473,372 Members | 1,234 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,372 software developers and data experts.

Sending a WSE 2.0 security SOAP request from HTML client VBScript

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Dec 9 '05 #1
3 7677
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,
Dec 9 '05 #2
Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri
ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit
y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token
-profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary
data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in
asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's
task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an
HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it
etc.

Thanks,

Dec 13 '05 #3

You're welcome Hsc,

Feel free to post here when you need any other assistance.

Regards,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client VBScr
thread-index: AcX/oWCYzueLltq9TNySlcOWlWVadw==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
References: <7F**********************************@microsoft.co m>
<yE**************@TK2MSFTNGXA02.phx.gbl>
Subject: RE: Sending a WSE 2.0 security SOAP request from HTML client VBScr
Date: Mon, 12 Dec 2005 20:55:02 -0800
Lines: 108
Message-ID: <5B**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
microsoft.public.dotnet.framework.webservices:1304 5
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Ok, thanks. We will look at some other alternatives.

"Steven Cheng[MSFT]" wrote:
Hi Hsc,

Welcome to webservice newsgroup.
Regarding on generating and send WSE 2.0 formated soap request through
clientside script, I'm afraid it is hard to do it since the clientside
script functions are so limited.... For normal SOAP message, we can
generate it just through string operations, however the WSE message will
require many security headers ,and some of them are computed through some
hash or encrypting algorithm and interface of which is not provided in
script engine....

====================
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecuri ty-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd">
<soap:Header>
..........................
<wsse:Security soap:mustUnderstand="1">
<wsu:Timestamp
wsu:Id="Timestamp-adfe8ab2-16b9-4cdc-af94-8e4b72dd2505">
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
<wsu:Expires>2005-12-09T06:31:55Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurit y-utility-1.0.xsd"
wsu:Id="SecurityToken-4f87eba1-7b72-48dd-a087-eba38243e005">
<wsse:Username>WSEUser</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token -profile-1.0#PasswordText">Password01!</wsse:Password>
<wsse:Nonce>UByVPJX4Cw4PQyii5JU7lw==</wsse:Nonce>
<wsu:Created>2005-12-09T06:26:55Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
..............................
</soap:Envelope>
==================================

And as for the "Nonce" property , it is a randomly generated value (binary data...) which is base64 encoded... So client script can not
programmatically build such a block.
In addition, since currently there supports calling serverside function (in asp.net page) through client script (xmlhttp ....), you can consider
calling page's server fucntion through clientside scrpit, and let the
server page code to call the webservice, this will make the client script's task much released....

Thanks,

Steven Cheng
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
--------------------
Thread-Topic: Sending a WSE 2.0 security SOAP request from HTML client
VBScript
thread-index: AcX8aAmLJOEu6bkhSg2wrhWuA5ETaQ==
X-WBNR-Posting-Host: 159.99.4.12
From: =?Utf-8?B?U3lkbmV5?= <hs*@newsgroup.nospam>
Subject: Sending a WSE 2.0 security SOAP request from HTML client VBScript
Date: Thu, 8 Dec 2005 18:27:02 -0800
Lines: 11
Message-ID: <7F**********************************@microsoft.co m>
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.dotnet.framework.webservices
NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSF TNGXA03.phx.gbl
Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.dotnet.framework.webservices:1300 0
X-Tomcat-NG: microsoft.public.dotnet.framework.webservices

Hi,

I am trying to construct a WSE 2.0 security SOAP request in VBScript on an HTML page to send off to a webservice. I think I've almost got it but I'm
having an issue generating the nonce value for the UserName token. Is it
possilbe at all to do this from VBScript (or jscript?)? I know I will be
limited with what I can do with the SOAP message. Eg/ can't sign/encrypt it etc.

Thanks,


Dec 13 '05 #4

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

5
by: BaWork | last post by:
I have a web form where a client can select which site members to send an email to. This form is populated from the contents of the member table, so the form can have 0-x names listed on it...
4
by: Mark | last post by:
i have a very simple web servive Imports System.Web.Services <System.Web.Services.WebService(Namespace:="urn:Example1")> _ Public Class Example1 Inherits System.Web.Services.WebService
3
by: mark kurten | last post by:
I have a soap message that looks like this. s = s & " <soap:Envelope xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'" s = s & " xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'" s =...
2
by: Paul Hale | last post by:
I have a vb.net web service and client that are both working fine. If someone wanted to consume our web service using .NET, no problem. Im a little confused on how non .NET clients would use the...
1
by: MarkoH | last post by:
I would like to be able to create string representation of SOAP message something like browsing with IE to ASMX page and trying to invoke some methods. There you can see (at the bottom, you know...
1
by: WebServiceSecurity | last post by:
The issue involves the following technologies: - 1. .NET 2.0 Framework 2. WSE2.0 (WS-Security) 3. X.509 certificates 4. BEA Weblogic 8.1.5
2
by: furrypop | last post by:
Hi, I'm trying to get the Perl SOAP::Lite examples to work on a Windows PC, running Apache 2.2.4. Apache is definitely serving CGI scripts, as I've tested a dummy Hello World thing. I'm also...
1
by: novicedlh | last post by:
Hello, I am creating a webservice that collects user information and stores it in a database. Since the user information contains sensitive data like SSN I am planning to use WS-Security (WSE...
0
by: vigneshrao | last post by:
Hi, I have been working on a script that loops through multiple records and sends data (one record per call) to a WS. I am supposed to make a new call for each record before sending the data....
1
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...
0
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
0
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
0
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
0
BarryA
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
1
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
1
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
0
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.