none
How to implement WSSE in my WebService ? RRS feed

  • Question

  • Hi,

    i have an old WCF service, and now i got a request from a client to support WSSE.

    From what i read it's all about new SOAP header that will contain user,password and maybe a timestamp etc'.

    My question is, who is going to authenticate against the user and the password ? is it built in in IIS (windows user that is being authenticate ) or i need to implement such mechanism in my code ?

    What changes in the wb.config i need to do in order to accept such a SOAP request ?

    any special attributes that need to add to my interface and contract ?

    Thanks,

    Baruch

    Wednesday, February 17, 2016 2:38 PM

Answers

  • Hello,

    >>My question is, who is going to authenticate against the user and the password? is it built in in IIS (windows user that is being authenticate) or I need to implement such mechanism in my code?

    You can try to add authentication to SOAP Header like the code below:

    UsernameToken token = new UsernameToken(Username, Password, PasswordOption.SendHashed);
    //Add Auth to SOAP Header
    MessageHeader header  = MessageHeader.CreateHeader(
          "Security","http://...xsd", token.GetXml(new XmlDocument())
        );
    OperationContext.Current.OutgoingMessageHeaders.Add(header);

    >> What changes in the wb.config i need to do in order to accept such a SOAP request? any special attributes that need to add to my interface and contract ?

    You need to add security node in your web.config file as described in the following article(https://msdn.microsoft.com/en-us/library/ms730049%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396)

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.




    Friday, February 19, 2016 8:16 AM
    Moderator

All replies

  • Hello,

    >>My question is, who is going to authenticate against the user and the password? is it built in in IIS (windows user that is being authenticate) or I need to implement such mechanism in my code?

    You can try to add authentication to SOAP Header like the code below:

    UsernameToken token = new UsernameToken(Username, Password, PasswordOption.SendHashed);
    //Add Auth to SOAP Header
    MessageHeader header  = MessageHeader.CreateHeader(
          "Security","http://...xsd", token.GetXml(new XmlDocument())
        );
    OperationContext.Current.OutgoingMessageHeaders.Add(header);

    >> What changes in the wb.config i need to do in order to accept such a SOAP request? any special attributes that need to add to my interface and contract ?

    You need to add security node in your web.config file as described in the following article(https://msdn.microsoft.com/en-us/library/ms730049%28v=vs.110%29.aspx?f=255&MSPPError=-2147217396)

    Best Regards,
    Amy Peng


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.




    Friday, February 19, 2016 8:16 AM
    Moderator
  • Thank you Amy, i will give it a try.
    Sunday, February 21, 2016 1:44 PM