Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to add security header to a SOAP message?

I'm trying to consume a WebService written in Java by our provider from our C# App. When it's time to communicate, I get this:

WSDoAllReceiver: Incoming message does not contain required Security header

Since yesterday I'm trying to find out how to add security header to a SOAP message.

Yes, I read this ( Clueless about how to create SOAP <wsse:Security> header ) but it did not work.

I looked around and this seems to be a rather asked question. I wonder if I can get some help here, some pointers, some code, to get me started.

like image 217
Adriano Carneiro Avatar asked Apr 29 '11 14:04

Adriano Carneiro


People also ask

How do I add a security header in Soapui?

Right-click anywhere in the main request window to open a menu. Select Outgoing WSS >> Apply "OLSA Username Token". This will add the security header information to the Soap envelope request.

How do you add a security header to SOAP request in spring boot?

While using WebServiceTemplate, Spring provides numerous ways to intercept the request and modify the request and response. Hence, the interceptor can be a one way to add a header in the request. Similarly, we can implement WebServiceMessageCallback and override doWithMessage() method to add custom header.

How do I pass a user ID and password in SOAP header?

ClientCridentials. UserName. Password = "testPass"; In this way you can pass username, password in the header to a SOAP WCF Service.


2 Answers

Try this. No need to webreference and Web.Services2 implementation.

var client = "Your Service Client"; 
using (var scope = new OperationContextScope(client.InnerChannel))
{
    System.Xml.XmlDocument document = new XmlDocument();
    XmlElement element = document.CreateElement("wsse", "UsernameToken", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");

    XmlElement newChild = null;
    newChild = document.CreateElement("wsse", "Username", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    newChild.InnerText = "finance";
    element.AppendChild(newChild);

    newChild = document.CreateElement("wsse", "CorporationCode", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
    newChild.InnerText = "387";
    element.AppendChild(newChild);

    MessageHeader messageHeader = MessageHeader.CreateHeader("UsernameToken", 
       "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd", 
        element, false);

// shouldn't MessageHeader be Security?
//  MessageHeader messageHeader = MessageHeader.CreateHeader("Security", ...

    OperationContext.Current.OutgoingMessageHeaders.Add(messageHeader);

    var result = client.GetCorporations(new CorporationType { pageNo = 1 });
}
like image 20
B.Tekkan Avatar answered Sep 21 '22 17:09

B.Tekkan


I actually managed to achieve that by using WSE. The funny thing is that the provider's Web Services would not work with WSE 3.0, but they did with WSE 2.0. Here are the steps

  • Get WSE 2.0
  • Add the Web Reference to the project
  • In the Web Reference proxy implementation:

Replace

public partial class UserWS : System.Web.Services.Protocols.SoapHttpClientProtocol

by

public partial class UserWS : Microsoft.Web.Services2.WebServicesClientProtocol
  • Before calling the Web Service:

Set the authentication info

UsernameToken token = new UsernameToken("user", "pwd", PasswordOption.SendPlainText);
yourProxy.RequestSoapContext.Security.Tokens.Add(token);

And that's it! FYI, the provider is a Blackboard instance.

like image 177
Adriano Carneiro Avatar answered Sep 19 '22 17:09

Adriano Carneiro