Research of SOAP Message Security Model on Web Services - Advanced Research on Computer Education, Simulation and Modeling

Information Technology Reference

In-Depth Information

Method of SOAP Message Signature with Username and Password. The process

mentioned above achieved the identification of Web service, but it can't guarantee

that the SOAP message Web service received is the very one sent by declared user.

Therefore, in practical use, the caller needs to signature on SOAP message and send

the signature out together with message: after receiving the message, apart from

authenticating the users, the server needs to do a certification to the signature, so as to

make sure that the message has not been changed when transmitted, and the users be

authenticated are those who signature on messages.

Client:

It only needs to add signature to the original SOAP message. The code is as

follows:

DnsClient.RepuestSoapContext.Security.Tokens.Add

(untoken);

dnsClient.RepuestSoapContext.Security.Elements.Add(newM

essageSignature (untoken));

// call Web service

String return Text = dnsClient.UsernameSayHello();

String returnIPAddress = dnsClient.GetIPforHostname

(txtDNSName);

The code mentioned above is a signature generated according to Username Token,

and then to add the signature into SOAP message. Specifically, it is the SOAP header

extended by WS-Security.

Server:

Firstly, server authenticates the username and password, then to authenticate the

signature by using the username transmitted by Client and its password (WSE

automatically obtained from the Windows Active Directory, or by the overloading the

Authenticate Token). If the validation fails, it means that message is changed during

transmission process or is not signed by the current calling user, returning to the

corresponding error.

Methods of SOAP Encryption and Decryption with Username and Password.

We've mentioned above, if the password of Username Token is express, then it is

better to encrypt the Username Token. To change the code of client as follows:

dnsClient.RepuestSoapContext.Security.Tokens.Add

(untoken);

dnsClient.RepuestSoapContext.Security.Elements.Add

(newMicrosoft.Web.Services.Security.encryptedData

(untoken));

//call the Web service

String returnText = dnsClient.UsernameSayHello ();

String returnIPAddress = dnsClient.GetIPforHostname

(txtDNSName);

The code mentioned above is the user to encrypt the SOAP message according to

Username Token and then add the cipher text in SOAP message, specifically, it is

SOAP header extended by WS-Security.

Advanced Research on Computer Education, Simulation and Modeling

Search WWH ::

Custom Search

Home