ASTRA

How-to: Consume ASTRA Web Service using Microsoft.NET 1.1 / WSE 2.0 SP1

Contents:

Introduction
Required software
Install software
Acquire & Install UWCA X509 certificates
Configure ASP.NET web application to use X.509 certificates
Create .Net project
Test whether person is authorized

Introduction

This document describes how to create a Microsoft.NET client application that consumes authorization data from the ASTRA web service. The client authenticates using X509 client certificates.

Required software

Microsoft .NET Framework 1.1
(Go to http://www.microsoft.com/net and refer to the downloads link)
Microsoft Web Services Enhancements (WSE) 2.0 SP1
(http://msdn.microsoft.com/webservices)
Microsoft Visual Studio .NET 2003 (optional, but used in this document)

Install software

Install Microsoft Web Service Enhancements (WSE) 2.0 SP1.
Install Microsoft .NET Framework 1.1.

Acquire & Install UWCA X509 client certificates

See Acquire & Install UWCA X.509 certificates

Configure ASP.NET web application to use X.509 certificates

If your application is an ASP.NET web application, see Configure ASP.NET web application to use X.509 certificates

Create c# web application named AstraWSClientDemo
Add a button to WebForm1.aspx (Button1)
Add a TextBox to WebForm1.aspx (TextBox1)
Set TextBox1.TextMode to MultiLine
Stretch TextBox1 out to a decent size.
Add a reference to Microsoft.Web.Services2.dll
Add a reference to System.Web.Services.dll

Add a web reference to https://ucs.admin.washington.edu/astraws/astraws.asmx
The default web reference name will be edu.washington.admin.ucs, change that to AstraWS

Add the following to the top of WebForm1.aspx.cs

using Microsoft.Web.Services2;
using System.Web.Services;
using AstraWSClientDemo.AstraWS;
using WseX509 = Microsoft.Web.Services2.Security.X509;
using System.Security.Cryptography.X509Certificates;
using System.Xml;
using System.Xml.Serialization;
using System.IO;

Double click on Button1 (this will create and bring you to the click handler for Button1

private void Button1_Click(object sender, System.EventArgs e) {
	WseX509.X509CertificateStore m_certStore = 
	   WseX509.X509CertificateStore.LocalMachineStore(WseX509.X509CertificateStore.MyStore);
	AstraWS.AuthzProvider m_Proxy = new AstraWS.AuthzProvider();
		
	if (m_certStore.OpenRead()) {
	    //TODO: replace xp30-is.cac.washington.edu with your certificate subject string
	    WseX509.X509Certificate cert = GetCertificate("xp30-is.cac.washington.edu", m_certStore);
	    if (cert != null) {
		  m_Proxy.ClientCertificates.Add(cert);
	   } else {
		  throw new Exception("certificate is null");
	   }
				
	   AstraWS.Auth auth = new AstraWS.Auth();
	   auth.privilege = new Privilege();
	   auth.environment = new AstraWS.Environment();
	   auth.party = new Party();

	   //TODO: Replace auth properties with more appropriate data.
	   auth.environment.code = "dev";
	   auth.privilege.code = "testpriv";
	   auth.party.uwNetid = "astratst";
				

	   AstraWS.Authz authz = m_Proxy.GetAuthz(auth); //makes ws call
				
	   if (authz != null) {
		  // Serialize results
		  XmlSerializer myXmlSerializer = new XmlSerializer(typeof(Authz));
		  StringWriter myStringWriter = new StringWriter();
		  myXmlSerializer.Serialize(myStringWriter, authz);

		  // Display results
		  TextBox1.Text = myStringWriter.ToString();

	    }
    
	} else {
		Response.Write("Could not open cert store");
	}
	m_certStore.Close();
	m_certStore.Dispose();
	m_Proxy.Dispose();
}

Paste in the following routine:

private WseX509.X509Certificate GetCertificate(string m_certificateSubject, WseX509.X509CertificateStore m_certStore) {
			
    WseX509.X509CertificateCollection certs;
	WseX509.X509Certificate cert = null;

	// Make sure that a certificate has been set
	certs = m_certStore.FindCertificateBySubjectString(m_certificateSubject);

	// We should have found one and only one certificate at this point
	if (certs.Count == 1) {
		cert = (WseX509.X509Certificate)certs[0];

		if(cert.Key == null) { // Key does not exist 
      		 throw new Exception("No private key found. This is often a result " +
				"of not having sufficient permissions." +
				"To give the ASPNET account access to the private key, " +
				"give the account under which ASP.NET is running " +
				"Full Control access to the files containing the " +
                "keys the WSE will need to retrieve in the following " + "folder: " +
                @"C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys"); 
		}
	} else if (certs.Count > 1) {
		// Found more than one certificate for the subject name
       throw new Exception("Multiple certificate found " + certs.Count.ToString() + " certificates; only one expected.");
	} else if (certs.Count < 1) {
		// Could not find specified certificate
		throw new Exception("Certificate not found in store.");
	}
			
	return cert;
}

Do a find on TODO: and change the values as appropriate.
Run the code, Click on the Button, and the results will be displayed in TextBox1.

Test whether person is authorized

Iterate the collection of Auth objects and check if a particular authorization exists.


	foreach(Auth biff in authz.authCollection) {
		if (biff.privilege.code.ToLower() == "testpriv" &&
		   biff.role.code.ToLower() == "testrole" &&
		   biff.action.code.ToLower() == "testaction" &&
		   biff.spanOfControlCollection[0].type == "OrgInc" &&
		   biff.spanOfControlCollection[0].code == "014956" &&
		   biff.spanOfControlCollection[1].type == "$Lim" &&
		   biff.spanOfControlCollection[1].code == "2000") {
			Response.Write("Authorization exists!");
		} else {
			Response.Write("Authorization does not exist!");
		}
	}