Develop web service - UsernameToken header with password digest authentication

1.1k views Asked by At

We are trying to host a service over ABC Server with client certificate and message authentication.
Client will provide WSSE UsernameToken Security header that need to be understood by the service and appropriate authentication has to take place.

There are two options –
1. WCF service – but it does not support digested password out-of-box so we might need to find a way using custom binding or some other tweak.
2. Web service with WSE 3.0 - We need to find out how we can develop a service WSE 3.0 and can take advantage of it to process following security header.
What are the prerequisites for WSE 3.0, what tools and libraries are needed for it?

Any help will be greatly appreciated.

Following soap header is expected in request.

<s:envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing"
    xmlns:u="http://docs.open.org/wss/2004/01/wss-wssecurity-utility-1.0.xsd">
    <s:header>
        <a:action s:mustunderstand="1">http://service</a:action>
        <a:messageid>urn:uuid:3bc37759-01fk-12er-2317-22068daf2501</a:messageid>
        <a:replyto>
            <a:address>http://www.w3.org/2005/08/addressing/anonymous</a:address>
        </a:replyto>
        <a:to s:mustunderstand="1">https://service.svc</a:to>
        <o:security s:mustunderstand="1" xmlns:o="http://docs.open.org/wss/2004/01/wss-wssecurity-utility-1.0.xsd">
            <u:timestamp u:id="_0">
                <u:created>2013-08-01T07:55:10.582Z</u:created>
                <u:expires>2013-08-01T08:00:10.582Z</u:expires>
            </u:timestamp>
            <wsse:usernametoken wsu:id="b77a80e6-4d1d-49d7-b8f1-35fecc18caae" xmlns:wsse="http://docs.open.org/wss/2004/01/200401-wss-wssecurity-secext-1.0.xsd"
                xmlns:wsu="http://docs.open.org/wss/2004/01/200401-wss-wssecurity-utility-1.0.xsd">
                <wsse:username>
                    <!-- Removed-->
                </wsse:username>
                <wsse:password>
                    <!-- Removed-->
                    <!--Digested password -->
                </wsse:password>
                <wsse:nonce>
                    <!-- Removed-->
                </wsse:nonce>
                <wsu:created>2012-12-01T19:45:30.540Z</wsu:created>
            </wsse:usernametoken>
        </o:security>
    </s:header>
    <s:body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
    </s:body>
</s:envelope>

Thank You,

1

There are 1 answers

0
Software Enginner On

I got the answer from the below link.
http://zamd.net/2010/07/12/passworddigest-authentication-in-wcf/

Thank You,