I am trying to implement UsernameToken authentication on
ASMX web service something similar to below example, username and password should be sent in secured soap header. I found the code only from client side(how to consume the service). But I want to implement it on the service side. Any suggestions?
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
thanks for posting it here, surely i have implemented something similar. So i had to put signature for every request in the header. You could use Metadata to get what you looking for example.
public class TransactionService : System.Web.Services.WebService
{
public Metadata Authentication = new Metadata();
public MetadataVoucherValidate ValidateVoucherMeta = new MetadataVoucherValidate();
HMACSHA256 hmacSHA256 = new HMACSHA256();
HttpContext ctx = HttpContext.Current;
HttpResponseMessageProperty property = new HttpResponseMessageProperty();
List<string> messages = new List<string>();
[WebMethod(Description = "Checks Credits for clients. Returns 'Ok' if report status is above. ")]
[SoapHeader("Authentication", Required = true, Direction = SoapHeaderDirection.InOut)]
public XmlDocument CreditCheck(string APIUserName, string APIPassword, int userReferenceId, string Countrycode, string CellNumber, decimal withdrawAmount, short iBookmakerId)
{
int iAccountId = -1;
int iWebServiceUserId = -1;
int iSiteId = -1;
//Here you check if if the token matches with what you have stored in your webconfig, something similar.
if (Authentication.Signature != null)
{
if (!Authentication.Signature.Equals(sSignature) || Authentication.Signature == "")
{
string message = "Signature" + " " + Authentication.Signature + " " + " mismatch.";
XmlDocument sResponse = HelperClass.CreateResponseSignature(message.ToString());
return sResponse;
}
if (String.IsNullOrEmpty(Authentication.MessageID))
{
string message = "No messageID Supplied";
XmlDocument sResponse = HelperClass.CreateResponseSignature(message.ToString());
return sResponse;
}
}
else
{
string message = "No $Signature supplied in the Hearder" + " " + Authentication.Signature;
XmlDocument sResponse = HelperClass.CreateResponseSignature(message.ToString());
return sResponse;
}
}
}
Class for Soapheader
public class Metadata : SoapHeader
{
public string Signature;
public string MessageID;
}
None
0 Points
3 Posts
ASP.NET web service UsernameToken Authentication
Mar 17, 2019 07:12 PM|DevD|LINK
Hi All,
I am trying to implement UsernameToken authentication on ASMX web service something similar to below example, username and password should be sent in secured soap header. I found the code only from client side(how to consume the service). But I want to implement it on the service side. Any suggestions?
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken wsu:Id="UsernameToken-1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<wsse:Username>[user]</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">[Password]</wsse:Password>
</wsse:UsernameToken>
</wsse:Security>
</soapenv:Header>
Thanks in advance.
Contributor
3500 Points
1300 Posts
Re: ASP.NET web service UsernameToken Authentication
Mar 18, 2019 01:40 AM|Ackerly Xu|LINK
Hi DevD,
wsse:Security belongs to ws-security , it is not only about add header and asmx doesn't implement this feature.
Maybe you could try Web Services Enhancements (WSE). https://stackoverflow.com/questions/2527029/ws-security-using-the-asmx-file-in-asp-net-3-5
But you had better use wcf , it has build-in support for ws-security.
https://docs.microsoft.com/en-us/dotnet/framework/wcf/feature-details/common-security-scenarios
Best regards,
Ackerly Xu
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
Member
102 Points
287 Posts
Re: ASP.NET web service UsernameToken Authentication
Apr 01, 2019 07:42 AM|tonyR6|LINK
Hi there DevD,
thanks for posting it here, surely i have implemented something similar. So i had to put signature for every request in the header. You could use Metadata to get what you looking for example.
public class TransactionService : System.Web.Services.WebService { public Metadata Authentication = new Metadata(); public MetadataVoucherValidate ValidateVoucherMeta = new MetadataVoucherValidate(); HMACSHA256 hmacSHA256 = new HMACSHA256(); HttpContext ctx = HttpContext.Current; HttpResponseMessageProperty property = new HttpResponseMessageProperty(); List<string> messages = new List<string>(); [WebMethod(Description = "Checks Credits for clients. Returns 'Ok' if report status is above. ")] [SoapHeader("Authentication", Required = true, Direction = SoapHeaderDirection.InOut)] public XmlDocument CreditCheck(string APIUserName, string APIPassword, int userReferenceId, string Countrycode, string CellNumber, decimal withdrawAmount, short iBookmakerId) { int iAccountId = -1; int iWebServiceUserId = -1; int iSiteId = -1; //Here you check if if the token matches with what you have stored in your webconfig, something similar. if (Authentication.Signature != null) { if (!Authentication.Signature.Equals(sSignature) || Authentication.Signature == "") { string message = "Signature" + " " + Authentication.Signature + " " + " mismatch."; XmlDocument sResponse = HelperClass.CreateResponseSignature(message.ToString()); return sResponse; } if (String.IsNullOrEmpty(Authentication.MessageID)) { string message = "No messageID Supplied"; XmlDocument sResponse = HelperClass.CreateResponseSignature(message.ToString()); return sResponse; } } else { string message = "No $Signature supplied in the Hearder" + " " + Authentication.Signature; XmlDocument sResponse = HelperClass.CreateResponseSignature(message.ToString()); return sResponse; } } }Class for Soapheader
public class Metadata : SoapHeader { public string Signature; public string MessageID; }hope it helps,
kind regards
Tony