Soap Header authentication in web service

Hi All,

I am trying to call a webmethod in an external web service. But tht web service have implemented authentication via Soap Header.

This is the format of Soap header which I have to pass,

<soap:Header>
        <wsse:Security soap:mustUnderstand="1" >
            <wsse:UsernameToken>
                <wsse:Username>USER@CUSTOMER</wsse:Username>
                <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">PASSWORD</wsse:Password>
            </wsse:UsernameToken>
        </wsse:Security>
    </soap:Header>

How can I pass this to the web service..or else how can I modify the soap header.

Any help is appreciated.

regards,

 

Allen

0
allenrajiev
4/19/2007 2:01:47 PM
asp.net.security 27051 articles. 1 followers. Follow

4 Replies
2300 Views

Similar Articles

[PageSpeed] 23
Get it on Google Play
Get it on Apple App Store

This should help: http://aspnet.4guysfromrolla.com/articles/123103-1.aspx

 

 


Deepak Sharma
|My website|
Please “mark as answer” if this answers your question. Thanks.
0
deepak11
4/20/2007 4:40:24 PM
I had gone thru tht link.
0
allenrajiev
4/23/2007 5:22:31 AM

Thanks for ur reply Deepak..

For me the problem now is UsernameToken class is not getting identified. Is it available only in WSE2.0 and WSE3.0 or is it there in WSE1.0 also. I have included WSE1.0 and is referencing that.Still I am not getting that class. Can somebody advice on this? If I have to install WSE2.0 or WSE3.0 from where can I get it?

Thanks..aLLEN

0
allenrajiev
4/23/2007 5:26:02 AM

Hi

To use Microsoft WSE 1.0, exit VS.Net and install WSE 1.0. Modify the project to use WSE by adding a reference to Microsoft.Web.Services 1.0 and adding this .config file:

<?xml version="1.0" encoding="utf-8" ?> 
<configuration> 
        <!-- Defines WSE version (1.0) for this 
        client application --> 
               <configSections> 
                       <section name="microsoft.web.services" 
                       type="Microsoft.Web.Services.
                       Configuration.WebServicesConfiguration, 
                       Microsoft.Web.Services, Version=1.0.0.0, 
                       Culture=neutral, 
                       PublicKeyToken=31bf3856ad364e35" /> 
               </configSections> 
        </system.net> 
</configuration> 

Regenerate the proxy class by right-clicking on the Web reference AvitekWS and selecting Update Web Reference. This creates two proxy classes: one each for a regular Web service and one for a WSE-enabled one.

Add import statements at the beginning of WinUI.vb:

Imports Microsoft.Web.Services 
Imports Microsoft.Web.Services.Security 

Next change all references to the Web service proxy from OrderEntryWebService2 to OrderEntryWebService2Wse in WinUI_Load and SubmitButton_Click:

Dim orderWS As OrderEntryWebService2Wse 
orderWS = New OrderEntryWebService2Wse 

Add code to attach the username token to the Web service call in WinUI_Load and SubmitButton_Click. You also have to disable the MustUnderstand SOAP header attribute for the path header:

'hard code user credentials for demo 
Dim userToken As UsernameToken 
Dim requestContext As SoapContext 
userToken = New UsernameToken(
        "jane", "janejane", 
        PasswordOption.SendPlainText) 
requestContext = orderWS.RequestSoapContext 
requestContext.Security.Tokens.Add(
        userToken) 
requestContext.Timestamp.Ttl = 60000
requestContext.Path.EncodedMustUnderstand = 
        "false" 

You’d purchase a real SSL certificate or use a time-limited one from a certification authority. The last step is to change the URLs in the .Net Web services proxy classes (Reference.vb) to read https instead of http.

Hope it helps

 

 


Best Regards
XiaoYong Dai
Microsoft Online Community Support

Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
0
XiaoYong
4/23/2007 7:29:26 AM
Reply:

Similar Artilces:

Calling a Secure C# Web Service with SOAP Header Authentication and Cookies
Hi, I hope someone would be able to point me in the right direction. I need to develop a Delphi Client (Delphi 2009 Pro) that will consume a C# Web Service which makes use of SOAP Header Authentication and Cookies. The WSDL is poiting to a https:// address, and I was able to import the Service into my Delphi project using the WSDL Importer. But now I do not know how to continue, if it was normal web service (without the authentication code) it would have been fine. The initial call would contain something like this: (This from the Service Providers manual) {code} <?xml version=...

Secure web service with soap headers and cookie Autherization
Hi, I am trying to write a small code to secure an exposed web services(service2.asmx) that returns server time by using cookie type authorization on the web service side using custom SOAP Headers that pass authentication credentials to the web service. I do not want to use SSL. If this works I will also encrypt/dcrypt the Soap message. To achieve this, I wanted to build a client app. that does the followings: a)Accepts and sends a username and password ( "admin" and "passord" resp.) b)gets server time C)checks to see if the user is logged in. Well, in my ...

A question about Web Service security / secured web service Testing
Hi, I created a web service and secure it using SoapExtention. I implemented code from this link. http://www.developer.com/net/net/article.php/11087_2192901_2 Now if I create proxy class from my other webapplication and call any webmethod of my webservice, I must provide username password to access any of its webmethod, otherwise it is throwing SOAP Exception which works fine. But now when I open this webservice locally using its URL, in Internet Explorer, like http://localhost/MyWebService/poservice.asmx, it shows me all webmethods and I can invoke any webmethod from here without using ...

Encrypting User credential /Soap header --- Web service security
Hi, I want to use SOAP header as a tool for implementing secure web service. However, I have been told that when I send user credentials across the Internet via SOAP headers, they will be sent as a plain text in XML format, ie. they are vulnerable to prying eyes. One method to get around this is to encrypt the user credentials prior to sending them and provide an equivalent decryption algorithm in the web service. I am new to encryption and where can I find examples ( codes in Vb) or articles that can help me to solve this type of problem to secure the web service???? The user Id and pa...

How to call a .net web service from another .net web service?
Hi all,I have developed two asp .net web services using visual studio .net 2003.I wish to call one web service from another web service.I tried adding a web reference of the web service in another web service and was able to do so.but i m not able to access the web methods provided by the web servicecould you please suggest a way to go about itExpecting quick replyThanxCharmy try to make sure that you reference it in the web reference and call it properly this is sample  [WebMethod()] public double CalcDistance(int x1, int y1, int x2, int y2) { Calculator.Service1 calc = new...

How do I set a session ID in a web service SOAP header using a .NET proxy?
I have a web service proxy set up in PB 10.5. I need to set a session ID in the SOAP header so the web service can validate subsequent requests for this session. Is this possible? You can't modify the SOAP headers unfortunately. That capability is supposed to be forthcoming in an EBF/Maintenance Release, but I do not now of an specific timeframe. On 20 Apr 2006 13:40:54 -0700, "Libby Engelbret" <lengelbret@npomn.com> wrote: >I have a web service proxy set up in PB 10.5. I need to set a session ID in >the SOAP header so the web service can val...

web service SOAP Headers
If this isn't the right forum, let me know what is.Is there a difference between SOAP serialization and  and XML serialization.I have been reading heavily and am now quite confused.I understand that SOAP serialization produces XML, but perhaps without a specific schema or a scheme very different from XML. In the context of web services, the XML Serializer is used to produce XML in SOAP format. What you may be getting confused about is that there is also a "runtime serialization" subsystem. This can serialize data either using a Binary Formatter, or a SOAP Formatter. It...

Security concern over application services such as authentication exposed as web services
There have been questions around security with regard to exposing application services such as authentication as web services to the client side. Can any provide any insight on this ?   Also , when we are invoking webserivces from the client side javascript what identity is used for validating user credentials?   Thanks! Pratibha...

Web service in .NET from Java Web Service
Hi there,I'm pretty new to .net (although i have years of experience with the old vb 6, access 2k, as well as java)... and need some with perhaps either some syntax or something.Here is the wsdl.<wsdl:definitions targetNamespace="http://www.dynix.com/schema/book">−<wsdl:types>−<schema targetNamespace="GetBookInfoByISBN">−<complexType name="BookInfoType">−<sequence><element maxOccurs="1" minOccurs="0" name="Title" nillable="true" type="xsd:string"/><element maxOccurs=&quo...

Adding Web Reference to Web Service With SOAP Header in Visual Studio 2005
Hi, I'm a beginner in web service. Recently, I created a web service with custom SOAP header so it support security feature. I modify my code from a tutorial that I read: Imports System.Web Imports System.Web.Services Imports System.Web.Services.Protocols _ _ _ Public Class SecureHelloWorld Inherits System.Web.Services.WebService Public authentication As AuthenticationHeader _ Public Function HelloWorld() As String If authentication.Name = "Hello" AndAlso authentication.Password = "World" Then Return &quo...

WS-Security with VS.NET 2005 Web Service and .NET 1.1 Client
We ship a webservices client piece into the field which is required to run on the .NET 1.1 version of the framework, this is defined by our business people and cannot change. We would like to work with .NET 2.0 in VS.NET 2005 for the backend Web Service piece. We are able to get the 2 to communicate fine and it is not a problem. The issue now is that we need to introduce security through WS-Security. I have not been able to find much information about interop between the 2 environments and WS-Security and cannot get the security elements to be invoked in VS.NET 2005. Currently we are trying ...

Web Service SOAP Header
Using VB. I have added a web reference to my project for a web service using the specified http WSDL. I have added an instance of the service to my page: Dim ws As New myservice One of the requirements is that I use header authentication in the SOAP response (username and password). What is the best way to approach this. I do not see any reference to header elements in the WSDL but here is a sample of the SOAP request required. Also I don't see any reference to a class for this type of authentication.<soap:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:...

.NET web services Vs Java Web Services
Hello, does anyone know of a book or good source of information that compares .NET and Java Web Services? (I would like soemthing neutral if possible). I am thinking of approaching this subject for my dissertation? Many Thanks Rob Hi Rob, Last year I had to give a powepoint presentation on Web Services. I noticed some good books at barnes and noble that discussed the subject. These books were specific to Java and discussed Web Services in a very clear fashion. They gave some elementary examples that were easy to understand. I have not yet had the pleasure of creatin .NET Web Servi...

unable to add a secure java web service to .net thru visual studio add web reference
I have a secure java web service running on my system.   I am able to successfully do a URL based invocation of it and also was able to get the expected SOAP response. It uses the Basic Authentication mechanism to make it secure. So basically when I type the URL in the address bar and invoke it, it asks me for a user name password, I enter it and it runs normally.  Now, when I try to add that web service to a simple asp.net web application thru visual studio add web reference mechanism, it first prompts with a certificate, which I accept and then prompts with Disco...

Web resources about - Soap Header authentication in web service - asp.net.security

Authentication - Wikipedia, the free encyclopedia
Authentication (from Greek : αὐθεντικός authentikos , "real, genuine," from αὐθέντης authentes , "author") is the act of confirming the truth ...

Authentication - Facebook-Entwickler
Please note: On October 3, 2012, the offline_access permission will be removed. If you are building...

Facebook Adds Two Factor Authentication for Login and Redesigns Family Safety Center
... announced the release of several new tools to help users stay safe while using the site. Soon, users will be able to enable two factor authentication ...

Lockdown - A better two-factor authentication experience on the App Store on iTunes
Get Lockdown - A better two-factor authentication experience on the App Store. See screenshots and ratings, and read customer reviews.


YouTube - How To Hack Twitter's New Two Factor Authentication
Veröffentlicht am 23.05.2013 Connect! http://toopher.com http://facebook.com/toopherinc http://twitter.com/toopher CEO Josh Alexander wants ...

SafeNet brings Cloud-based authentication service to A/NZ
SafeNet has released its new Cloud-based authentication service, billed as Authentication-as-a-Service, in A/NZ.

Two-factor authentication - cyber security -
Two recent hacking cases highlight how personal emails can impact overall business security through tiny weaknesses.

Digital authentication to become Google's next big focus
Streamlining the website login process a top priority, according to the company’s Australian business and consumer services manager Dan Metcalf. ...

Two-factor authentication: double or nothing
An extra layer of security keeps hackers at bay.

Resources last updated: 12/9/2015 5:22:38 AM