This chapter will guide you through installation of a new instance of the Secure Access Web Service (ARWebService). It can also be used for troubleshooting existing installations.

 

Note: In this chapter we will describe the simplest installation of the Secure Access Web Service, i.e. without securing client-server communication. For details on how to use symmetric or X.509 cryptography for securing the web service, please refer to the following chapters:

• Configuring ARWebsService for Symmetric Cryptography and
• Configuring ARWebService for X.509 Certificates.

 

Installing and configuring ARWebService

 

		Important Note
		The ASP.NET working process (i. e. ASPNET account by default) must have read permissions for the catalogs.xml file  (you will typically find it in the C:\Program Files\PortSight Secure Access\2.0\Catalog Manager folder). Please make sure that the ASP.NET working process has read permissions.

 

 

1. Copy the ARWebService folder from the PortSight Secure Access installation folder to the C:\wwwroot\inetpub folder (you may also rename  it if you want).
   
2. Share the folder on the Web as a virtual directory. Do not forget to set appropriate permissions to this folder and allow Anonymous access in the IIS.
   
   
   
   Make sure that the virtual directory you created has anonymous access enabled. If you do not use anonymous access, then modifications must be made to the clients so that they include valid credentials in the Credentials property of all proxies.
   
3. Configure the Web Service by updating settings in the Web.config file.

Parameters in the <appSettings> section:

                                 i.            SecureAccessServiceCertKeyID - subject Key Identifier of the service's private certificate; this feature will be described later in the Configuring ARWebService for X.509 Certificates chapter. Set this value to "" (empty string).

                                ii.            SecureAccessSymmetricKey - shared  symmetric key, that will be used for encrypting/decrypting messages; this feature will be described later in the Configuring ARWebsService for Symmetric Cryptography chapter. Set this value to "" (empty string).

                              iii.            SecureAccessTimeToLive - this value specifies expiration time of the response message (in milliseconds), for which the SOAP response remains valid; use 0 for no limit.

                              iv.            SecureAccessCatalogsXMLPath - this parameter must always contain full path to the catalogs.xml file, that contains list of registered SecureAccess Catalogs. You can find this file in the Catalog Manager folder under the Secure Access installation folder.

Note: The ASP.NET process (ASPNET user) must have access rights for reading the catalogs.xml file!

                               v.            SecureAccessRuleSymmetricEncryptionRequired - indicates whether the symmetric encryption is required for both incoming and outgoing messages; this feature will be described later in the Configuring ARWebsService for Symmetric Cryptography chapter. Set this value to "false".

                              vi.          SecureAccessRuleX509SignatureRequired - indicates whether the X.509 signature is required for both incoming and outgoing messages; this feature will be described later in the Configuring ARWebService for X.509 Certificates chapter. Set this value to "false".

                            vii.            SecureAccessRuleX509EncryptionRequired - indicates whether the X.509 encryption is required for both incoming and outgoing responses; this feature will be described later in the Configuring ARWebService for X.509 Certificates chapter. Set this value to "false".

5. Verify that the Web Service works by navigating to the following page in the Internet Explorer browser:
   

http://<servername>/ARWebService/ARWSWebService.asmx

      You should see the following page:

 

      

6. The Secure Access Web Service should be working now. Please continue with configuration of the client.
   
7. You can verify that the ARWebService has been configured correctly by running test sample called SampleARWSTestFormVB.exe - you can find this file including the source code project in the "Examples\VB\TestARWebService\bin" folder under the PortSight Secure Access installation folder. 
   
   Delete values in the "Encoding Cert Key ID", "Signing Cert Key ID" and "Encrypting Symmetric Key" fields. Enter the correct catalog name (it's case-sensitive!), login and password and click Try Login. You should get be the confirmation or detailed error message.
   

 

 

 

Installing and configuring Web Service Clients

 

This guide will help you configure your own client applications or included sample projects.

 

1. Copy the client application on the client computer. Check that the folder contains the following files necessary for consuming Secure Access Web Service:
   
       ARWebServiceClient.dll
       ARWebServiceCommon.dll
       Microsoft.Web.Services.dll
       <YourClientApplicationName>.exe.config
   
2. Configure the client's application by updating settings in the <Your Client App Name>.exe.config file.

Parameters in the <appSettings> section:

                                 i.            SecureAccessSymmetricKey - shared  symmetric key, that will be used for encrypting/decrypting messages; this feature will be described later in the Configuring ARWebsService for Symmetric Cryptography chapter. Set this value to "" (empty string).

 

Now your application should be ready for using ARWebService.