ASTRAHow-to: Consume ASTRA Web Service using Microsoft.NET 2.0 / WSE 3.0Contents:
IntroductionThis document describes how to create a Microsoft.NET client application that consumes authorization data from the ASTRA web service. The client authenticates using X509 client certificates.Required software
Install software
Acquire & Install UWCA X509 client certificatesSee Acquire & Install UWCA X.509 certificatesConfigure ASP.NET web application to use X.509 certificatesIf your application is an ASP.NET web application, see Configure ASP.NET web application to use X.509 certificatesCreate .Net ProjectCreate c# web application named AstraWSClientDemoAdd a button to WebForm1.aspx (Button1) Add a TextBox to WebForm1.aspx (TextBox1) Set TextBox1.TextMode to MultiLine Stretch TextBox1 out to a decent size. Add a reference to Microsoft.Web.Services3.dll Add a reference to System.Web.Services.dll Add a web reference to https://ucs.admin.washington.edu/astraws/astraws.asmx The default web reference name will be edu.washington.admin.ucs, change that to AstraWS Add the following to the top of WebForm1.aspx.cs using Microsoft.Web.Services3; using System.Web.Services; using Microsoft.Web.Services3.Security.X509; using System.Security.Cryptography.X509Certificates; using System.Xml; using System.Xml.Serialization; using System.IO; using AstraWSClientDemo.AstraWS; Double click on Button1 (this will create and bring you to the click handler for Button1
void Button1_Click(object sender, EventArgs e) {
AstraWS.AuthzProvider m_Proxy = new AstraWS.AuthzProvider();
//TODO: replace isdev.nebula.washington.edu with your certificate subject string
X509Certificate cert = GetCert("isdev.nebula.washington.edu");
if (cert != null) {
m_Proxy.ClientCertificates.Add(cert);
}
else {
throw new Exception("certificate is null");
}
AstraWS.Auth auth = new AstraWS.Auth();
auth.privilege = new Privilege();
auth.environment = new AstraWS.Environment();
auth.party = new Party();
//TODO: Replace auth properties with more appropriate data.
auth.environment.code = "eval";
auth.privilege.code = "testpriv";
auth.party.uwNetid = "astratst";
AstraWS.Authz authz = m_Proxy.GetAuthz(auth); //makes ws call
if (authz != null) {
// Serialize results
XmlSerializer myXmlSerializer = new XmlSerializer(typeof(Authz));
StringWriter myStringWriter = new StringWriter();
myXmlSerializer.Serialize(myStringWriter, authz);
// Display results
TextBox1.Text = myStringWriter.ToString();
}
m_Proxy.Dispose();
}
Paste in the following routine:
private X509Certificate GetCert(string subject)
{
X509Certificate cert = null;
X509Store store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
try {
store.Open(OpenFlags.ReadOnly);
X509Certificate2Collection col =
store.Certificates.Find(X509FindType.FindBySubjectName, subject, true);
cert = col[0];
}
catch (Exception e) {
throw new Exception("Cert not found", e);
}
finally {
store.Close();
}
return (cert);
}
Do a find on TODO: and change the values as appropriate.Run the code, Click on the Button, and the results will be displayed in TextBox1. Test whether person is authorizedIterate the collection of Auth objects and check if a particular authorization exists.
foreach(Auth biff in authz.authCollection) {
if (biff.privilege.code.ToLower() == "testpriv" &&
biff.role.code.ToLower() == "testrole" &&
biff.action.code.ToLower() == "testaction" &&
biff.spanOfControlCollection[0].type == "OrgInc" &&
biff.spanOfControlCollection[0].code == "014956" &&
biff.spanOfControlCollection[1].type == "$Lim" &&
biff.spanOfControlCollection[1].code == "2000") {
Response.Write("Authorization exists!");
} else {
Response.Write("Authorization does not exist!");
}
}
|
