Security :: Invoking Web Service / SOAP Request With Certificates Over SSL
Aug 2, 2010
I was wondering if it is possible to call a webservice or send a SOAP request using a provided certificate to encrypt my password (my identity) and use another to encrypt/sign a timestamp, service header, & soap body? Does anyone have any material or sample code where I can test encryption and security too? It doesn't have to be my own certificates, I just want to see it work and then I can possibly tailor it to my needs. After the SOAP request, there will be a provided response which I assume I will have to decrypt.
I found this thread, but it doesn't seem to use signatures or an SSL connection. Does VS 2010 have some extra features to help out on this? I believe the SOAP should look like this.
The extent of my ability is in vba and asp. I'm interested in consuming a SOAP web service from Excel or Access, mostly because it's easier for me. I've also got the wsdls for the web service which is using ws-security. Is this even possible? From what I've read, .net is my logical option, but there's obviously a gap in my skill.
I there a way to know if a request is a soap request on AuthenticateRequest event for HttpApplication? Checking ServerVariables["HTTP_SOAPACTION"] seems to not be working all the time.
public void Init(HttpApplication context) { context.AuthenticateRequest += new EventHandler(AuthenticateRequest); } protected void AuthenticateRequest(object sender, EventArgs e) { app = sender as HttpApplication; if (app.Request.ServerVariables["HTTP_SOAPACTION"] != null) { // a few requests do not enter here, but my webservice class still executing // ... } } I have disabled HTTP POST and HTTP GET for webservices in my web.config file. <webServices> <protocols> <remove name="HttpGet" /> <remove name="HttpPost" /> <add name="AnyHttpSoap" /> </protocols> </webServices> Looking at ContentType for soap+xml only partially solves my problem. For example, Cache-Control: no-cache Connection: Keep-Alive Content-Length: 1131 Content-Type: text/xml Accept: */* Accept-Encoding: gzip, deflate Accept-Language: ro Host: localhost mymethod: urn:[URL]
Some clients instead of having the standard header SOAPAction: [URL], have someting like in example above. "mymethod" represents the method in my web service class with [WebMethod] attribute on it and [URL] is the namespace of the webservice. Still the service works perfectly normal. The consumers use different frameworks (NuSOAP from PHP, .NET, Java, etc).
When I am trying to invoke a method using a proxy class i get error
"System.Web.Services.Protocols.SoapException: Server was unable to process request. ---> System.NullReferenceException: Object reference not set to an instance of an object. at ..."
How to invoking java web service(WSDL) with c# client (web application).Java web service methods is proxy.object will be created in client C#.Then how to call that proxy method in c# client? how to test that java web service in c# client side?
ASP.Net 2.0 Web Services automatically create both SOAP 1.1 and SOAP 1.2 bindings. Our web service, however, has SOAP extensions and custom exception handling that make the assumption that only the SOAP 1.1 binding is used (for example, the SOAP extension uses the HTTP SOAPAction header to control behavior).
I am looking to correct the code that makes these assumptions and make it work with either SOAP 1.1 or SOAP 1.2 properly. I am running into a bit of a problem in the generation of elements for our SOAP faults.
Consider the following web method implementation:
[Code]....
The SOAP 1.2 response now has the wrong qualified name for the detail element. It should be <soap:Detail>, but instead is merely <detail>, same as the SOAP 1.1 response.
It seems that the ASP.Net 2.0 framework has done quite a bit to transform a SOAPException into the appropriate form for the SOAP version, but neglected to properly handle the detail element. Additionally, they don't seem to have exposed the correct SOAP 1.2 qualified name for the detail element as was done with the SoapException.DetailElementName property.
So, what is the correct way to add a detail element to a SOAP fault response that works for both SOAP 1.1 and SOAP 1.2? Do I need to detect the SOAP version myself and hard-code the SOAP 1.2 qualified name for the detail element?
I need to sign my soap request to a 3rd party. The provided an example what the call should look like. And I am trying, rather unsuccessfully to make this call with wcf. I need to make a wcf soap call where the header contains BinarySecurityToken, Signature, and SecurityTokenReference. Here is the example they sent me (with some of the values omitted) I have a certificate for signing, but I cant for the life of me figure out how to make this work
How to get the raw SOAP request from within a WebMethod?
public class Service1 : System.Web.Services.WebService { [WebMethod] public int Add(int x, int y) { string request = getRawSOAPRequest();//How could you implement this part? //.. do something with complete soap request int sum = x + y; return sum; } }
I have a web service hosted on a web server, I invoke the web service using jquery ajax.
The service returns results successfully when invoked locally from the server, but it fails when invoked from a remote client machine (not in the same domain).
I see the request fail in the firebug returning error (401 UnAuthorized) and the response has the following error (Request format is unrecognized for URL unexpectedly ending in '/List').
Is it possible to read the certificate(s) in a clients browser through code? The situation I have is, someone is going to access my website with a certificate installed. In that certificate, there will be specific information related to my application. I will be pulling that specific peice of info out, and then doing what I need to with it.
I can already read certificates from my local machine (using the X509Certificate2 class), and using string manipulation, traverse out the information needed. The only part I can't do, is pull certificates from the browser.
I have tried using the '.IsPresent' function on an HttpClientCertificate object, but that always returns false (even though I have four certificates installed on my machine).
Is anyone using digital certificates in project ?I have created a digital certificate using Microsoft certificate services.I have installed this certificate on my website.When I access website over https I get digital certificate error in browser.Most common cause for this error is incorrect date/time settings on client machine. This is not the issue in my case.
I am connecting to remote server for web service using ASP.NET 3.5 web site. something like, [URL]. Remote server is providing digest authentication to access the web service. I dont have access to modify authentication on the remote server but I have an windows account on that server. If I try to Access service WSDL through programming I get the following error:
The request failed with HTTP status 401: Unauthorized. Same web service if I try to access through browser, [URL], it asks for user name and password. Entered windows account user name and password, still getting error: You are not authorized to view this page, HTTP Error 401.1 - Unauthorized. How to pass the digest authentication credentials to the web service through visual studio or any other programmatic method?
This is so frustrating to me. I'm doing this via standard .NET 2.0+ web services (not WCF). My application is in .NET 3.5 but I'm just adding a service reference. I've not done any SOAP WSDL sending before. I've used NVP which to me seems much more error prone and burdensome because you have to create all the wrappers yourself and if any of that third party API changes, it breaks your code. I have not a clue how to make a call using the latest PayPal WSDL. I added the service reference and I see proxy classes such as [className]Request and [className]Response but how do you actually make the CALL and send the request over the wire?
I see people have used the outdated (.NET 1.1) PayPal SDK. We do not want to use an SDK just to send a request. Isn't it much easier nowdays in .NET when using any SOAP API to invoke the request? People for example using PayPal are relying on a caller class from that SDK but again it's way, way outdated. So onto today, .NET 2.0+, I thought that you don't need all that plumbing anymore?
How would I do this? I see no good documentation on the net period on .NET 2.0 or 3.5 web services especially SOAP and it's frustrating. Sure add the service reference, use the WSDL and proxy generated class wrappers but outside this HOW to make a request is impossible to find. I'm seeing legacy ways of doing this in .NET and then I hear this is all done under the covers for you in .NET..I guess that must be .NET 2.0+ ?? Is it as simple as just making the proxy class method calls and .NET under the covers takes care of the plumbing to actually send the request over Http unlike .NET 1.1 where you had to do all the plumbing yourself?
I have a requirement to build a simple ASP.NET web page which sends some parameters to a web service, and then displays the string which was returned. I'm a complete .NET newby and the only examples I can find seem really really complex. I just need something mega simple, but which an handle parameters being sent to the web service. Can anyone point me in the direction of a simple bit of C# which will do this with no frills or fuss?
Have an application which publishes XML data across webservice using SOAP.
The data is pulled directly from an Oracle database and parsed into XML but for some reason the data being pulled out of the DB is throwing the following invalid XML exception.
Have done a bit of research and it looks like it may be a NULL character somewhere in the data which XML parser doesn't like.
Just wondering if anyone had seen this before and if so were they able to fix it at application or database layer?
Here's stack trace...
[code]....
UPDATE: Here is a selection of data being published.Just plain text basically, this is how it exists in database columns, have included as comma separated.
This is my first time trying to send a SOAP request in C#. When I click the Test button I should be passing a XML string to the web services and then getting a response. The lblTransactionNum label updates with "System.Net.ConnectStream" when it should be returning a transaction number within an unparsed response.
I'm not sure if the way I went about this is ideal but it is just from what I learned searching.
Here is my code
[Code]....
what I am missing? I have a desktop application that uses this web service in the same way but it is in VB.
Here is the VBscript from the desktop app if it contains some extra parsing steps that I will have to add to the C# for my web application but right now I am just trying to get the SOAP request and response wired up.
Im trying to send some xml inside a soap request to a webservice using the HttpWebRequest class. I know this isnt the best way, but my hands are tied by company policy so i have to do it this way. My webmethod has an input parameter "SourceXML" so my soap request has this node
<SourceXML></SourceXML>
I need to insert the xml in this node but whenver I insert it and try to send it to my web method I get an error "400 bad request"
Is this even possible ? I need to insert the xml as a string literal and read it in the web method
