Hi Hsc,
Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....
====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================
And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....
Thanks,
Steven Cheng
Microsoft Online Support
Get Secure!
www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices
Hi,
I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.
Thanks,