Sending a WSE 2.0 security SOAP request from HTML client VBScript

Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:

Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

You're welcome Hsc,

Feel free to post here when you need any other assistance.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client VBScr
thread-index: AcX/oWCYzueLltq9TNySlcOWlWVadw==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
References: <7F**********************************@microsoft.co m>
<yE**************@TK2MSFTNGXA02.phx.gbl>
Subject: RE: Sending a WSE 2.0 security SOAP request from HTML client VBScr
Date: Mon, 12 Dec 2005 20:55:02 -0800
Lines: 108
Message-ID: <5B**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1304 5
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:

Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it etc.

Thanks,