By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
432,070 Members | 1,718 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 432,070 IT Pros & Developers. It's quick & easy.

Sending a WSE 2.0 security SOAP request from HTML client VBScript

P: n/a
Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Dec 9 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,
Dec 9 '05 #2

P: n/a
Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Dec 13 '05 #3

P: n/a

You're welcome Hsc,

Feel free to post here when you need any other assistance.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client VBScr
thread-index: AcX/oWCYzueLltq9TNySlcOWlWVadw==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
References: <7F**********************************@microsoft.co m>
<yE**************@TK2MSFTNGXA02.phx.gbl>
Subject: RE: Sending a WSE 2.0 security SOAP request from HTML client VBScr
Date: Mon, 12 Dec 2005 20:55:02 -0800
Lines: 108
Message-ID: <5B**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1304 5
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it etc.

Thanks,


Dec 13 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.