locked
XML Web service security RRS feed

  • Question

  • User-284642143 posted

    I have an XML web service i need to access. Using 3rd party clients i can add a SoapHeader and the service seems to run fine. In an ASP .Net web app i cant seem to get this to work..... i read up at http://msdn.microsoft.com/en-us/library/system.web.services.protocols.webclientprotocol.credentials(v=vs.110).aspx

    and tried what was stated but still doesnt work. Hers some of the request sent which seems to be missing in the request i send using .Net

    <wsse:Security soap:mustUnderstand="1">
    <wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-30ee039e-e5e8-4e33-ad5c-7e6a10f31ac1">
    <wsse:Username>user</wsse:Username>
    <wsse:Password Type="http://test/">password</wsse:Password>
    <wsse:Nonce>bbii775545</wsse:Nonce>
    <wsu:Created>2000-12-20T12:58:22Z</wsu:Created>
    </wsse:UsernameToken>
    </wsse:Security>


    So i guess i need to add a soapHeader? But not sure how to do this? Or what i need to read up on. Any ideas or examples?

    Thanks

    Tuesday, January 21, 2014 4:58 AM

All replies

  • User-484054684 posted

    1. If you are using the asmx webservices, I believe, you can achieve above by using the WSE extension. WSE framework is an extension on top of asmx webservice framework. So, it is WebService Enhancement.

    For the steps and working solution to implement WSE integration, you can read this good post:
    http://stackoverflow.com/a/2140064/3070806 (It in-turn also refers to: http://msdn.microsoft.com/en-us/library/aa480575.aspx)

    2. If you are using (or planning to use) WCF, this can be done as below: http://stackoverflow.com/a/5858286/3070806.
    Another example for WCF: http://stackoverflow.com/questions/16028014/how-can-i-pass-a-username-password-in-the-header-to-a-soap-wcf-service
    But, I hope you are not using WCF. So, I believe, you can go ahead with WSE as mentioned in point 1.

    Hope it helps.

    Tuesday, January 21, 2014 8:30 AM
  • User-284642143 posted

    Thanks for that. Unfortunately i realised at a late stage that WSE cannot be used. Therefore i used

    HttpWebRequest
    

    to get access to the headers and then load it into an XMLDocument. However having some issues. To save some time i was wondering if im along the right lines or if there are examples i could use to create the headers and then pass in the envelope/body?

    Wednesday, January 22, 2014 1:41 PM
  • User-417640953 posted

    Hi EssCee,

    Thanks for the post.

    According to your description, I see you want to use the HttpWebRequest to call the web service with construct a soap server request content.

    For this issue, I suggest you reading the article for "Invoking Web Service dynamically using HttpWebRequest".

    http://geekswithblogs.net/marcel/archive/2007/03/26/109886.aspx

    It will teach you how to call the web service using HttpWebRequest with soap format content.

    You can also check below issue for some information.

    http://stackoverflow.com/questions/17173476/using-httpwebrequest-to-make-soap-requests-over-4kb-results-in-500-internal-serv

    Thanks.

    Best Regards!

    Thursday, January 23, 2014 4:50 AM
  • User-484054684 posted

    Hi EssCee,

    As specified earlier, WSE is the good option. However, in your scenario as you are using HttpWebRequest, that is still easy to do - as you can post the raw xml.

    You can refer this code snippet (Reference: from http://forums.asp.net/t/1179500.aspx?Web+Service+SOAP+Header):

    System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(http://mywebservice); 
    string strSOAPRequestBody = "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>" +
    "<soapenv:Header>" + 
    "<wsse:Security>" +
    "<wsse:UsernameToken>" + 
    "<wsse:Username>username</wsse:Username>" +
    "<wsse:Password>password</wsse:Password>" + 
    "</wsse:UsernameToken>" +
    "</wsse:Security>" + 
    "</soapenv:Header>" +
    
    "<soapenv:Body>" +
     
    
    "</soapenv:Body>" +"</soapenv:Envelope>"; 
    request.Method = "POST";
     request.ContentType = "application/soap+xml; charset=utf-8"; 
    request.ContentLength = strSOAPRequestBody.Length;
     System.IO.StreamWriter streamWriter =new System.IO.StreamWriter(request.GetRequestStream()); 
    streamWriter.Write(strSOAPRequestBody);
    
    streamWriter.Close();
     System.IO.StreamReader streamReader =new System.IO.StreamReader( 
    request.GetResponse().GetResponseStream());
    
     
    string strResponse =  "";while (!streamReader.EndOfStream) 
    strResponse += streamReader.ReadLine();
    
    streamReader.Close();
    

    Hope it helps.

    Thursday, January 23, 2014 9:08 AM