Authenticate to a Web Service
Peter Bradley
I have to interact with a Web Service exposed by a partner organisation.
This Web Service requires that I authenticate to it before I can
successfully call its methods.
The partner organisation has supplied the following to me:
Username
Password
Secret Answer
User Group
HEI User (Y/N)
HEI Course Web Service User
Contact email address
So far, I've tried authenticating using the username and password, like
this:
CourseServices service = new CourseServices();
service.Credentials = new NetworkCredential("xxxxxx", "yyyyyy");
qualificationsListResponse quals = service.getQualificationsList(
new qualificationsListRequest());
I've also tried putting, in turn, the 'Secret Answer', the 'User Group'
and the 'HEI Course Web Service User' values into the optional third
parameter to the NetworkCredentials constructor.
In every case I get a SOAP fault returned saying that I haven't supplied
the correct credentials:
"WSDoAllReceiver: Incoming message does not contain required Security
header"
I've never had to include code to authenticate to a Web Service before,
so I've obviously missed something. Can someone point me in the right
direction, please?
Thanks
Peter
Evan Freeman
Long answer this isn't going to be as easy as you think it is. The security
header is encrypted, I honestly haven't done this in a long while so I can't
remember the exact details. But I was able to find an article on code
project that will help you .
http://www.codeproject.com/KB/webservices/WS-Security.aspx
Sorry I can't offer more. Good Luck let us know how it turns out.
--
Evan Freeman
Evan.E....@gmail.com
http://evanfreeman.blogspot.com
"Peter Bradley" <pbra...@uwic.ac.uk> wrote in message
news:e73D$at0IH...@TK2MSFTNGP06.phx.gbl...
Peter Bradley
> Short answer you don't have a security header in your request.
>
> Long answer this isn't going to be as easy as you think it is. The security
> header is encrypted, I honestly haven't done this in a long while so I can't
> remember the exact details. But I was able to find an article on code
> project that will help you .
>
> http://www.codeproject.com/KB/webservices/WS-Security.aspx
>
> Sorry I can't offer more. Good Luck let us know how it turns out.
>
Evan (good Welsh name BTW),
Thanks for that. At least it means I've had one reply.
I'll check out your reference and I'll certainly let you know how it goes.
Cheers
Peter
Peter Bradley
>
> Sorry I can't offer more. Good Luck let us know how it turns out.
>
Well, so far it's not turning out so good.
I've got this out of our partners. This is how they want the SOAP
message to look (obviously with the uid and pwd details blanked out:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsse:Security soap:mustUnderstand="1"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
<wsse:UsernameToken>
<wsse:Username>*****</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0
#PasswordText">*****</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:ns1="http://www.slc.co.uk/course/schema/1.0">
<!-- Message specific stuff goes here -->
</soap:Body>
</soap:Envelope>
Back in Microsoft-land, I've fired up WSE Security Settings Wizard and
added a policy like this, by specifying to the wizard "secure a client
application", "Username", "Password", "Enable WS-Security 1.1
Extensions", "Protection Order None (rely on transport protection)". The
policy file this generates is (with sensitive stuff overwritten):
<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
<extensions>
<extension name="usernameOverTransportSecurity"
type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="username"
type="Microsoft.Web.Services3.Design.UsernameTokenProvider,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
<extension name="requireActionHeader"
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion,
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral,
PublicKeyToken=31bf3856ad364e35" />
</extensions>
<policy name="credentials">
<usernameOverTransportSecurity>
<clientToken>
<username username="*****" password="*****" />
</clientToken>
</usernameOverTransportSecurity>
<requireActionHeader />
</policy>
</policies>
(I know that I don't, ultimately want the uid and pwd in the config
file, but I'm trying to keep it simple for now)
When I try to connect I get a SOAP error:
"WSDoAllReceiver: security processing failed (actions mismatch)"
Does anyone have any suggestions?
I wish I could just construct the header in code - or even the entire
message - and send it somehow to the server, manually.
Thanks in advance
Peter
Peter Bradley
> Hi,
>
> I have to interact with a Web Service exposed by a partner organisation.
> This Web Service requires that I authenticate to it before I can
> successfully call its methods.
>
This is not going well. I tried again using WSE, this time unchecking
the "Enable WS-Security 1.1 extensions" checkbox, but VS produces
exactly the same policy file and running the application brings back the
same error.
I installed Fiddler2 to see if I could sneak a peek at the actual output
being produced and, while Fiddler did produce some output I could find
no way of looking at the actual XML being produced in the SOAP request.
Does anyone have any ideas on this? Even just being able to dump the
generated SOAP request XML would be a start.
Thanks
Peter
Evan Freeman
section in there he shows how to programatically add the user name and
password to the security header.
The security header the wizard is generating still doesn't look right to me.
I'm guessing that thats where the problems are coming in. I understand that
the article is in c++ but its a fairly straight forward translation to c#.
Again sorry I'm not more helpful.
--
Evan Freeman
Evan.E....@gmail.com
http://evanfreeman.blogspot.com
"Peter Bradley" <pbra...@uwic.ac.uk> wrote in message
news:ubRhilC2...@TK2MSFTNGP02.phx.gbl...
Peter Bradley
> In that article that I linked to you ther eis a "The Client Application"
> section in there he shows how to programatically add the user name and
> password to the security header.
>
> The security header the wizard is generating still doesn't look right to me.
> I'm guessing that thats where the problems are coming in. I understand that
> the article is in c++ but its a fairly straight forward translation to c#.
>
> Again sorry I'm not more helpful.
>
Oh that's right. I read it. I just didn't imagine that there'd be a
difference between doing something programmatically and doing it via the
wizard. I put it in the config file because I thought it'd be simpler
"for now". Obviously not one of my better decisions.
I guess I still have to do all the other things that are in the wizard ...
Anyway, I'll try it tomorrow. I just wish I could get a look at what
XML is being output.
Thanks
Peter
Evan Freeman
in the ASPne.Security group than here.
--
Evan Freeman
Evan.E....@gmail.com
http://evanfreeman.blogspot.com
"Peter Bradley" <pbra...@uwic.ac.uk> wrote in message
news:%23SiQbrG...@TK2MSFTNGP04.phx.gbl...
Peter Bradley
> Well I wish I could tell you how. Might be that this would be better served
> in the ASPne.Security group than here.
>
Thanks Evan. I hadn't thought of that group. I'm going to follow your
advice about setting the uid and pwd in code, tomorrow. If I've still
got a problem, maybe I'll post to the security group.
Thanks for all your help.
Cheers
Peter
Peter Bradley
> In that article that I linked to you ther eis a "The Client Application"
> section in there he shows how to programatically add the user name and
> password to the security header.
>
>
Nah. Tried that. Doesn't work.
Also, at compile time there's a warning:
'Microsoft.Web.Services3.SoapContext.Security' is obsolete:
'SoapContext.Security is obsolete. Consider deriving from
SendSecurityFilter or ReceiveSecurityFilter and creating a custom policy
assertion that generates these filters.'
So I guess something has changed recently. It doesn't stop me running
the code, but when I do I just get the error:
'WSDoAllReciever: security processing failed'
So, back to the drawing board.
>>sigh<<
Many thanks for your suggestions, though.
Cheers
Peter
Peter Bradley
>
> Again sorry I'm not more helpful.
>
Hi Evan,
I just thought you might like to know that I solved this one finally,
and that you might like to know the outcome.
Firstly, I got hold of an application called soapUI. Secondly I found
the logging features of WSE 3.0 that allow you to dump the input and
output of a Web Service call to files. Armed with these, I was able to
copy the client output file into soapUI and send it from there - and
receive back the error that I'd been getting in code.
However I was then able to manipulate the output file in soapUI to see
what I had to do to get the Web Service to accept the message. It
turned out that there were quite a few things that could be done, the
easiest of which was to get rid of the <Timestamp> element in the
header. Without the <Timestamp>, the message was accepted without a
problem (from soapUI).
The next step was to write a custom policy, with a corresponding output
filter to manipulate the output file from the client by instantiating a
custom SOAP filter class with an overridden ProcessMessage() method.
Having solved that problem, I then had a problem with the returned
message, because it did not conform to its own schema (It had some
redundant attributes in an undeclared namespace). I therefore had to
also write a custom filter for the output from the Service (input to the
client) that added the necessary namespace declarations to the offending
elements.
These appear to be bugs in the Apache Axis Web Service framework
(according to our partners, when informed of the problems). The latter
problem certainly is.
It's taken me the best part of a month to sort this out!
I hope you might find this info useful yourself some time. I intend to
write it up on my blog, and will be happy to supply my code to anyone
else having a similar problem.
Cheers
Peter
Peter Bradley
> I hope you might find this info useful yourself some time. I intend to
> write it up on my blog, and will be happy to supply my code to anyone
> else having a similar problem.
>
Blog post now up:
http://www.peredur.blog.co.uk/
The blog links to a more detailed document:
http://www.peredur.uklinux.net/Microsoft%20dotNet%20WSE%203%20Web%20Services.pdf
Feel free to use the document as you please. Yes. Including that, if
you must!
Cheers
Peter
Fokob Cyril
https://t.me/psycah2013
Metrix snoop
https://t.me/garminpro12
https://t.me/garminpro12
Buy psychedelic products online
✔US-US Delivery
✔Fast Shipping
✔Secure Payment Options
✔100% Satisfaction Guaranteed
✔3 Days Refund Policy
✔100% Money-Back if any issue with the product
✔Shipping Service: Overnight/Standard/Economy
✔Estimated Delivery Time: Overnight & 3-5 Days
✔Discounts: Get up to 20% off
✔Shipping Rates – USPS: $30 FedEx: $45 Only USA.
✔Pay With Credit / Debit Cards Also
CLICK ➤HERE ➤TO ➤BUY ➤TRAMADOL➤ONLINE
SHOP >> https://t.me/garminpro12
https://t.me/garminpro12
https://t.me/garminpro12
https://t.me/garminpro12
https://t.me/garminpro12
tramadol-online/