0

I'm writing a .NET client (WCF) that will consume a web-service that is implemented using Apache CXF (Java) and amazingly enough it's incredibly hard have WCF to set the Type attribute of the Password tag to PasswordText. I.e I would like the SOAP header to look something like:

  <wsse:Security soap:mustUnderstand="true" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <wsse:UsernameToken wsu:Id="UsernameToken-11" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
        <wsse:Username>test</wsse:Username>
        <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">a287645857cfaaddf82e2d333651b3e0</wsse:Password>
        <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">oKGlwEkbkhYJH6upsbiqeQ==</wsse:Nonce>
        <wsu:Created>2011-10-25T13:10:11.958Z</wsu:Created>
     </wsse:UsernameToken>
  </wsse:Security>

but the actual header looks like:

  <o:Security s:mustUnderstand="1" xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
     <o:UsernameToken u:Id="uuid-5acb0b47-1b52-4535-bfaf-b9e76621b7eb-1">
        <o:Username>test</o:Username>
        <o:Password>a287645857cfaaddf82e2d333651b3e0</o:Password>
     </o:UsernameToken>
  </o:Security>

As you can see the Type attribute is missing from the Password tag. Some research on the web seems to indicate that I perhaps have to write an interceptor to fix this. I figured that there was a simple solution, i.e. config setting, to fix this but maybe there is not. Anyhow, I'm hoping for some clarifications by posting this question.

The WS server rejects the request because of the missing Type attribute. Some function checking for BSP spec. compliance (not sure what this is) throws an exception.

Regards, Ola

Ola Theander
  • 495
  • 5
  • 19

1 Answers1

-1

OK, the implementation requires using WSE 2.0 SP3. Be careful NOT WSE 3.0.

WCF cannot help you.

All you need is here.

This is a better sample.

Aliostad
  • 80,612
  • 21
  • 160
  • 208
  • 1
    -1: Why in the world would you recommend such obsolete software. – John Saunders Oct 25 '11 at 17:16
  • YOUR downvote is ridiculous. You have not said that it is incorrect, only that it is an old software - yes because OASIS 2004 is OBSELETE hence you have to use an obselete tool to use it. AND WSE it is the ONLY one that supports it. Instead of downvoting, suggest otherwise. YOU DONT KNOW ANYTHING ABOUT OASIS 2004, DO YOU? – Aliostad Oct 25 '11 at 21:28
  • Suggest dropping the application that requires obsolete software in production. It would have to be a very damned important application to require the use of obsolete software in Production. – John Saunders Oct 25 '11 at 21:30
  • It's not "old" it's obsolete and unsupported. – John Saunders Oct 25 '11 at 21:31
  • I know that OASIS 2004 has been superseded. Get with the times. That's seven years ago. – John Saunders Oct 25 '11 at 21:31
  • The purpose of a downvote isn't punishment. It's to suggest you improve the question, and to make sure later readers know to **not do this**. – John Saunders Oct 25 '11 at 21:32
  • Hey look at the question mate. Do you not see that the question is using OASIS 2004? The guy needs to use to connect to some Java stuff. – Aliostad Oct 25 '11 at 21:32
  • 1
    Again, making sure nobody thinks this is a good idea. Maybe a _necessary_ idea for this particular person, but in no way is it a _good_ idea. – John Saunders Oct 25 '11 at 22:15
  • OK, since OASIS 2004 is old/superseded/obsolete, what would you guys consider the state of the art? – Ola Theander Oct 26 '11 at 08:32