none
Web Service (asmx) of WCF to implement usernameToken on VS2010. RRS feed

  • Question

  • Hi,

    I have been going through many samples online and found that, to implement usernameToken on webservices, we should use WSE 3.0. I even found thatMicorosft.Web.Services3 namespace should be used by both Client and Service applications. As per my understanding, a custom policy should be defined as a library and that dll should be shared by both Service and Client which might be OK with DotNet applications and how about Java/other apps.

    To be in detail, I would like to develop a service that should be validated with usernameToken of WS-Security Enhancements. Please help me on this which should look like,

    <soapenv:Header>
    	<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="true">
    		<wsse:UsernameToken xmlns:wsu=http://docs.oasis-open.org/wss/2004/01/oasis-200401-wsswssecurity-utility-1.0.xsd wsu:Id="UsernameToken-21621336">
    			<wsse:Username>abc</wsse:Username>
    			<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-usernametoken-profile-1.0#PasswordText">abcPWD</wsse:Password>
    		</wsse:UsernameToken>
    	</wsse:Security>
    </soapenv:Header>
    I have been using VS2010, WCF application with a web service (asmx file, due to schema-first approach) . The client might be a dotnet/java/other app. The service owner is not interested to share the library (policy dll) to client apps. Please guide me on this with some examples.

    Thanks,

    Manoj.

    Thursday, January 2, 2014 10:38 AM

All replies

  • Hi,

    If I do not misunderstand you, then please try to check the following:

    It seems that you need to send UserName over HTTP, then you can use standard approach (if your WSDL is correctly defined this should be created for you automatically by adding service reference):

    <bindings>
      <basicHttpBinding>
        <binding name="secured">
          <security mode="TransportWithMessageCredential">
            <message clientCredentialType="UserName" />
          </security>
        </binding>
      </basicHttpBinding>
    </bindings>
    <client>
      <endpoint name="..." address="http://..." contract="..." binding="basicHttpBinding"
                bindingConfiguration="secured" />
    </client>

    Or you can define binding in code:

    var basicHttpBinding = new BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential);
    basicHttpBinding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName;

    You will set credentials in proxy as you do it now:

    client.ClientCredentials.UserName.UserName = "abc";
    client.ClientCredentials.UserName.Password = "abcPWD";

    Best Regards,
    Amy Peng 


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.


    Friday, January 3, 2014 9:03 AM
    Moderator
  • 
    

    Thank you Amy Peng for the reply.

    I have been looking to implement the Service first, to get the defined format. To be frank with you, I have been using .asmx file (web srevices) on vs2010. I think this binding concept may not be configured on old web service concept.

    My servcie should be accessed by any client later.

    As a workaround, I have created a 3 class files

    1. public class Password

    2. public class UsernameToken

    3. public class Security  : SoapHeader.

    and then added the as [SoapHeader("Security", Required = true, Direction = SoapHeaderDirection.In)] on my [WebMethod] implementation by checking the below,

    Security.UserNameToken.Username
    Security.UserNameToken.Password.Type
    Security.UserNameToken.Password.Value

    Even though I have given, http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText as type, my SOAP 1.2 request is showing as below,

     <?xml version="1.0" encoding="utf-8"?>
    <soap12:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://www.w3.org/2003/05/soap-envelope">
      <soap12:Header>
        <Security xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <UserNameToken ="">
            <Username>string</Username>
            <Password Type="string" />
          </UserNameToken>
        </Security>
      </soap12:Header>
      <soap12:Body>

    UserNameToken ID is not showing, namespaces are not showing etc...

    Please suggest a sample.

    Friday, January 3, 2014 1:07 PM
  • Any suggestions on this please.
    Saturday, January 18, 2014 12:05 PM