And also, is it possible to use X.509 Authentication with remote
web-services from an ASP application (NOT ASP.NET) application, using either
the MSXML2.HTTP or
webserivce div tag: useService, callService
If so, how could I do that?
With MSXML2.HTTP, just pass in
--------------------start of SOAP Msg with Security--------------------
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<wsse:Security
xmlns:wsse="
http://schemas.xmlsoap.org/ws/2002/12/secext">
<wsse:BinarySecurityToken
ValueType="wsse:X509v3"
EncodingType="wsse:Base64Binary">
Ea4AHjbs1 ...
</wsse:BinarySecurityToken>
</wsse:Security>
<soap:Envelope xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="
http://www.w3.org/2001/XMLSchema"
xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<HelloWorldResponse xmlns="
http://tempuri.org/WebService/Service1">
<HelloWorldResult>string</HelloWorldResult>
</HelloWorldResponse>
</soap:Body>
</soap:Envelope>
--------------------end of SOAP Msg with Security--------------------
instead of
--------------------start of SOAP Msg with NO Security--------------------
Content-Type: text/xml; charset=utf-8
Content-Length: length
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="
http://www.w3.org/2001/XMLSchema"
xmlns:soap="
http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<HelloWorldResponse xmlns="
http://tempuri.org/WebService/Service1">
<HelloWorldResult>string</HelloWorldResult>
</HelloWorldResponse>
</soap:Body>
</soap:Envelope>
--------------------end of SOAP Msg with NO Security--------------------
but with the web service div tag approach, no idea of how a X509 client cert
could be passed from the client to the webservice.