Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
XML
data.xmlanalysis
mappoint.webservice
msf
msxml-webrelease
netmyservices.sdk
passport.sdk
soap
soapsdk
uddi.general
uddi.programming
uddi.specification
xml
xmlsqlwebrelease
xsl
  
 
date: Mon, 23 Jun 2008 10:19:42 +0100,    group: microsoft.public.xml.soap        back       


Authenticating to a Web Service    
Hi,

This question was posted to:

microsoft.public.dotnet.framework.aspnet.webservices

last Friday, but I haven't had any response, so I thought I'd try here.

Apologies to anyone who follows both groups, for the cross posting.

I have to interact with a Web Service exposed by a partner organisation. 
   This is not a .NET Web Service.  It requires that I authenticate to 
it before I can successfully call its methods.

The partner organisation has supplied the following to me:

Username
Password
Secret Answer
User Group
HEI User (Y/N)
HEI Course Web Service User
Contact email address

The partner also supplied the WSDL and XSD files for me to generate a 
proxy using the wsdl.exe tool.  I did this by doing:

wsdl <pathToFies> /o:<outputPath>

I then added the generated .cs file to a project in my solution, 
compiled it and referenced it in my Web client project.

So far, I've tried authenticating using the username and password, like 
this:

CourseServices service = new CourseServices();
service.Credentials = new NetworkCredential("xxxxxx", "yyyyyy");
qualificationsListResponse quals = service.getQualificationsList(
                 new qualificationsListRequest());

I've also tried putting, in turn, the 'Secret Answer', the 'User Group' 
and the 'HEI Course Web Service User' values into the optional third 
parameter to the NetworkCredentials constructor.

In every case I get a SOAP fault returned saying that I haven't supplied 
  the correct credentials:

"WSDoAllReceiver: Incoming message does not contain required Security 
header"

My conclusion from this is that the Credentials property is not what I want.

I've never had to include code to authenticate to a Web Service before, 
so I've obviously missed something.  Everything I've managed to find via 
Google appears to assume that the Web Service is a .NET Web Service with 
an appropriate class derived from SoapHeader available on the server 
side, if I've understood correctly what they're trying to say.  This is 
not the case for me, and I can't find anything in the available methods 
and properties of the Web Service that look as though they will help me.

Can someone point me in the right direction, please?

Thanks



Peter
date: Mon, 23 Jun 2008 10:19:42 +0100   author:   Peter Bradley

Re: Authenticating to a Web Service    
Peter Bradley wrote:
> Hi,
> 
> <snip />
> 
> I have to interact with a Web Service exposed by a partner organisation. 
>   This is not a .NET Web Service.  It requires that I authenticate to it 
> before I can successfully call its methods.
> 
> <snip />

Just to say that That I've moved on a bit.  I'm now creating a policy 
file using WSE:

<policies xmlns="http://schemas.microsoft.com/wse/2005/06/policy">
   <extensions>
     <extension name="usernameOverTransportSecurity" 
type="Microsoft.Web.Services3.Design.UsernameOverTransportAssertion, 
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
PublicKeyToken=31bf3856ad364e35" />
     <extension name="username" 
type="Microsoft.Web.Services3.Design.UsernameTokenProvider, 
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
PublicKeyToken=31bf3856ad364e35" />
     <extension name="requireActionHeader" 
type="Microsoft.Web.Services3.Design.RequireActionHeaderAssertion, 
Microsoft.Web.Services3, Version=3.0.0.0, Culture=neutral, 
PublicKeyToken=31bf3856ad364e35" />
   </extensions>
   <policy name="credentials">
     <usernameOverTransportSecurity>
       <clientToken>
         <username username="******" password="******" />
       </clientToken>
     </usernameOverTransportSecurity>
     <requireActionHeader />
   </policy>
</policies>

(Credential replaced with asterisks, of course)

The Web service is being called with the following code:

private void SlcHeiDbWSTest_Load(object sender, EventArgs e)
{
	CourseServices service = new CourseServices();

         try
         {
         	qualificationsListResponse quals = 
service.getQualificationsList(new qualificationsListRequest());
	}
         catch (Exception ex)
         {
         	MessageBox.Show("There was an unexplained exception: " + 
ex.Message);
	}
         finally
         {
         	service = null;
		Application.Exit();
         }
}

I still get an error:

"WSDoAllReceiver: security processing failed (actions mismatch)"

What I actually need to send is:

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    <soap:Header>
       <wsse:Security soap:mustUnderstand="1" 
xmlns:wsse="ttp://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" 
xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
          <wsse:UsernameToken>
             <wsse:Username>******</wsse:Username>
             <wsse:Password 
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0 
#PasswordText">******</wsse:Password>
          </wsse:UsernameToken>
       </wsse:Security>
    </soap:Header>
    <soap:Body xmlns:ns1="http://www.slc.co.uk/course/schema/1.0">
       <ns1:qualificationsListRequest>
          <schemaVersion>1.0</schemaVersion>
       </ns1:qualificationsListRequest>
    </soap:Body>
</soap:Envelope>


I've tried Fiddler2 on this, in order to try to see what message is 
actually being sent, but can't make any sense out of the report it 
returns with.

It says (in various places):

<quote>
This is a HTTPS CONNECT Tunnel.  Secure traffic flows through this 
connection.

Secure Protocol: Tls
Cipher: Rc4 128bits
Hash Algorithm: Md5 128bits
Key Exchange: RsaSign 1024bits

== Client Certificate ==========
None.

== Server Certificate ==========
[Subject]
   CN=secure.heservices.slc.co.uk, OU=ICT, O=Student Loans Company Ltd, 
L=Glasgow, S=Lanarkshire, C=GB

[Issuer]
   OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, 
OU=VeriSign International Server CA - Class 3, OU="VeriSign, Inc.", 
O=VeriSign Trust Network

[Serial Number]
   2CDBCC4713E7909EA0BBEE7B8FB44C2F

[Not Before]
   04/06/2008 01:00:00

[Not After]
   06/06/2010 00:59:59

[Thumbprint]
   C9B6874E5863777DFE0874683351B305AA827329
</quote>

It also seems to indicate that the server is being contacted successfully:

<quote>
CONNECT secure.heservices.slc.co.uk:443 HTTP/1.1
Host: secure.heservices.slc.co.uk:443
Proxy-Connection: Keep-Alive
</quote>

Although I’m not sure what this message means:

<quote>
No Proxy-Authorization Header is present.

No Authorization Header is present.
</quote>

If anyone knows how to interpret this, I’d be glad to hear from them.  I 
confess it means nothing to me.

Thanks



Peter
date: Thu, 26 Jun 2008 16:52:19 +0100   author:   Peter Bradley

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us