cscdans
Well Known Member
Hello List,
first: A happy new year!
Does anbody got experience in using crypted paaswords (OAS - Setting for the BSSV-Authentification: Use Username/Password Authentication ON and Password Type DIGEST).
When using MS WES the produced message looks ok tome, the nonce & creation time seems to be OK, too:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action>http://oracle.e1.bssv.JP57TEST//get...al:85/PY812/UDCManager</wsa:To><wsse:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-e5a1c06c-3f3a-4fb5-97e6-3bb360d98cfb"><wsu:Created>2011-01-04T14:36:38Z</wsu:Created><wsu:Expires>2011-01-04T14:41:38Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d220ce8b-42a2-4f11-a512-ae6b56f7ce91"><wsse:Username>cscdans</wsse:Username><wsseassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">HxaFD6smoCDy183lAFdiXPACkw0=</wsseassword><wsse:Nonce>G5o9mcs067c7cjDfDlaZiQ==</wsse:Nonce><wsu:Created>2011-01-04T14:36:38Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><getEmailByUserIDElement xmlns="http://oracle.e1.bssv.JP57TEST/types/"><userID>SCHUBERC</userID></getEmailByUserIDElement></soap:Body></soap:Envelope>
CODE:
Microsoft.Web.Services3.Security.Tokens.UsernameToken token = new Microsoft.Web.Services3.Security.Tokens.UsernameToken("cscdans", "dans", Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
local.fanuc.luechweb2fage.UDCManagerWse uw = new TestSecService.local.fanuc.luechweb2fage.UDCManagerWse();
//uw.SetClientCredential<Microsoft.Web.Services3.Security.Tokens.UsernameToken>(token);
uw.RequestSoapContext.Security.Tokens.Add(token);
local.fanuc.luechweb2fage.GetEmailByUser geu=new local.fanuc.luechweb2fage.GetEmailByUser();
geu.userID="SCHUBERC";
local.fanuc.luechweb2fage.ShowEmailByUser su;
try
{
su = uw.getEmailByUserID(geu);
Console.WriteLine("Retval: " + su.companyEmailAddress);
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}
We do not want to transfer the password uncrypted (PLAINTEXT option, that works well).
If anybody got experience with that or encrypting complete BSSV SOAP messages any suggestion or report are very welcome.
Thank you in advance,
best regards,
Carsten
first: A happy new year!
Does anbody got experience in using crypted paaswords (OAS - Setting for the BSSV-Authentification: Use Username/Password Authentication ON and Password Type DIGEST).
When using MS WES the produced message looks ok tome, the nonce & creation time seems to be OK, too:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><soap:Header><wsa:Action>http://oracle.e1.bssv.JP57TEST//get...al:85/PY812/UDCManager</wsa:To><wsse:Security soap:mustUnderstand="1"><wsu:Timestamp wsu:Id="Timestamp-e5a1c06c-3f3a-4fb5-97e6-3bb360d98cfb"><wsu:Created>2011-01-04T14:36:38Z</wsu:Created><wsu:Expires>2011-01-04T14:41:38Z</wsu:Expires></wsu:Timestamp><wsse:UsernameToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-d220ce8b-42a2-4f11-a512-ae6b56f7ce91"><wsse:Username>cscdans</wsse:Username><wsseassword Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">HxaFD6smoCDy183lAFdiXPACkw0=</wsseassword><wsse:Nonce>G5o9mcs067c7cjDfDlaZiQ==</wsse:Nonce><wsu:Created>2011-01-04T14:36:38Z</wsu:Created></wsse:UsernameToken></wsse:Security></soap:Header><soap:Body><getEmailByUserIDElement xmlns="http://oracle.e1.bssv.JP57TEST/types/"><userID>SCHUBERC</userID></getEmailByUserIDElement></soap:Body></soap:Envelope>
CODE:
Microsoft.Web.Services3.Security.Tokens.UsernameToken token = new Microsoft.Web.Services3.Security.Tokens.UsernameToken("cscdans", "dans", Microsoft.Web.Services3.Security.Tokens.PasswordOption.SendHashed);
local.fanuc.luechweb2fage.UDCManagerWse uw = new TestSecService.local.fanuc.luechweb2fage.UDCManagerWse();
//uw.SetClientCredential<Microsoft.Web.Services3.Security.Tokens.UsernameToken>(token);
uw.RequestSoapContext.Security.Tokens.Add(token);
local.fanuc.luechweb2fage.GetEmailByUser geu=new local.fanuc.luechweb2fage.GetEmailByUser();
geu.userID="SCHUBERC";
local.fanuc.luechweb2fage.ShowEmailByUser su;
try
{
su = uw.getEmailByUserID(geu);
Console.WriteLine("Retval: " + su.companyEmailAddress);
}
catch (Exception e)
{
Console.WriteLine("Error: " + e.Message);
}
We do not want to transfer the password uncrypted (PLAINTEXT option, that works well).
If anybody got experience with that or encrypting complete BSSV SOAP messages any suggestion or report are very welcome.
Thank you in advance,
best regards,
Carsten