passing encrypted data in the SOAP headers from Delphi to an ASP.Net web service

Hi All,
I was able to get some help with this in another group but no final answer.

I've created an ASP.Net web service to provide shared capability to a number 
of our applications -- both Delphi client/server and ASP.Net web apps.  We 
want to be able to restrict this web service to just our own applications 
and protect it from anyone who might "discover" it and try and use it.  I've 
created a custom SOAP header which works just fine.  I can use the web 
service from a Delphi app with no trouble.

The problem is that I'd like to encrypt one of the attributes in my custom 
SOAP header.  I can get simple XOR encryption to work between a Delphi app 
and the web service.  Based on recommendations from the other forum, I've 
tried more sophisticated encryption using either the DCPCrypt components or 
the Delphi Encryption Compendium on the Delphi side and the .Net 
Cryptography name space classes on the .Net side.

The problem is I can't get the various encryption classes to produce 
compatible results.  Using the same encryption and hash algorithms the 
DCPCrypt components produce one encrypted value, the Delphi Encryption 
Compendium produces another and the .Net classes produce yet another.  None 
of the 3 classes can successfully decrypt something encrypted in any of the 
others.  One person posted that his company got this working with TripleDES 
and the DCPCrypt components on one side and the .Net Cryptography classes on 
the other but I was never able to get any details from him.

Simple XOR encryption is probably sufficient for our needs but I'd really 
like to get this working with a more sophisticated encryption method if 
possible.  Has anyone managed to get something similar working and would you 
be willing to share?

Thanks,
=================================
Ray Porter
Information Systems
Applications Development Manager
Division of University Advancement
University of North Carolina at Chapel Hill
Phone: (919) 259-9389
Fax: (919) 843-3314
Pager: (919) 216-4218

ray_porter@unc.edu
http://www.unc.edu/~dragon

Meddle not in the affairs of dragons for thou
art crunchy and taste good with ketchup
0
Lester
8/12/2010 5:44:40 PM
embarcadero.delphi.webservices 976 articles. 0 followers. Follow

5 Replies
1141 Views

Similar Articles

[PageSpeed] 34

Hi Lester,

> The problem is that I'd like to encrypt one of the attributes in my custom 
> SOAP header.  

Why? You may want to consider using https:// as your choice of 
communication protocol, which will encrypt the SOAP Header using SSL 
(and is in my view probably stronger than anything you can make 
yourself, with all due respect)...

All it involves is a certificate on your web server. It's easy to do - I 
have https://www.bobswart.nl now for my secure services for example.

> Ray Porter

Groetjes,
           Bob Swart

-- 
Bob Swart Training & Consultancy (eBob42.com) Forever Loyal to Delphi
Chairman Delphi Development Network (DDN) powered by SDN - www.sdn.nl
Embarcadero Technology Partner - Delphi & RAD Studio Reseller BeNeLux
http://twitter.com/eBob42 LinkedIn: http://nl.linkedin.com/in/drbob42
Delphi Win32 & .NET books on Lulu.com: http://stores.lulu.com/drbob42
Personal courseware + e-mail support http://www.ebob42.com/courseware
Blog: http://www.drbob42.com/blog - RSS: http://eBob42.com/weblog.xml
0
Bob
8/13/2010 4:16:07 PM
Thanks, Bob. We already have SSL on the server but our campus security folks 
want the key piece of character data in the SOAP header encrypted too.  Not 
my call.  Of course, it's entirely possible they haven't even considered 
that it's actually encrypted anyway.  Oh well, ours not to reason why...

Thanks,
Ray

"Bob Swart" <Bob@eBob42.com> wrote in message 
news:273424@forums.embarcadero.com...
> Hi Lester,
>
>> The problem is that I'd like to encrypt one of the attributes in my 
>> custom
>> SOAP header.
>
> Why? You may want to consider using https:// as your choice of
> communication protocol, which will encrypt the SOAP Header using SSL
> (and is in my view probably stronger than anything you can make
> yourself, with all due respect)...
>
> All it involves is a certificate on your web server. It's easy to do - I
> have https://www.bobswart.nl now for my secure services for example.
>
>> Ray Porter
>
> Groetjes,
>           Bob Swart
>
> -- 
> Bob Swart Training & Consultancy (eBob42.com) Forever Loyal to Delphi
> Chairman Delphi Development Network (DDN) powered by SDN - www.sdn.nl
> Embarcadero Technology Partner - Delphi & RAD Studio Reseller BeNeLux
> http://twitter.com/eBob42 LinkedIn: http://nl.linkedin.com/in/drbob42
> Delphi Win32 & .NET books on Lulu.com: http://stores.lulu.com/drbob42
> Personal courseware + e-mail support http://www.ebob42.com/courseware
> Blog: http://www.drbob42.com/blog - RSS: http://eBob42.com/weblog.xml
0
Lester
8/13/2010 5:07:34 PM
Oh, actually, there is another piece.  The web service is being consumed and 
the SOAP headers being set in a Delphi client application without SSL.

Ray

"Bob Swart" <Bob@eBob42.com> wrote in message 
news:273424@forums.embarcadero.com...
> Hi Lester,
>
>> The problem is that I'd like to encrypt one of the attributes in my 
>> custom
>> SOAP header.
>
> Why? You may want to consider using https:// as your choice of
> communication protocol, which will encrypt the SOAP Header using SSL
> (and is in my view probably stronger than anything you can make
> yourself, with all due respect)...
>
> All it involves is a certificate on your web server. It's easy to do - I
> have https://www.bobswart.nl now for my secure services for example.
>
>> Ray Porter
>
> Groetjes,
>           Bob Swart
>
> -- 
> Bob Swart Training & Consultancy (eBob42.com) Forever Loyal to Delphi
> Chairman Delphi Development Network (DDN) powered by SDN - www.sdn.nl
> Embarcadero Technology Partner - Delphi & RAD Studio Reseller BeNeLux
> http://twitter.com/eBob42 LinkedIn: http://nl.linkedin.com/in/drbob42
> Delphi Win32 & .NET books on Lulu.com: http://stores.lulu.com/drbob42
> Personal courseware + e-mail support http://www.ebob42.com/courseware
> Blog: http://www.drbob42.com/blog - RSS: http://eBob42.com/weblog.xml
0
Lester
8/13/2010 5:08:25 PM
Hi Ray,

> Oh, actually, there is another piece.  The web service is being consumed and 
> the SOAP headers being set in a Delphi client application without SSL.

You should be able to change that to using https:// instead of http:// 
so the client also uses SSL.

And then I would really ask your "campus security folks" why additional 
encryption is needed. Or just implement a very simple one (like XOR) 
that indeed can be used in Win32 and .NET, without really worrying if 
this is save enough (provided all clients access the web service using 
https:// that is)...

> Ray

Groetjes,
           Bob Swart

-- 
Bob Swart Training & Consultancy (eBob42.com) Forever Loyal to Delphi
Chairman Delphi Development Network (DDN) powered by SDN - www.sdn.nl
Embarcadero Technology Partner - Delphi & RAD Studio Reseller BeNeLux
http://twitter.com/eBob42 LinkedIn: http://nl.linkedin.com/in/drbob42
Delphi Win32 & .NET books on Lulu.com: http://stores.lulu.com/drbob42
Personal courseware + e-mail support http://www.ebob42.com/courseware
Blog: http://www.drbob42.com/blog - RSS: http://eBob42.com/weblog.xml
0
Bob
8/13/2010 5:23:40 PM
Thanks, Bob.  I've already implemented simple xor encryption which seems to 
have made everyone happy.  I just wanted to understand why the tools I can 
use in Delphi seem to generate different encrypted strings (i.e., DCPCrypt 
and the Delphi Encryption Compendium) from each other and both are different 
from the .Net cryptography classes -- all with the same key and same hash 
and encryption algorithm.

The client will call the web service with SSL so I guess we're doubly 
secure. ;-)

Security types and campus legal counsel are basically running scared because 
systems at several institutions (not ours) have been compromised and the 
names of senior administrators have made it into the press in a not good 
way.  The lawyers are dictating things that probably aren't really necessary 
technically and senior administrators are agreeing with them.  Sometimes 
those of us who write code just have to make things work the way we're told 
to. ;-)

Thanks again,
Ray


"Bob Swart" <Bob@eBob42.com> wrote in message 
news:273468@forums.embarcadero.com...
> Hi Ray,
>
>> Oh, actually, there is another piece.  The web service is being consumed 
>> and
>> the SOAP headers being set in a Delphi client application without SSL.
>
> You should be able to change that to using https:// instead of http://
> so the client also uses SSL.
>
> And then I would really ask your "campus security folks" why additional
> encryption is needed. Or just implement a very simple one (like XOR)
> that indeed can be used in Win32 and .NET, without really worrying if
> this is save enough (provided all clients access the web service using
> https:// that is)...
>
>> Ray
>
> Groetjes,
>           Bob Swart
>
> -- 
> Bob Swart Training & Consultancy (eBob42.com) Forever Loyal to Delphi
> Chairman Delphi Development Network (DDN) powered by SDN - www.sdn.nl
> Embarcadero Technology Partner - Delphi & RAD Studio Reseller BeNeLux
> http://twitter.com/eBob42 LinkedIn: http://nl.linkedin.com/in/drbob42
> Delphi Win32 & .NET books on Lulu.com: http://stores.lulu.com/drbob42
> Personal courseware + e-mail support http://www.ebob42.com/courseware
> Blog: http://www.drbob42.com/blog - RSS: http://eBob42.com/weblog.xml
0
Lester
8/13/2010 7:05:03 PM
Reply:

Similar Artilces:

passing cookies from ASP.NET web application to ASP.NET web service
Hi,     We are having a web application which in turn calls a web service.  we want to pass the cookies in the web application to the web service.     Can it be done?    Both the web application and web service are in seperate physical folders.    In IIS both are seperate virtual directories under default web site.    Kindly help me in this issue. Thanks, Prathiba you can extract values from web site to web service, but this will create cross scripting  My blog is here.Please remember to 'Mark as Answer' i...

How to consume a Delphi web service in asp.net ?
Can anyone tell us how to consume a delphi web service in asp.net Thanks in advance Bryan If you are consuming the web service you should be able to do it just as you would a web service created using ASP.NET. If you are using Visual Studio .NET you should add a Web Reference to your project. Otherwise, you should use WSDL.exe to generate a proxy.Daniel Richardson...

ASP.NET web service and Delphi 5
I have a web service that right now accepts a string( an xml formated set of data).This string could be 10,000 items long,What would be a more efficent way to do this?...

Noob ASP.NET/Web Services question (Moved from ASP.NET AJAX web services forum)
I'm connecting a ASP.NET project to a web service.  The web service was accessed on port 83, but when I added the web reference in Visual Studio 2008, it couldn't query the service and discover its interface.I switched the web service over to port 80 and it worked perfectly.  Do you know what's going on?  Has anyone experienced the same issue? Hello Cody, This really relates to the runtime setup of your projects.  When you are creating ASP.Net projects, Visual Studio runs the web apps/servers within Cassini.  Cassini is an internal web server to Visua...

sending utf-8 data to .net web service from delphi
Hi I have a .net web service and i use delphi client to work with it , When i read information from my web service every thing is OK and i can easily get unicode data from my web service but when i want to send my unicode data to my web service all of unicode data changes to ???? ????????? ... I have this problem in delphi because when sending my unicode data directly from IE to web service it work correctly . Please Help me if u can . Thanks and Best Regards i had same problem, and after wasting couple of time find the solution. after importing WSDL file bye WSDL Importer, ...

Has anyone successfully used a Delphi web service client against an ENCRYPTED WCF web service server?
Has anyone successfully used a Delphi web service client against an ENCRYPTED WCF web service server? Which is to say, of course, that the URL would be starting with https. Anyone? ...

How to generate multipage Header and Footers using ASP.NET on web pages.How to generate multipage Header and Footers using ASP.NET on web pages.
Hi,I am developing an application in ASP .NET where I have to generate a Header and a Footer on my web pages. The issue is that, these headers and footers need to be dynamically placed on the page. For example, if the page length is 1 page, there will be only 1 header and 1 footer. But if the page length is larger, and when we do the print/print preview of the page and it goes to say more than 1 page, then I need the headers and footers on all the pages. In abstract, I need the headers and footers on all the pages depending on the length of the page generated. I am developing the applicati...

Forward Credentials from ASP.NET Web-application to ASP.NET Web-Service
Hi,I don't have much knowledge about this. But, i have to get the person's UID and pwd who is logged into windows and pass this info along to a web service. Any ideas? You have to add similiar code like this ...//Create an instance of the CredentialCache class.CredentialCache cache = new CredentialCache();// Add a NetworkCredential instance to CredentialCache.// Negotiate for NTLM or Kerberos authentication.cache.Add( new Uri(myProxy.Url), "Negotiate", new NetworkCredential("UserName", "Password", "Domain"));//Assign CredentialCache to the Web service Client Proxy(myProxy) Credetials ...

Visual Studio .NET has detected that the specified Web server is not running ASP.NET version 1.1. You will be unable to run ASP.NET Web applications or services.
I get that msg. Try several things, but not working yet!! help please http://support.microsoft.com/default.aspx?scid=kb;en-us;817267 <- Jase -> Try opening the Visual Studio .NET command prompt (Start > Programs > VS.NET > Toosl > VS.NET Command Prompt) and typing in: aspnet_regiis -i To install ASP.NET with IIS.Stanley Tan theSpoke Blog...

Delphi and Delphi for .Net
It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. I would like to know is it true all .Net application is slower than Win32 native applicaiton or it is Delphi for .Net only. Your information is great appreciated, Inung On 2011-06-21 18:20:17 +0100, Inung Huang said: > It seems that Delphi for .Net is slower than Delphi Win32 native applicaiton. > I would like to know is it true all .Net application is slower than > Win32 native applicaiton or it is Delphi for .Net only. If you are only running the code in the application once then, yes, yo...

Visual Studio .NET has detected that the specified Web server is not running ASP.NET version 1.1. You will be unable to run ASP.NET Web applications or services. #2
I am getting the following error when I try to open a project. Please help me.  Visual Studio .NET has detected that the specified Web server is not running ASP.NET version 1.1. You will be unable to run ASP.NET Web applications or services. Thanks in advance, Prabaavaty      go to ur frameworx pathC:\Windows\Microsoft.NET\Framework\v[ur version here]  and type in aspnet_regiis -ithen try again If this post was useful to you, please mark it as correct answer. Thank you!no problem should ever be solved twice.net wand Hi Prabaavaty, Based on my und...

Consuming a .NET web service in Delphi 2010 using a service reference
Hi, I've been asked to modify one of my existing applications (D2010 Win32) to interact with a web service written under VS2010/.Net 4. The information I have so far is :- "As communication is secured by .NET WsHttpBinding data encrypting, In order to consume it you have to add to your application a Service Reference (not a web reference) that joins the service available at the URL: http://ctm.mobilling.it/SmsComApi/Sms.svc . Assuming that the binding created in your app.confing is named "WSHttpBinding_ISms" you have to instantiate a client as shown below: {c...

Urgent
Hi All,   I have seen a number of posts regarding this error message and unfortunately none of the suggestions work for me. I am developing on WinXp Pro SP3 and have had VS Studio .Net 2003, Version 7.1.3088 with the .NET Framework Version 1.1.4322 SP 1 and VS Studio 2005 Version 8.0.50727.762 SP .050727-7600 with the .NET Framework Version 2.0.50727 SP1 on my development machine. Everything was working fine until recently. Certain errors that were happening on a server could not be reproduced on my development machine so I registered with DynDNS and created a dynamic dns that p...

How to call web service from asp.net application if web service is on web hosting server
Hi! my question is that how to call web service from asp.net if web service is present on web hosting srver....  Actually i created a web service and configure it in IIS and then call it from other asp.net application it works fine but when i copy that web service to web hosting server and call it from asp.net application it gives the following error Server Error in '/' Application. Parser Error Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modif...

Web resources about - passing encrypted data in the SOAP headers from Delphi to an ASP.Net web service - embarcadero.delphi.webservices

Ricky McCormick's encrypted notes - Wikipedia, the free encyclopedia
Two hand-written documents were found in the pockets of murder victim Ricky McCormick when his body was discovered in a field in St. Charles ...

Facebook: 95% of Notification Emails Encrypted Thanks to Providers’ STARTTLS Deployment
... encryption standard , which it originally wrote about in May , saying that 95 percent of its notification emails are now successfully encrypted ...

An Update on Encrypted UIDs
An Update on Encrypted UIDs

ChatSecure: Encrypted, Secure Multiprotocol Chat and Instant Messaging (Google Talk, XMPP) on the App ...
Get ChatSecure: Encrypted, Secure Multiprotocol Chat and Instant Messaging (Google Talk, XMPP) on the App Store. See screenshots and ratings, ...

NSW Bikie gangs' encrypted BlackBerrys beat law
Bikie gangs and organised crime groups are believed to have foiled police attempts to tap their phones by importing untraceable, encrypted BlackBerrys ...

Secret origins of Telegram, the encrypted messaging app favoured by Islamic State
... have claimed Telegram is actually not all that secure: a flaw that may reflect the fact that Telegram wasn't initially conceived as an encrypted ...

Obama won't seek access to encrypted user data
Obama administration backs down in its bitter dispute with Silicon Valley over encryption of data on digital devices.

Are encrypted phones allowing criminals to get away with murder?
Sydney crime and bikie gangs are using&nbsp;uncrackable&nbsp;mobile phones to arrange murders, shootings and drug deals &ndash; hampering&nbsp;the ...

Whistleblower app FraudSec features anonymising encrypted messaging
A one-time whistleblower has launched a new app that helps people report fraud anonymously while protecting their identity.

British prime minister says he’ll ban encrypted chat apps if he can’t see your messages
For several months we've followed the U.S. government's attempts to work around encryption in chat apps, even taking the hyperbole to an illogical ...

Resources last updated: 1/21/2016 6:29:05 AM