Web service client needs to add type attribute to password security header

2k views Asked by At

I'm writing a .NET client (WCF) that will consume a web-service that is implemented using Apache CXF (Java) and amazingly enough it's incredibly hard have WCF to set the Type attribute of the Password tag to PasswordText. I.e I would like the SOAP header to look something like:

  <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <wsse:UsernameToken wsu:Id="UsernameToken-11" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>test</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">a287645857cfaaddf82e2d333651b3e0</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">oKGlwEkbkhYJH6upsbiqeQ==</wsse:Nonce>
        <wsu:Created>2011-10-25T13:10:11.958Z</wsu:Created>
     </wsse:UsernameToken>
  </wsse:Security>

but the actual header looks like:

  <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <o:UsernameToken u:Id="uuid-5acb0b47-1b52-4535-bfaf-b9e76621b7eb-1">
        <o:Username>test</o:Username>
        <o:Password>a287645857cfaaddf82e2d333651b3e0</o:Password>
     </o:UsernameToken>
  </o:Security>

As you can see the Type attribute is missing from the Password tag. Some research on the web seems to indicate that I perhaps have to write an interceptor to fix this. I figured that there was a simple solution, i.e. config setting, to fix this but maybe there is not. Anyhow, I'm hoping for some clarifications by posting this question.

The WS server rejects the request because of the missing Type attribute. Some function checking for BSP spec. compliance (not sure what this is) throws an exception.

Regards, Ola

1

There are 1 answers

9
Aliostad On

OK, the implementation requires using WSE 2.0 SP3. Be careful NOT WSE 3.0.

WCF cannot help you.

All you need is here.

This is a better sample.