I have added a web reference to my project for a web service using the specified http WSDL.
I have added an instance of the service to my page:
Dimws As New myservice
One of the requirements is that I use header authentication in the SOAP response (username and password). What is the best way to approach this.
I do not see any reference to header elements in the WSDL but here is a sample of the SOAP request required. Also I don't see any reference to a class for this type of authentication.<soap:Header>
<wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><wsse:UsernameToken xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext">
<wsse:Username xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"></wsse:Username><wsse:Password xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"></wsse:Password>
Thanks very much in advance for any suggestions.
Your web service needs to include a class that inherits from the SoapHeader class and contains a username and password property, as well as an authentication method that can verify these credentials with your database. When you instantiate an instance of your web service, you also need to instantiate an instance of the server's authenticationheader class. You then fill the authenticationheader's login properties and then pass the whole object to your service's header property. You can then call your own web methods, in which you first use the credential properties in the header object to first verify the user. This is the high-level view. If I can find the sample code I used I will post it.
Thank you very much for your reply. Any sample code would be very helpful as I am new to this. This is a VB application.
Here is what I have so far on a page where I want to call this particular web service.
Then, for the event of calling the service:Dim userToken As New UsernameToken("myusername", "mypassword")
Dimws As New mywebservice (web reference already added)
I know what I have is incomplete but I found the userToken sample from another Microsoft example. I was hoping that I am on the right track since the sample SOAP header I have for this service should look like the following: I am noticing the use of UsernameToken<soap:Header>
<payloadManifest xmlns="http://www.starstandards.org/webservices/2005/10/transport"><manifest contentID="Content0" namespaceURI="http://www.starstandards.org/STAR" element="ProcessPartsOrder" version="2.01"/>
</payloadManifest><wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:UsernameToken xmlns:wsse="http://schemas.xmlsoap.org/ws/2003/06/secext"><wsse:Username xmlns:wsse="%20myusername%20http://schemas.xmlsoap.org/ws/2003/06/secext"> myusername </wsse:Username>
<wsse:Password xmlns:wsse="%20mypassword%20http://schemas.xmlsoap.org/ws/2003/06/secext"> mypassword </wsse:Password></wsse:UsernameToken>
I'm not actually using Security.Tokens in my app, but what you have looks pretty good to me.
Did you ever manage to get this to work ? I am having exactly the same problem as you but I gave up using the tokens and have now tried generating the SOAP message which is all dandy until i try get a response and it fails everytime, would be interested to know how you solved your problem as mine seemed pretty similiar, my code is something like this.System.Net.HttpWebRequest request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(http://mywebservice); string strSOAPRequestBody = "<soapenv:Envelope xmlns:soapenv='http://schemas.xmlsoap.org/soap/envelope/' xmlns:wsse='http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd'>" +"<soapenv:Header>" + "<wsse:Security>" +"<wsse:UsernameToken>" + "<wsse:Username>username</wsse:Username>" +"<wsse:Password>password</wsse:Password>" + "</wsse:UsernameToken>" +"</wsse:Security>" + "</soapenv:Header>" + "<soapenv:Body>" +
request.Method ="POST";request.ContentType = "application/soap+xml; charset=utf-8";
request.ContentLength = strSOAPRequestBody.Length;System.IO.StreamWriter streamWriter =new System.IO.StreamWriter(request.GetRequestStream());
streamWriter.Close();System.IO.StreamReader streamReader =new System.IO.StreamReader(
string strResponse = "";while (!streamReader.EndOfStream)
strResponse += streamReader.ReadLine();
You also need to set the policy for the client. Here is an article that details this out: http://msdn2.microsoft.com/en-us/library/aa528807.aspx.
My sample code (in C#) is as follows:
1 using Microsoft.Web.Services3.Security.Tokens;Hope this helps.
2 using Microsoft.Web.Services3.Design;
5 public partial class Form1 : Form
8 private void Button1_Click(object sender, EventArgs e)
10 SomeWebService.SomeService serviceClient = new SomeWebService.SomeService();
11 serviceClient.SetClientCredential(new UsernameToken("userName", "password", PasswordOption.SendPlainText));
12 serviceClient.SetPolicy(new Policy(new UsernameOverTransportAssertion()));
14 // .... do other things