ws-security

问题 I have a ASMX web service (SOAP 1.1) that requires to sign all SOAP requests with certificate (private key) using WS-Security. When the ASMX service receives the request, it will authenticate it using the public key of the certificate. After the operation is done, the response sent back to the client will not be signed! That's the security requirements... I've created the proxy via 'Add Service Reference' and the client's app.config: <?xml version="1.0" encoding="utf-8"?> <configuration>

问题 I have a peculiar problem when calling a web service that expects the message to be signed using WS-Security. If I call using my client application (using Apache CXF) I get a HTTP 500 error message: *Certificate not found* (from client) while if I call the same service using SoapUI, configured for signing with the same key and key-store, it works as expected. I noticed that the <KeyInfo> part of the call differs between CXF and SoapUI. With CXF (as below) the KeyInfo is a lot more detailed

问题 After few days of google -ing/trying/loosing hair I still can't find solution for this so please help :) Short info: I need to work with WCF service from PHP (SOAP client). It uses wsHttpBinding (ws-security) and there is no way to set basicHttpBinding. Everything is behind VPN so I can't offer you link to webservice. Also data is considered secret (request from client) so I can't give you full info, only some "common" things. Here is WS config: <configuration> <system.serviceModel> <bindings

问题 After few days of google -ing/trying/loosing hair I still can't find solution for this so please help :) Short info: I need to work with WCF service from PHP (SOAP client). It uses wsHttpBinding (ws-security) and there is no way to set basicHttpBinding. Everything is behind VPN so I can't offer you link to webservice. Also data is considered secret (request from client) so I can't give you full info, only some "common" things. Here is WS config: <configuration> <system.serviceModel> <bindings

问题 We need to consume a SOAP 1.1 Web Service, developed using Java, from within a C#/.Net 4.0 application. We have no access to the service programming or the server it resides on. The service is exposed over a non SSL connection and requires WS-Security, Username/PasswordText. Using SoapUI (http://soapui.org/) we are able to consume the web service simply by creating a project, pointing it to the WSDL and setting up a simple Username/PasswordText WS-Security configuration. The issue is that we

问题 I have a WCF client/service app that relies on secure communication between two machines and I want to use use x509 certificates installed in the certificate store to identify the server and client to each other. I do this by configuring the binding as <security authenticationMode="MutualCertificate"/> . There is only client machine. The server has a certificate issued to server.mydomain.com installed in the Local Computer/Personal store and the client has a certificate issued to client

问题 <?xml version="1.0" encoding="utf-8"?> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="http://tempuri.org/" xmlns:types="http://tempuri.org/encodedTypes" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soap:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soap:mustUnderstand="1">

问题 I have a proxy service which needs to call a exernal service with ws security. I have to call the service, and based on the response, I need to extract some information and then call a data service to update the database. As I get the response and create the payload to call the data service it is also having the ws security header which ends up in an exception. I have used <header action="remove" name="wsse:Security" scope="default" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis

问题 I'm using security interceptors with Apache CXF WSS4JInInterceptor . Is there any way to pass data from interceptor to webservice? I've been searching for that in WebServiceContext but I can't find it. 回答1: You can use the CXF Exchange Map to store arbitrary key/value pairs. The Exchange is available to both input and output messages. In your interceptor, add the object to the Exchange, e.g. Object value = ...; message.getExchange().put("key", value); Within your service, you can use

问题 I have tried using soapUI to test, however it does not support wsHttpBinding when security is enabled. soapUI does work when using wsHttpBinding and security is none. We also tried out the WCF Storm, which does work and we can load our our client config file, however we are looking at other alternatives to WCF Storm. Are there any other tools which are similar to soapUI, which SO recommends and that will work with the above configurations? 回答1: wsHttpBinding is just Microsoft's obscure naming