3

A vendor we're integrating with provides some web-service functions... They developed it in Java, and also gave us an example client project (in Java) that shows the consumption of those web-services. We actually want to implement the consumption/interface of the web-services with .NET, but we're not able to figure out how the security should work.

In their Java client example, they appear to be using something called "Apache Rampart". They have code within that looks like this: 

public static void initSecurityPolicy(ServiceClient client) throws Exception 
{
    Options options = client.getOptions();
    options.setProperty(RampartMessageData.KEY_RAMPART_POLICY, 
        loadPolicy("policy.xml"));

    options.setUserName(USERID);
    options.setPassword(PASSWD);
    options.setTimeOutInMilliSeconds(READTIMEOUT);
    client.engageModule("rampart"); 
}

Could someone help me in what I should be looking for, in the .NET world, to do the equivalent of this? Currently, in my .NET project.. I can consume their WSDL fine, and it generates the proxy objects perfectly fine, but if I try to run/invoke any function, it tells me "missing SOAP header" and I believe it's security-related.

They also provide me the policy.xml file. I'm a novice .NET programmer and I usually rely on the proxies that VStudio generates to handle any WS-related programming, so I'm not sure what to do with that policy.xml file, nor do the equivalent of what they do in the code above in the .NET world.

casperOne
  • 73,706
  • 19
  • 184
  • 253
user542103
  • 255
  • 3
  • 18

2 Answers2

0

If you get really stuck, you can use IKVM to interop with their Java code. Its basically a JVM hosted within .NET.

mcintyre321
  • 12,996
  • 8
  • 66
  • 103
-1

You need to set the soap header... something like this:

<soap:Header>
   <wsse:Security soap:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
      <wsse:UsernameToken wsu:Id="UsernameToken-E2E367EC446B10BDA2150463848593046">
         <wsse:Username>User</wsse:Username>
         <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">Pass</wsse:Password>
         <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">/rHCse9+oW6b71t1+J3GPA==</wsse:Nonce>
         <wsu:Created>2017-09-05T09:08:05.930Z</wsu:Created>
      </wsse:UsernameToken>
   </wsse:Security>
</soap:Header>

For this, you need to find how set the UsernameToken in .NET to add the security credentials to a SOAP message

CDspace
  • 2,639
  • 18
  • 30
  • 36
user8569183
  • 1