none
Webservice Header Issue ( Authentication required ) RRS feed

  • Question

  • Dears I am developing client application to consume webservice, the webservice developer sent me the wsdl file and the sample SOAP request , all look fine for me

    the issue that when I am trying to call the webservice it returns an error message ( Authentication Required ) but I am sending the user name and the password in the header as expected.

    here is the Sample SOAP 

    <soapenv:Envelope xmlns:fax="http://fax.po.ws.apps.oracle.xxdof/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Header><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsse:UsernameToken wsu:Id="UsernameToken-5A2B82D9EE5888AE0414252886487322"><wsse:Username>weblogic</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">weblogic1</wsse:Password><wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">jMqFQqEM30Yp+t3tP+8meg==</wsse:Nonce><wsu:Created>2015-03-02T09:30:48.732Z</wsu:Created></wsse:UsernameToken></wsse:Security></soapenv:Header>
       <soapenv:Body>
          <fax:faxStatus>
             <!--Optional:-->
             <arg0>0</arg0>
             <!--Optional:-->
             <arg1>0</arg1>
             <!--Optional:-->
             <arg2>0</arg2>
             <!--Optional:-->
             <arg3>0</arg3>
             <!--Optional:-->
             <arg4>0</arg4>
             <!--Optional:-->
             <arg5>0</arg5>
          </fax:faxStatus>
       </soapenv:Body>
    </soapenv:Envelope>"

    and below the request I am sending 

    <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <s:Header>
        <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
          <o:UsernameToken u:Id="uuid-90e0f212-3dc0-4913-96a8-175697d5240d-1" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <o:Username>username</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
            <o:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">JY+mppXhcmr+Rl/kzURVoYKFKa4=</o:Nonce>
            <u:Created>2015-03-18T09:43:26.248Z</u:Created>
          </o:UsernameToken>
        </o:Security>
      </s:Header>
      <s:Body>
        <faxStatus xmlns="http://fax.po.ws.apps.oracle.xxdof/" xmlns:i="http://www.w3.org/2001/XMLSchema-instance">
          <arg0 xmlns="">0</arg0>
          <arg1 xmlns="">1</arg1>
          <arg2 xmlns="">2</arg2>
          <arg3 xmlns="">3</arg3>
          <arg4 xmlns="">4</arg4>
          <arg5 xmlns="">5</arg5>
        </faxStatus>
      </s:Body>
    </s:Envelope>

    Can you please point me what I am missing here

    thanks

    wasim

    Wednesday, March 18, 2015 8:51 PM

All replies

  • Hi,

    For this scenario, you may refer to the following links for more information about Web Service or WCF authertication using Soap header:

    http://ajayburman.blogspot.hk/2012/02/web-service-or-wcf-authertication-using.html

    http://www.codeproject.com/Articles/4398/Authentication-for-Web-Services-using-SOAP-headers

    Regards

    Friday, March 20, 2015 1:27 AM
    Moderator
  • Thank you for your reply.

    both links refers to implementation of the soap header on both side the webservice and the client application , in my case the webservice has been developed by a 3rd party where I have only the wsdl of the webservice and a sample of SOAP request.

    I have developed several webservices using vs and never went through such an issue.

    the other point to mention is the webservice has been tested successfully using SOAPUI .

    regards

    Sunday, March 22, 2015 6:35 PM
  • Hi,

    In the Sample SOAP, the username and password are weblogic and weblogic1. But the request you are sending are username

    and password which are not the authenticated account.

    You need make sure that the username and password you passed are authenticated

    account.

    Tuesday, March 24, 2015 3:07 AM
  • thank you for your reply

    Sorry for that, in the actual request I am sending I am using the correct username and password ( weblogic, weblogic1), but here I just generated the soap and put username and password to show them clearly.

    the response for wrong username and password would be 'Invalid Credential' , but here the response is 'Authentication required' as the service is not able to recognize the soap header.

    Wednesday, March 25, 2015 9:46 AM