WSE 2 Authentication against a database


M

Mark A. Deal

I have been attempting to integrate WSE 2 into my web services for obvious
reasons but have not yet succeeded. I have the following function stolen
from Microsoft's MSDN site and no matter what I attempt, I cannot get it to
authenticate against a database (not the Windows user store).

For whatever reason, I pass the valid credentials and this function will NOT
recognize a UserNameToken. I am including the input and output SOAP
messages as well for reference and you can see that the format appears
correct:

Public Function GetBodySigningToken(ByVal requestContext As SoapContext) As
UsernameToken
Dim Token As UsernameToken = Nothing
Dim SecurityElement As ISecurityElement

DDSFunctions.LogEvent("GetBodySigningToken", "NA")
For Each securityElement In requestContext.Security.Elements
If TypeOf SecurityElement Is UsernameToken Then
DDSFunctions.LogEvent("Token is UserNameToken", "NA")
Dim sig As MessageSignature = CType(SecurityElement,
MessageSignature)
' Verify that this signature signed the SOAP body.
If ((sig.SignatureOptions And SignatureOptions.IncludeSoapBody) <>
0) Then
Dim sigToken As SecurityToken
sigToken = sig.SigningToken
' Verify that the security token is a UsernameToken.
If TypeOf sigToken Is UsernameToken Then
DDSFunctions.LogEvent("Token is UserNameToken", "NA")
Token = CType(sigToken, UsernameToken)
End If
End If
End If

Next SecurityElement

DDSFunctions.LogEvent("Returning Token", "NA")

Return token

End Function

INPUT ====================>

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>

<wsa:Action>http://www.statewidetax.com/StatewideWS/Statewide/ProcessClientR
equest</wsa:Action>

<wsa:MessageID>uuid:784a4f2b-6a93-447c-a6b0-5b53fc9caad2</wsa:MessageID>
<wsa:ReplyTo>

<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous
</wsa:Address>
</wsa:ReplyTo>

<wsa:To>http://www2.statewidetax.com/statewidews/StatewideWS.asmx</wsa:To>
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-496e6ac0-c37c-4def-800f-3e9f187614b1">
<wsu:Created>2005-03-05T23:22:29Z</wsu:Created>
<wsu:Expires>2005-03-05T23:27:29Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-f52e8f3e-174d-4608-b23d-71381a1f7ebe">
<wsse:Username>2</wsse:Username>
<wsse:password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">DIVOT</wsse:password>
<wsse:Nonce>8e2cRCHCUUfsfBCrJEKKtw==</wsse:Nonce>
<wsu:Created>2005-03-05T23:22:29Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body>
<ProcessClientRequest
xmlns="http://www.statewidetax.com/StatewideWS/Statewide">
<ContactID>1</ContactID>
<MyClientRequest>
<SWClientID>0</SWClientID>
<SWContactID>0</SWContactID>
<SWClientFileNumber>12345</SWClientFileNumber>
<SWCounty>Fannin</SWCounty>
<SWAddress1>123</SWAddress1>
<SWAddress2 />
<SWAddress3 />
<SWCity>Atlanta</SWCity>
<SWState>Georgia</SWState>
<SWZip>30303</SWZip>
<SWSecurityDeed>0001-01-01T00:00:00.0000000-05:00</SWSecurityDeed>
<SWOriginalLoanAmt>0</SWOriginalLoanAmt>
<SWLandLot />
<SWSubDivision />
<SWPlatBook />
<SWPlatPage />
<SWDistrict />
<SWLot />
<SWSection />
<SWSubSection />
<SWBlock />
<SWPhase />
<SWUnit />
<SWSaleDate>0001-01-01T00:00:00.0000000-05:00</SWSaleDate>
<SWRequestType>Backchain Information</SWRequestType>
<SWSubRequestType>NA</SWSubRequestType>
<SWLegal />
</MyClientRequest>
<MyParties>
<SWPartyRecord>
<Borrower>false</Borrower>
<Owner>false</Owner>
<NamePerClient>false</NamePerClient>
</SWPartyRecord>
</MyParties>
</ProcessClientRequest>
</soap:Body>
</soap:Envelope>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Body>
<ProcessClientRequest
xmlns="http://www.statewidetax.com/StatewideWS/Statewide">
<ContactID>1</ContactID>
<MyClientRequest>
<SWClientID>0</SWClientID>
<SWContactID>0</SWContactID>
<SWClientFileNumber>12345</SWClientFileNumber>
<SWCounty>Fannin</SWCounty>
<SWAddress1>123</SWAddress1>
<SWAddress2 />
<SWAddress3 />
<SWCity>Atlanta</SWCity>
<SWState>Georgia</SWState>
<SWZip>30303</SWZip>
<SWSecurityDeed>0001-01-01T00:00:00.0000000-05:00</SWSecurityDeed>
<SWOriginalLoanAmt>0</SWOriginalLoanAmt>
<SWLandLot />
<SWSubDivision />
<SWPlatBook />
<SWPlatPage />
<SWDistrict />
<SWLot />
<SWSection />
<SWSubSection />
<SWBlock />
<SWPhase />
<SWUnit />
<SWSaleDate>0001-01-01T00:00:00.0000000-05:00</SWSaleDate>
<SWRequestType>Backchain Information</SWRequestType>
<SWSubRequestType>NA</SWSubRequestType>
<SWLegal />
</MyClientRequest>
<MyParties>
<SWPartyRecord>
<Borrower>false</Borrower>
<Owner>false</Owner>
<NamePerClient>false</NamePerClient>
</SWPartyRecord>
</MyParties>
</ProcessClientRequest>
</soap:Body>
</soap:Envelope>
</log>

OUTPUT ==============================>

<?xml version="1.0" encoding="utf-8"?>
<log>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>

<wsa:Action>http://schemas.xmlsoap.org/ws/2004/03/addressing/fault</wsa:Acti
on>

<wsa:MessageID>uuid:715ec545-e3cc-4f93-90a7-674386be65eb</wsa:MessageID>

<wsa:RelatesTo>uuid:d69250fd-8db2-4d80-8d97-4fb5a2c09680</wsa:RelatesTo>

<wsa:To>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</wsa
:To>
<wsse:Security>
<wsu:Timestamp
wsu:Id="Timestamp-e21dbf1f-e436-4dbf-aff1-2172f2276c5b">
<wsu:Created>2005-03-05T23:22:30Z</wsu:Created>
<wsu:Expires>2005-03-05T23:27:30Z</wsu:Expires>
</wsu:Timestamp>
</wsse:Security>
</soap:Header>
<soap:Body>
<soap:Fault>
<faultcode>soap:Server</faultcode>
<faultstring>Server was unable to process request. --&gt; Object
reference not set to an instance of an object.</faultstring>
<detail />
</soap:Fault>
</soap:Body>
</soap:Envelope>
</log>

--
Mark A. Deal
Document & Data Solutions, LLC
http://www.docsol.com
Time Matters AIC
HotDocs Certified Consultant
GhostFill Certified Consultant
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top