TechQA.

Develop web service - UsernameToken header with password digest authentication

1.2k views Asked by At

We are trying to host a service over ABC Server with client certificate and message authentication.
Client will provide WSSE UsernameToken Security header that need to be understood by the service and appropriate authentication has to take place.

There are two options –
1. WCF service – but it does not support digested password out-of-box so we might need to find a way using custom binding or some other tweak.
2. Web service with WSE 3.0 - We need to find out how we can develop a service WSE 3.0 and can take advantage of it to process following security header.
What are the prerequisites for WSE 3.0, what tools and libraries are needed for it?

Any help will be greatly appreciated.

Following soap header is expected in request. 

<s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"
    xmlns:u="http://docs.open.org/wss/2004/01/wss-wssecurity-utility-1.0.xsd">
    <s:header>
        <a:action s:mustunderstand="1">http://service</a:action>
        <a:messageid>urn:uuid:3bc37759-01fk-12er-2317-22068daf2501</a:messageid>
        <a:replyto>
            <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
        </a:replyto>
        <a:to s:mustunderstand="1">https://service.svc</a:to>
        <o:security s:mustunderstand="1" xmlns:o="http://docs.open.org/wss/2004/01/wss-wssecurity-utility-1.0.xsd">
            <u:timestamp u:id="_0">
                <u:created>2013-08-01T07:55:10.582Z</u:created>
                <u:expires>2013-08-01T08:00:10.582Z</u:expires>
            </u:timestamp>
            <wsse:usernametoken wsu:id="b77a80e6-4d1d-49d7-b8f1-35fecc18caae" xmlns:wsse="http://docs.open.org/wss/2004/01/200401-wss-wssecurity-secext-1.0.xsd"
                xmlns:wsu="http://docs.open.org/wss/2004/01/200401-wss-wssecurity-utility-1.0.xsd">
                <wsse:username>
                    <!-- Removed-->
                </wsse:username>
                <wsse:password>
                    <!-- Removed-->
                    <!--Digested password -->
                </wsse:password>
                <wsse:nonce>
                    <!-- Removed-->
                </wsse:nonce>
                <wsu:created>2012-12-01T19:45:30.540Z</wsu:created>
            </wsse:usernametoken>
        </o:security>
    </s:header>
    <s:body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    </s:body>
</s:envelope>

Thank You,

web-services soap wse usernametoken wsse
Original Q&A
1

There are 1 answers

0
Software Enginner On

I got the answer from the below link.
http://zamd.net/2010/07/12/passworddigest-authentication-in-wcf/

Thank You,

Related Questions in WEB-SERVICES

Related Questions in SOAP

Related Questions in WSE

Related Questions in USERNAMETOKEN

Related Questions in WSSE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions