CODEWITHSUNDEEP
vb.netauthenticationsoap
BrotherBarnabas
BrotherBarnabas

Reputation: 353

SOAP request authentication in VB.NET

I'm trying to write a SOAP request to a 3rd party web service in VB. I've added a service reference which automatically added the following to the web.config:

<basicHttpBinding>
        <binding name="Soap11">
          <security mode="None">
            <transport clientCredentialType="None" proxyCredentialType="None"
              realm="" />
            <message clientCredentialType="UserName" algorithmSuite="Default" />
          </security>
        </binding>
      </basicHttpBinding>

Now I have to write the following request:

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
       <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
           <wsse:UsernameToken>
               <wsse:Username>username</wsse:Username>
               <wsse:Password>password</wsse:Password>
           </wsse:UsernameToken>
       </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <sch:Request>
      </sch:Request>
   </soapenv:Body>
</soapenv:Envelope>

I don't have a clue what to do next. I don't know how to provide the authentification details. All I've done is the following:

    Dim myClient As New MyServiceReference.Client
    Dim myRequest As New MyServiceReference.Request
    Dim myResponse As New MyServiceReference.Response

    myClient.ClientCredentials.UserName.UserName = "Bob"
    myClient.ClientCredentials.UserName.Password = "Dole21"

    myResponse = myClient.Lookup(myRequest)

Obviously, not a lot. This has produced the following (according to fiddler).

<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<Lookup xmlns="http://example.com/schemas"/></s:Body></s:Envelope>

Any help would be greatly appreciated. How do I add the authentication headers to the SOAP request? I've tried changing

security mode="Transport"

but it throws up a "The provided URI scheme 'http' is invalid; expected 'https'." error.

Upvotes: 1

Views: 9840

Answers (2)

cgicgi
cgicgi

Reputation: 21

If your service client supports the constructor new ServiceReference.Client(endpointConfigurationByName As String) then you can configure all stuff within the application config:

<client>
 <endpoint address="http://someserver", binding="Soap11", name="myService">
        <headers>
            <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                <wsse:UsernameToken>
                    <wsse:Username>USERNAME</wsse:Username>
                    <wsse:Password>PASSWORD</wsse:Password>
                </wsse:UsernameToken>
            </wsse:Security>
        </headers>
 </endpoint>

After doing that you can create a new Client instance providing the configuration name:

Dim myClient As New ServiceReference1.Client("myService")

whenever myClient sends a SOAP request, it will send the configured header along with it.

You can have more than one endpoint in your configuration to support several instances/stages

Upvotes: 0

BrotherBarnabas
BrotherBarnabas

Reputation: 353

I managed to do it after a couple of weeks of trial and error. It's actually answered quite well here except it's presented slightly convolutedly.

Before I give the code I think a few words of advice for those starting out with SOAP requests in .NET:

  • Avoid asmx and "web service" solutions when looking up solutions. asmx is legacy technology.
  • Download SoapUI. It's an open source soap testing tool.
  • Get Fiddler to log HTTP(S) traffic between your computer and the third party web service.

Ok, so here's the code:

    Dim myRequest As New ServiceReference1.LookupRequest
    Dim myResponse As New ServiceReference1.LookupResponse
    Dim address As New EndpointAddress("https://example.com/Service")

    Dim binding = New BasicHttpBinding(BasicHttpSecurityMode.TransportWithMessageCredential)
    binding.Security.Transport.ClientCredentialType = HttpClientCredentialType.None
    binding.Security.Message.ClientCredentialType = BasicHttpMessageCredentialType.UserName

    Dim myClient As New ServiceReference1.Client(binding, address)
    myClient.ClientCredentials.UserName.UserName = "username"
    myClient.ClientCredentials.UserName.Password = "password"

    myResponse = myClient.Lookup(myRequest)

Then , you need to change your web.config to include 

<client>
     <endpoint ...>
            <headers>
                <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
                    <wsse:UsernameToken>
                        <wsse:Username>USERNAME</wsse:Username>
                        <wsse:Password>PASSWORD</wsse:Password>
                    </wsse:UsernameToken>
                </wsse:Security>
            </headers>
     </endpoint>
 </client>

When I ran the client it produced a (more verbose) SOAP request with the client credentials in the header which communicated with the web service:

<s:Envelope xmlns:s="http://www.w3.org/2003/05/soap-envelope" xmlns:a="http://www.w3.org/2005/08/addressing" xmlns:u="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
   <s:Header>
      <a:Action s:mustUnderstand="1">http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT</a:Action>
      <a:MessageID>urn:uuid:979816ec-0f1e-4052-a4e6-2449805178e2</a:MessageID>
      <a:ReplyTo>
         <a:Address>http://www.w3.org/2005/08/addressing/anonymous</a:Address>
      </a:ReplyTo>
      <a:To s:mustUnderstand="1">https://example.com/Service</a:To>
      <o:Security xmlns:o="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" s:mustUnderstand="1">
         <u:Timestamp u:Id="_0">
            <u:Created>2014-04-24T14:44:59.601Z</u:Created>
            <u:Expires>2014-04-24T14:49:59.601Z</u:Expires>
         </u:Timestamp>
         <o:UsernameToken u:Id="uuid-7c02f0c6-107d-45ac-b682-f0462211da21-3">
            <o:Username>username</o:Username>
            <o:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</o:Password>
         </o:UsernameToken>
      </o:Security>
   </s:Header>
   <s:Body>
      <t:RequestSecurityToken xmlns:t="http://schemas.xmlsoap.org/ws/2005/02/trust">
         <t:TokenType>http://schemas.xmlsoap.org/ws/2005/02/sc/sct</t:TokenType>
         <t:RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</t:RequestType>
         <t:Entropy>
            <t:BinarySecret u:Id="uuid-45689ab6-30d3-4db6-a08e-99179e0dc65f-3" Type="http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce">fQHEdTa+AGk8uAH5xbUkP+kfNkoTdEl5uwpWOf8QFug=</t:BinarySecret>
         </t:Entropy>
         <t:KeySize>256</t:KeySize>
      </t:RequestSecurityToken>
   </s:Body>
</s:Envelope>

Upvotes: 2

Related Questions