3

I'm extending a legacy .NET ASP application (it cannot be upgraded). It will have a SOAP web service which will be called from CXF (java). I have installed and configured WSE3 extensions on the .NET side and now I can call my simple service from outside of ASP world with soap ui. Everything seems to work ok - I can block access for certain users authenticating with username and plaintext password. However, when I set the WSS-Passoword-Type to "PasswordDigest" in soap-ui I get the following message:

The security token could not be authenticated or authorized ---> WSE562: The incoming username token contains a password hash. The built-in UsernameTokenManager does not support this type of UsernameToken. Please see the documentation for more details on the UsernameTokenManager.AuthenticateToken method

This service will be called from outside by an ESB - thus I don't have much choice for choosing auth scheme. I need the service to support "PasswordDigest". Is there a way to implement it?

I know I can implement a custom UsernameTokenManager - but it has to return user password while it gets only hashed value. It doesn't help me.

Below for reference is the request I'm making:

<soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:tem="http://tempuri.org/" xmlns:wsa="http://www.w3.org/2005/08/addressing">
   <soap:Header>
      <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-22">
            <wsse:Username>user</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">xHxNY51954nB9l3ulEp8fRX8HdE=</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">TEU+Z/yfS0oDTOxMZG+AXA==</wsse:Nonce>
            <wsu:Created>2012-07-02T11:39:17.695Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
   </soap:Header>
   <soap:Body>
      <tem:HelloWorld/>
   </soap:Body>
</soap:Envelope>
Anders Abel
  • 67,989
  • 17
  • 150
  • 217
mateusz.fiolka
  • 3,032
  • 2
  • 23
  • 24

0 Answers0