ws-security | 易学教程

WS-Security from soapUI to WCF - binding & configuration

阅读更多关于 WS-Security from soapUI to WCF - binding & configuration

问题 I need to create a WCF client to call a service that I have no control over and we have been given a wsdl only (with schemas). The web service uses the X.509 certificate with the WS-Security specification version 1.0 The web service provider has shared raw xml of the soap message to highlight the ws-security header. Using the soapUI, I have been able to create the exact same wsse-Security header as shown below: <soapenv:Envelope xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401

Prevent XXE Attack with JAXB

阅读更多关于 Prevent XXE Attack with JAXB

Recently, we had a security audit on our code, and one of the problem is that our application is subject to the Xml eXternal Entity (XXE) attack. Basically, the application is a calculator that receives inputs as XML, through a Web-Service. Here is an example of such an XXE attack on our application: <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> <soapenv:Header/> <soapenv:Body> <foo:calculateStuff>  <xmlInput><![CDATA[<?xml version="1.0" encoding="UTF-8" standalone="yes"?> <!DOCTYPE currency [ <!ENTITY include SYSTEM "file:///d:/" >]> <calcinput>.

Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme

阅读更多关于 Error in WCF client consuming Axis 2 web service with WS-Security UsernameToken PasswordDigest authentication scheme

I have a WCF client connecting to a Java based Axis2 web service (outside my control). It is about to have WS-Security applied to it, and I need to fix the .NET client. However, I am struggling to provide the correct authentication. I am aware that WSE 3.0 might make it easier, but I would prefer not to revert to an obsolete technology. Similar issues (unsolved), include this , this and this . The SOAP message should look like this: <wsse:UsernameToken> <wsse:Username></wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token

how to implement ws-security 1.1 in php5

阅读更多关于 how to implement ws-security 1.1 in php5

问题 I'm trying to call a webservice with Soap in PHP5, for this, I need to use WS-Security 1.1. (In java and .NET this is all generated automatically.) Are there any frameworks available to generate the security headers easily in PHP? Or do I have to add the entire header myself ? Specifications of WS-Security 1.1: http://oasis-open.org/committees/download.php/16790/wss-1.1-spec-os-SOAPMessageSecurity.pdf 回答1: On PHP Classes, Roger Veciana i Rovira submitted this (I just reformatted the code):

Creating Headers (wsse) Section of WCF Client Programmatically in C#

阅读更多关于 Creating Headers (wsse) Section of WCF Client Programmatically in C#

问题 how do make a the following section of Service Settings of app.config in C# programmatically: <client> <endpoint address="https://someServiceUrl" binding="basicHttpBinding" bindingConfiguration="Contact" contract="ServiceReference.PostingWebService" name="PostingWebServicePort"> <headers> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <wsse:UsernameToken> <wsse:Username>someusername</wsse:Username> <wsse:Password Type='http:/

JAX-WS - Adding SOAP Headers

阅读更多关于 JAX-WS - Adding SOAP Headers

问题 I am trying to create a standalone client to consume some web services. I must add my username and password to the SOAP Header. I tried adding the credentials as follows: OTSWebSvcsService service = new OTSWebSvcsService(); OTSWebSvcs port = service.getOTSWebSvcs(); BindingProvider prov = (BindingProvider)port; prov.getRequestContext().put(BindingProvider.USERNAME_PROPERTY, "myusername"); prov.getRequestContext().put(BindingProvider.PASSWORD_PROPERTY, "mypassword"); ... When I call a method

Does WCF support WS-Security with SOAP 1.1?

阅读更多关于 Does WCF support WS-Security with SOAP 1.1?

问题 I need to call some 3rd Web services that require WS-Security. I created a WCF endpoint with the following configuration: <system.serviceModel> <bindings> <wsHttpBinding> <binding name="TestBinding"> <security mode="TransportWithMessageCredential"> <message clientCredentialType="Certificate" /> </security> </binding> </wsHttpBinding> </bindings> <behaviors> <endpointBehaviors> <behavior name="TestBehavior"> <callbackDebug includeExceptionDetailInFaults="true" /> <clientCredentials>

Prevent XXE Attack with JAXB

阅读更多关于 Prevent XXE Attack with JAXB

问题 Recently, we had a security audit on our code, and one of the problem is that our application is subject to the Xml eXternal Entity (XXE) attack. Basically, the application is a calculator that receives inputs as XML, through a Web-Service. Here is an example of such an XXE attack on our application: <soapenv:Envelope xmlns:soapenv=\"http://schemas.xmlsoap.org/soap/envelope/\"> <soapenv:Header/> <soapenv:Body> <foo:calculateStuff>  <xmlInput><![CDATA[<?xml version=\"1.0\"

Connecting to WS-Security protected Web Service with PHP

阅读更多关于 Connecting to WS-Security protected Web Service with PHP

问题 I am trying to connect to a Web Service which is password protected and the url is https. I can\'t figure out how to authenticate before the script makes a request. It seems like it makes a request as soon as I define the service. For instance, if I put in: $client = new SoapClient(\"https://example.com/WSDL/nameofservice\", array(\'trace\' => 1,) ); and then go to the site on the browser, I get: Fatal error: Uncaught SoapFault exception: [WSDL] SOAP-ERROR: Parsing WSDL: Couldn\'t load from \