ws-security

问题 I need to integrate with a legacy .NET Web Service that uses WSE 2.0 for WS-Security and DIME. The catch is I need to do this from a Java application. I'm expecting that Axis2 works fine with the WS-Security because folks around here have done it before. It's the DIME that I'm concerned about. I see a reference to DIME at http://ws.apache.org/axis/java/client-side-axis.html, but I'm wondering if anyone has actually done this with Axis and a WSE 2.0 Web Service. 回答1: I can't tell you anything

问题 i have created service with such binding configuration: <bindings> <customBinding> <binding name="DefaultBinding"> <textMessageEncoding messageVersion="Soap12" /> <httpTransport /> </binding> </customBinding> </bindings> And when my service receives message starting like this: <s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope"> <s:Header> <Security s:mustUnderstand="1" xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <UsernameToken>

问题 I've been looking all over for this, and its not looking promising so far, trying to get a client app written that is consuming a 3rd party service(sample request below, from java client). The one gotcha is that it is expecting one element in the body to be encrypted. Ideally this would be a WCF solution, although I've read a few places about using WSE1/2/3 to get close to this(not really wanted since WSE is stagnant), has anyone had to tackle this type of issue? <?xml version="1.0" encoding=

问题 I am using this blog to implement nonce, password text. http://benpowell.org/supporting-the-ws-i-basic-profile-password-digest-in-a-wcf-client-proxy/ I've seen many other blogs with do but i would like to try this out. This is what I have done so far Let me first say, I have no control over the service. I am just the consumer. passwordtextmessaginspector implements IClientMessageInspector which lets us modify the outgoing message. In this case, I would like to add usernametoken to the message

问题 We have a WCF 4.0 service over https that allows the client to sign the message to identify themselves. We can then use the cert to give the client the proper rights on the back end. This works fine when a WCF 4.0 client sends the request, but when a non-WCF attempts to send the request, it fails with the following: CryptographicException: Unable to resolve the '#Id-{Guid goes here}' URI in the signature to compute the digest. Upon inspecting the clients request, this failure occurs whenever

问题 We are implementing WS-Security Policy on our web services with the following framework/module/specification. Apache Axis2 1.6.2 Apache Rampart 1.6.2 WS-Security Policy 1.2(namespace:http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702) We are facing the following issues while creating/consuming the service. Axis2 wsdl generation logic ignores <sp:NoPassword/> assertion. After debugging,I realized that it is because of the logic in org.apache.ws.secpolicy.model.UsernameToken (rampart

问题 Using the PHP5 SOAP extension I have been unable to connect to a web service having an https endpoint, with client certificate and using WS-Security, although I can connect using soapUI with the exact same wsdl and client certificate, and obtain the normal response to the request. There is no HTTP authentication and no proxy is involved. The message I get is 'Could not connect to host'. Have been able to verify that I am NOT hitting the host server. (Earlier I wrongly said that I was hitting

问题 I have been provided with the following app.config entry, however I would like to have this as code in my application in order to understand WCF better. Is there a converter anywhere, or can someone provide the code. Thanks. <system.serviceModel> <client> <endpoint name="QA" address="https://subdomain1.theirdomain.com/5067/Sample1" behaviorConfiguration="WSSecBehavior" binding="customBinding" bindingConfiguration="Soap11_Secure" contract="star.starTransportPortTypes" /> <endpoint name="PROD"

问题 Similar question: How do I add an EncodingType attribute to the Nonce element of a UsernameToken in WSE 3.0 (.NET) I'm trying to modify header that is send by WebServicesClientProtocol to service. Unfortunately Microsoft's implementation of WSSE Username and Token Security Spec 1.1 isn't compatible with standard and isn't sending EncodingType with Nonce . In similar question I've linked on top solution was to disable EncodingType validation on server, but I'm not able to modify anything. I've

问题 I am trying to connect to a third party SOAP 1.1 service that requires SSL security and username/password credentials. An example of what is expected is: <soapenv:Header> <wsse:Security> <wsse:UsernameToken> <wsse:Username>username</wsse:Username> <wsse:Password>password</wsse:Password> </wsse:UsernameToken> </wsse:Security> </soapenv:Header> My client configuration is as follows: <system.serviceModel> <bindings> <basicHttpBinding> <binding name="thirdpartyservicebindingconfig"> <security