 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Web Services / December 2007Removing Nonce and Timestamp in WSE 3.0
I read the posting from 4/24/2006, but the referenced article indicates how to ADD these items, not remove. The article examples are also in C# which my client uses VB.Net 2005 and the examples do not correlate easily. Remember, there are still VB coders in the tech world. For reference, I am sending ID/password over UsernameOverTransport to a WebLogic system which supports only ID and password. Hi John, For removing "Nonce" and "Timestamp" header element in WSE message, there is former thread in WSE newsgroup discussing on this: #Removing timestamp in WSE 3.0 Options http://groups.google.com/group/microsoft.public.dotnet.framework.webservices .enhancements/browse_thread/thread/c005be85efe32a41/53f6c96429c74b48 So far no existing configuration will do this and you'll have to implement custom filter to manually modify the underlying soap message. Also, as mentioned in the above thread, those headers you want to modify should not be encrypted or signed, otherwise, it will cause exception when the receiver side try validating them. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- From: =?Utf-8?B?QmlnSm9obg==?= <bigjohn@newsgroup.nospam> References: <6F96A29B-011D-4CC6-85E4-CA2FDCF1ABCA@microsoft.com> Subject: RE: Removing Nonce and Timestamp in WSE 3.0 Date: Thu, 29 Nov 2007 12:10:03 -0800 For reference, I am sending ID/password over UsernameOverTransport to a WebLogic system which supports only ID and password. I read through the suggestion and found a much less confusing method of handling this issue. Since I am using UsernameOverTransport, I don't need X509 certificate stores, encryption or any other strategies. Step 1 - Switch from VB to C# because the solution does not function in VB for some unknown reason. The XMLElement is protected in VB but not C#. Step 2 - Remove WSE 3.0. Step 3 - Add the security header to the WebLogic Java service as follows: UpdSvc.svcService svcWork = new UpdSvc.svcService(); //UpdSvc is added through Add Web Reference // Handle Security setup svcWork.Security = new UpdSvc.SecurityHeaderType(); //defined in the service svcWork.Security.MustUnderstand = true; //defined in service svcWork.Security.Any = new System.Xml.XmlElement[1]; XmlDocument doc = new XmlDocument(); doc.LoadXml("<wsse:UsernameToken xmlns:wsse=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd\'> " + "<wsse:Username>myID</wsse:Username>" + "<wsse:Password Type=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1 .0#PasswordText\'>myPassword</wsse:Password>" + "</wsse:UsernameToken>"); svcWork.Security.Any[0] = doc.DocumentElement; Thank you John for the followup and share the result with us. Sincerely, Steven Cheng Microsoft MSDN Online Support Lead This posting is provided "AS IS" with no warranties, and confers no rights. -------------------- From: =?Utf-8?B?QmlnSm9obg==?= <bigjohn@newsgroup.nospam> References: <6F96A29B-011D-4CC6-85E4-CA2FDCF1ABCA@microsoft.com> <1037F76C-D042-41BB-A41D-268EFFE19F52@microsoft.com> <ESdR1KwMIHA.4200@TK2MSFTNGHUB02.phx.gbl> Subject: RE: Removing Nonce and Timestamp in WSE 3.0 Date: Tue, 4 Dec 2007 06:44:03 -0800 I read through the suggestion and found a much less confusing method of handling this issue. Since I am using UsernameOverTransport, I don't need X509 certificate stores, encryption or any other strategies. Step 1 - Switch from VB to C# because the solution does not function in VB for some unknown reason. The XMLElement is protected in VB but not C#. Step 2 - Remove WSE 3.0. Step 3 - Add the security header to the WebLogic Java service as follows: UpdSvc.svcService svcWork = new UpdSvc.svcService(); //UpdSvc is added through Add Web Reference // Handle Security setup svcWork.Security = new UpdSvc.SecurityHeaderType(); //defined in the service svcWork.Security.MustUnderstand = true; //defined in service svcWork.Security.Any = new System.Xml.XmlElement[1]; XmlDocument doc = new XmlDocument(); doc.LoadXml("<wsse:UsernameToken xmlns:wsse=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecur ity-secext-1.0.xsd\'> " + "<wsse:Username>myID</wsse:Username>" + "<wsse:Password Type=\'http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-toke n-profile-1.0#PasswordText\'>myPassword</wsse:Password>" + "</wsse:UsernameToken>"); svcWork.Security.Any[0] = doc.DocumentElement; Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.