472,370 Members | 2,417 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > .net framework > questions > sending a wse 2.0 security soap request from html client vbscript

Join Bytes to post your question to a community of 472,370 software developers and data experts.

Sending a WSE 2.0 security SOAP request from HTML client VBScript

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Dec 9 '05 #1
3 7538
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,
Dec 9 '05 #2
Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Dec 13 '05 #3

You're welcome Hsc,

Feel free to post here when you need any other assistance.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client VBScr
thread-index: AcX/oWCYzueLltq9TNySlcOWlWVadw==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
References: <7F**********************************@microsoft.co m>
<yE**************@TK2MSFTNGXA02.phx.gbl>
Subject: RE: Sending a WSE 2.0 security SOAP request from HTML client VBScr
Date: Mon, 12 Dec 2005 20:55:02 -0800
Lines: 108
Message-ID: <5B**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1304 5
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it etc.

Thanks,


Dec 13 '05 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
Sending CDONTS HTML email issue
by: BaWork | last post by:
I have a web form where a client can select which site members to send an email to. This form is populated from the contents of the member table, so the form can have 0-x names listed on it...
ASP / Active Server Pages
4
sending soap over http
by: Mark | last post by:
i have a very simple web servive Imports System.Web.Services <System.Web.Services.WebService(Namespace:="urn:Example1")> _ Public Class Example1 Inherits System.Web.Services.WebService
.NET Framework
3
sending soap message - still having problem
by: mark kurten | last post by:
I have a soap message that looks like this. s = s & " <soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'" s = s & " xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'" s =...
.NET Framework
2
Sending XML SOAP message directly to web service from 3rd party app.
by: Paul Hale | last post by:
I have a vb.net web service and client that are both working fine. If someone wanted to consume our web service using .NET, no problem. Im a little confused on how non .NET clients would use the...
.NET Framework
1
create SOAP sample messages
by: MarkoH | last post by:
I would like to be able to create string representation of SOAP message something like browsing with IE to ASMX page and trying to invoke some methods. There you can see (at the bottom, you know...
.NET Framework
1
Weblogic WebService and .NET Client: Interoper (with Security) issue
by: WebServiceSecurity | last post by:
The issue involves the following technologies: - 1. .NET 2.0 Framework 2. WSE2.0 (WS-Security) 3. X.509 certificates 4. BEA Weblogic 8.1.5
.NET Framework
2
SOAP::Lite and Apache
by: furrypop | last post by:
Hi, I'm trying to get the Perl SOAP::Lite examples to work on a Windows PC, running Apache 2.2.4. Apache is definitely serving CGI scripts, as I've tested a dummy Hello World thing. I'm also...
Perl
1
(WS-Security): Soap Header and Security elements missing in the SoapRequest.
by: novicedlh | last post by:
Hello, I am creating a webservice that collects user information and stores it in a database. Since the user information contains sensitive data like SSN I am planning to use WS-Security (WSE...
.NET Framework
0
SOAP::Lite Issue with sending new request to EAI while looping thru multiple record
by: vigneshrao | last post by:
Hi, I have been working on a script that loops through multiple records and sends data (one record per call) to a WS. I am supposed to make a new call for each record before sending the data....
Perl
2
Benefits of Blockchain App Development for Enterprise Businesses
by: Kemmylinns12 | last post by:
Blockchain technology has emerged as a transformative force in the business world, offering unprecedented opportunities for innovation and efficiency. While initially associated with cryptocurrencies...
General
0
Basic concepts of WebLogic Admin training?
by: Naresh1 | last post by:
What is WebLogic Admin Training? WebLogic Admin Training is a specialized program designed to equip individuals with the skills and knowledge required to effectively administer and manage Oracle...
Oracle Database
0
Hyperconverged All-in-One Streaming Engine, ushering in new age for distributed database
by: antdb | last post by:
Ⅰ. Advantage of AntDB: hyper-convergence + streaming processing engine In the overall architecture, a new "hyper-convergence" concept was proposed, which integrated multiple engines and...
General
1
PHP Curl Not wanting to connect to localhost.
by: Matthew3360 | last post by:
Hi, I have been trying to connect to a local host using php curl. But I am finding it hard to do this. I am doing the curl get request from my web server and have made sure to enable curl. I get a...
PHP
0
Oralloy
FPGA Question
by: Oralloy | last post by:
Hello Folks, I am trying to hook up a CPU which I designed using SystemC to I/O pins on an FPGA. My problem (spelled failure) is with the synthesis of my design into a bitstream, not the C++...
General
0
BLUEPANDA
Join our open community on Discord to learn programming, SEO, and marketing
by: BLUEPANDA | last post by:
At BluePanda Dev, we're passionate about building high-quality software and sharing our knowledge with the community. That's why we've created a SaaS starter kit that's not only easy to use but also...
General
0
Mastering Python: A Versatile Programming Language for All
by: Rahul1995seven | last post by:
Introduction: In the realm of programming languages, Python has emerged as a powerhouse. With its simplicity, versatility, and robustness, Python has gained popularity among beginners and experts...
General
2
Problems to capture mouse_down event on a control within a form with lots of controls
by: Ricardo de Mila | last post by:
Dear people, good afternoon... I have a form in msAccess with lots of controls and a specific routine must be triggered if the mouse_down event happens in any control. Than I need to discover what...
Microsoft Access / VBA
1
Datasheet Form, iterate through records
by: Johno34 | last post by:
I have this click event on my form. It speaks to a Datasheet Subform Private Sub Command260_Click() Dim r As DAO.Recordset Set r = Form_frmABCD.Form.RecordsetClone r.MoveFirst Do If...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2023
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!