Imports System.Security.Cryptography.X509Certificates
Imports System.Web
Imports Microsoft.Web.Services3.Design
#End Region

Namespace Services

Public Class OutputFilter
Inherits Microsoft.Web.Services3.Security.SendSecurityFilter

Public Sub New(ByVal serviceActor As String, ByVal isClient As
Boolean)
MyBase.New(serviceActor, isClient)
End Sub

Public Overrides Sub SecureMessage(ByVal envelope As
Microsoft.Web.Services3.SoapEnvelope, ByVal security As
Microsoft.Web.Services3.Security.Security)

Dim myorgUser As XmlElement
Dim AppUser As String
Dim root As XmlElement = envelope.DocumentElement
Dim header As XmlElement = envelope.Header
Dim doc As XmlDocument
Dim user As XmlText
Dim CertName As String
Dim cert As X509Certificate = Nothing
Dim store As New X509Store

If Trim(HttpContext.Current.User.Identity.Name) <> "" Then
AppUser = HttpContext.Current.User.Identity.Name
Else
AppUser = "AppUser"
End If

If header Is Nothing Then
header = envelope.CreateHeader()
doc = header.OwnerDocument
myorgUser = doc.CreateElement("myorg:myorgUser",
"http://mycompany.org")
header.AppendChild(myorgUser)
Else
Dim node As XmlNodeList
node = header.GetElementsByTagName("myorgUser",
"http://mycompany.org")
doc = header.OwnerDocument
If node.Count > 0 Then
node.Item(0).RemoveChild(node.Item(0).FirstChild)
myorgUser = CType(node.Item(0), XmlElement)
Else
myorgUser = doc.CreateElement("myorg:myorgUser",
"http://mycompany.org")
header.AppendChild(myorgUser)
End If

End If

user = doc.CreateTextNode(AppUser)
myorgUser.AppendChild(user)

CertName = ConfigurationManager.AppSettings("WSMCertName")

store = New X509Store(StoreName.My, StoreLocation.LocalMachine)
store.Open(OpenFlags.ReadOnly)

Dim col As X509CertificateCollection = _
store.Certificates.Find(X509FindType.FindBySubjectName,
CertName, True)
Try
Try
cert = col(0)
Catch ex As Exception
Throw New Exception("Unable to find certicate. Ensure
certificate is specified correct in the web.config", ex)
End Try

Dim refID As String = "Id-" + Guid.NewGuid.ToString
Dim attr As XmlAttribute = _
envelope.CreateAttribute("wsu", "Id", _

"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
attr.Value = "ID-" + refID
myorgUser.Attributes.Append(attr)

Dim soapRef As New SignatureReference("#" + refID)

soapRef.AddTransform(New
Microsoft.Web.Services3.Security.Xml.XmlDsigExcC14NTransform)

Dim signatureToken As New X509SecurityToken(cert)

security.Tokens.Add(signatureToken)
Dim sig As New MessageSignature(signatureToken)
sig.SignatureOptions = SignatureOptions.IncludeNone
sig.AddReference(soapRef)
security.Elements.Add(sig)

Catch ex As Exception
Throw New Exception("Unable to attach certificate.", ex)
End Try

End Sub

End Class

End Namespace


--
Mike Logan

Steven Cheng[MSFT]

unread,
Oct 18, 2006, 9:35:35 AM10/18/06
to
Hello Mike,

Glad to see you again. How are you doing.

From your description, you've developed a custom SoapFilter which will sign
some certain headers in the SOAP envelop, however, you found it will report
some ""Invalid URI: The format of the URI could not be determined."
exception during the processing of outgoing message, correct?

As for the Ouputfilter, it is used by a certain Policy Assertion, are you
developing a custom PolicyAssertion? If so, would you provide some further
background on this or if convenient, you can send me a complete simplified
repro project so that I can perform some test locally.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

==================================================

Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.

==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Mike Logan

unread,
Oct 18, 2006, 10:08:02 AM10/18/06
to
Hello Steven,

Seems like you answer all my questions.

First question, yes.

Second question yes, code of my custom policy assertion is below. When
stepping through this the CreateClientInputFilter and
CreateClientOutputFilter is hit, and the CreateClientOutputFilter goes into
my custom output filter. The debugger runs completely through the output
filter without error, it is when it goes back to the calling web service
client project it errors out. Below the code of the custom policy is how I
attach that policy to the web service instance.

Imports Microsoft.Web.Services3
Imports Microsoft.Web.Services3.Security
Imports Microsoft.Web.Services3.Security.Tokens
Imports System.Security.Cryptography.X509Certificates

Namespace Services

Public Class CustomPolicyAssertion
Inherits Microsoft.Web.Services3.Design.PolicyAssertion

Public Overrides Function CreateClientInputFilter(ByVal context As
Microsoft.Web.Services3.Design.FilterCreationContext) As
Microsoft.Web.Services3.SoapFilter
Return Nothing
End Function

Public Overrides Function CreateClientOutputFilter(ByVal context As
Microsoft.Web.Services3.Design.FilterCreationContext) As
Microsoft.Web.Services3.SoapFilter
Return New VITA.Web.Services.OutputFilter("me", True)
End Function

Public Overrides Function CreateServiceInputFilter(ByVal context As
Microsoft.Web.Services3.Design.FilterCreationContext) As
Microsoft.Web.Services3.SoapFilter
Return Nothing
End Function

Public Overrides Function CreateServiceOutputFilter(ByVal context As
Microsoft.Web.Services3.Design.FilterCreationContext) As
Microsoft.Web.Services3.SoapFilter
Return Nothing
End Function
End Class

End Namespace


Code for attaching policy:

Public Shared Function GetVITASecuritySvcInstance() As
VITASecurityUserSvcPortWse
Dim vsuspw As New VITASecurityUserSvcPortWse

If SecureWebServices = True Then

Dim p As New Microsoft.Web.Services3.Design.Policy
p.Assertions.Add(New VITA.Web.Services.CustomPolicyAssertion)
vsuspw.SetPolicy(p)
vsuspw.RequestSoapContext.Add("VITAUser", " ")

End If

vsuspw.Url = SecurityUserSvcURL

Return vsuspw

End Function

Again thanks for the help.
--
Mike Logan

Pablo Cibraro [MVP]

unread,
Oct 18, 2006, 10:12:29 AM10/18/06
to
Hi Mike,

As first glance, I think I found two possible problems

1. You are not adding the custom header (the variable header in the code) to
the soap envelope.
2. I think there is a bug in the code below,

Dim refID As String = "Id-" + Guid.NewGuid.ToString (Here, refID =
"Id-Guid")


Dim attr As XmlAttribute = _
envelope.CreateAttribute("wsu", "Id",

"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
attr.Value = "ID-" + refID (The attribute value for wsu:Id is "ID-Id-Guid")
myorgUser.Attributes.Append(attr)

Dim soapRef As New SignatureReference("#" + refID) (You are adding a
reference to "Id-Guid" but the attribute value is "ID-Id-Guid").

Please, correct me if I am wrong, but I think that can be the problem.

Regards,
Pablo Cibraro.

"Steven Cheng[MSFT]" <stc...@online.microsoft.com> wrote in message
news:8GhTTpr8...@TK2MSFTNGXA01.phx.gbl...

Mike Logan

unread,
Oct 18, 2006, 10:26:01 AM10/18/06
to
Hello Pablo,

1. See my post right before yours. I am adding the custom soap header in
the web service client.

2. You are right and I changed it around, but it still threw the error.
Below is the fixed code.

Dim strGuid As String = Guid.NewGuid.ToString
Dim refID As String = "Id-" + strGuid


Dim attr As XmlAttribute = _

envelope.CreateAttribute("wsu", "Id", _

"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
attr.Value = "ID-" + strGuid
vitauser.Attributes.Append(attr)

Thanks for the help.

--
Mike Logan

Steven Cheng[MSFT]

unread,
Oct 22, 2006, 10:32:27 PM10/22/06
to
Thanks for your reply Mike,

I'll try performing some test through your code on my local environment to
check the behavior. I'll update you as soon as possible.

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

This posting is provided "AS IS" with no warranties, and confers no rights.

Yan-Hong Huang[MSFT]

unread,
Oct 26, 2006, 1:45:42 AM10/26/06
to
Hi Mike,

Steven is taking sick leave today and so the resonse may be delayed for
some time. We will get back here with our findings as soon as possible.
Please feel free to post here if you have any concern or new update.

Thanks very much for your understanding.

Sincerely,
Yanhong Huang
Microsoft Online Community Support

==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================

This posting is provided "AS IS" with no warranties, and confers no rights.

Steven Cheng[MSFT]

unread,
Oct 30, 2006, 9:29:28 AM10/30/06
to
Hello Mike,

Sorry for keep you waiting. After come back and perform some further
research agains the code snippet you provided, it seems I can not quite get
the exact behavior you meet. I've also consult some other WSE product team
engineer and they think this is a consulting like case and will require
dedicated work on this. Therefore, I would suggest you consider contact the
MCS consulting service or CSS for further assistance if you feel it an
urgent and important issue of your project.

http://support.microsoft.com

Sincerely,

Steven Cheng

Microsoft MSDN Online Support Lead

Mike Logan

unread,
Nov 9, 2006, 10:23:04 AM11/9/06
to
Hello Steven,

I did open a support ticket. The issue was within the custom policy

Public Overrides Function CreateClientOutputFilter(ByVal context As
Microsoft.Web.Services3.Design.FilterCreationContext) As
Microsoft.Web.Services3.SoapFilter
Return New VITA.Web.Services.OutputFilter("me", True)
End Function


The first parameter of the output filter should have been a valid URL like:

"http://schemas.xmlsoap.org/soap/actor/next"

Thanks for the help.
--
Mike Logan

0 new messages