The solution takes 3 steps:
1.) Create custom ClientOutputFilter
2.) Create a custom Assertion that uses filter from step 1
3.) Bind service to custom Assertion
Step 1
Custom Filter(Called by Custom Assertion)
Class ClientOutputFilter
Inherits SendSecurityFilter
Private parentAssertion As UsernameClientAssertion
Private filterContext As FilterCreationContext
Public Sub New(ByVal parentAssertion As UsernameClientAssertion, ByVal
filterContext As FilterCreationContext)
MyBase.New(parentAssertion.ServiceActor, False,
parentAssertion.ClientActor)
Me.parentAssertion = parentAssertion
Me.filterContext = filterContext
End Sub
Public Overrides Function ProcessMessage(ByVal envelope As
Microsoft.Web.Services3.SoapEnvelope) As
Microsoft.Web.Services3.SoapFilterResult
Dim securityElement As XmlElement = envelope.CreateElement("wsse",
"Security", "http://schemas.xmlsoap.org/ws/2002/07/secext")
Dim mustUnderstandAttribute As XmlAttribute =
envelope.CreateAttribute(envelope.DocumentElement. Prefix, "mustUnderstand",
envelope.DocumentElement.NamespaceURI)
Dim userToken As New UsernameToken(parentAssertion.username,
parentAssertion.password, PasswordOption.SendPlainText)
mustUnderstandAttribute.Value = "true"
securityElement.AppendChild(userToken.GetXml(envel ope))
envelope.CreateHeader.AppendChild(securityElement)
Return SoapFilterResult.Continue
End Function
End Class
Step 2 Custom Assertion
Public Class UsernameClientAssertion
Inherits SecurityPolicyAssertion
Public username As String
Public password As String
Public Sub New(ByVal username As String, ByVal password As String)
Me.username = username
Me.password = password
End Sub
Public Overloads Overrides Function CreateClientOutputFilter(ByVal context
As FilterCreationContext) As SoapFilter
Return New ClientOutputFilter(Me, context)
End Function
Public Overrides Function CreateClientInputFilter(ByVal context As
FilterCreationContext) As SoapFilter
' we don't provide ClientInputFilter
Return Nothing
End Function
Public Overrides Function CreateServiceInputFilter(ByVal context As
FilterCreationContext) As SoapFilter
' we don't provide any processing for web service side
Return Nothing
End Function
Public Overrides Function CreateServiceOutputFilter(ByVal context As
FilterCreationContext) As SoapFilter
' we don't provide any processing for web service side
Return Nothing
End Function
End Class
Step 3: Bind proxy to custom assertion
Private WS As New Service.ServicenameWSE
Private token As UsernameToken = New UsernameToken(USERNAME, PASSWORD,
PasswordOption.SendPlainText)
ProvideUsernameToken.Assertions.Add(New UsernameClientAssertion(USERNAME,
PASSWORD))
WS.SetClientCredential(token)
WS.SetPolicy(ProvideUsernameToken)
Good luck, if anyone has a better way to do this I'm all ears
- Ed
"Sònia" wrote:
Hi,
I'm developping an WSE client application that calls a webservice with
WS-Security.
I'm sending a SOAP message like
************
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:tns="http://www.meteocatserveis.com/axis/services/ConsultaEstacions"
xmlns:types="http://www.meteocatserveis.com/axis/services/ConsultaEstacions/encodedTypes"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action>
</wsa:Action>
<wsa:MessageID>urn:uuid:65f4b395-f208-4286-9656-6239f096e26c</wsa:MessageID>
<wsa:ReplyTo>
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous</wsa:Address>
</wsa:ReplyTo>
<wsa:To>http://www.meteocatserveis.com/axis/services/ConsultaEstacions</wsa:To>
<wsse:Security>
<wsu:Timestamp
wsu:Id="Timestamp-36736541-67a9-44fb-9779-9a422bc94c50">
<wsu:Created>2008-03-13T16:07:12Z</wsu:Created>
<wsu:Expires>2008-03-13T16:12:12Z</wsu:Expires>
</wsu:Timestamp>
<wsse:UsernameToken
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="SecurityToken-364b2ace-9b69-41cf-be74-a814910008fe">
<wsse:Username>tvc</wsse:Username>
<wsse:Password
Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordDigest">cTPEB2dduqv9xOiuhOAAoKVfVtI=</wsse:Password>
<wsse:Nonce>cWkO9B6G3wY/AND1BRSUAg==</wsse:Nonce>
<wsu:Created>2008-03-13T16:07:12Z</wsu:Created>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
<soap:Body
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<q1:dades_ultimes xmlns:q1="http://consultaEstacions" />
</soap:Body>
</soap:Envelope>
*****************************************
But the webservice receiving that message don't undersand the "Timestamp" tag.
How can I remove it?